我正在尝试读取事件日志文件,我可以将文件发送到代码中,但是对于我尝试读取的文件,位于 “C:\Users\banvilb\Documents\Event Log\Test\BSN_Navigator.evt " , 显示“无效的文件格式”
下面代码片段中突出显示的 if 语句是显示该消息的原因,但我不明白为什么会出现该消息。
我在做什么导致它不读取文件。
如果您需要更多/其余代码告诉我,我会更新这篇文章
// Parse the file
public unsafe void Parse(string filename)
{
try
{
// Open the file
using (FileStream fs = new FileStream(filename, FileMode.Open))
{
// Use BinaryReader to read the file
using (BinaryReader br = new BinaryReader(fs))
{
//Read the header of the file
byte[] header = new byte[sizeof(EventLogHeader)];
br.Read(header, 0, header.Length);
EventLogHeader _h = new EventLogHeader(header);
// Validate the file
// **** The issue is here ****
if (!Validate(_h))
{
this.OnAction("Invalid file format.");
return;
}
//
int totalEvents = (int)(_h.NextIndex - 1);
this.OnAction(String.Format("Found {0} events", totalEvents));
// Read the items
EventLogEntry e;
int cnt = 0;
uint offset = _h.FooterOffset;
while (true)
{
byte[] buff = ReadEntry(br, ref offset);
e = ReadEntry(buff);
cnt++;
DateTime dt = GetTime(e.rec.TimeGenerated);
this.OnFoundRecord(
new object[] {
Enum.GetName(typeof(EventLogEntryType),e.rec.EventType),
dt.ToShortDateString(),
dt.ToShortTimeString(),
e.SourceName,
e.Strings,
e.rec.EventCategory,
e.rec.EventID,
e.UserSid,
e.Computername});
if (cnt % 200 == 0) this.OnProgress(cnt, totalEvents);
if (offset == 48)
break;
}
}
}
}
catch (Exception ex)
{
this.OnAction(String.Format("Error Occured! {0}", ex.Message));
}
return;
}