c++ - Compiler error while trying to read evtx file? -
i getting compiler error _t identifier not found..kindly me in resolving error?? want make program in c?? first resolving errors can debug , watch flow?? compiling on vs 2008
#include <iostream> #include <fstream> using namespace std; typedef unsigned long ulong; typedef struct _eventlogheader { ulong headersize; ulong signature; ulong majorversion; ulong minorversion; ulong startoffset; ulong endoffset; ulong currentrecordnumber; ulong oldestrecordnumber; ulong maxsize; ulong flags; ulong retention; ulong endheadersize; } eventlogheader, *peventlogheader; typedef unsigned long dword; typedef unsigned short word; typedef struct _eventlogrecord { dword length; dword reserved; dword recordnumber; dword timegenerated; dword timewritten; dword eventid; word eventtype; word numstrings; word eventcategory; word reservedflags; dword closingrecordnumber; dword stringoffset; dword usersidlength; dword usersidoffset; dword datalength; dword dataoffset; } eventlogrecord, *peventlogrecord; void main() { ifstream file; file.open("c:\windows\system32\winevt\logs\\application.evtx",ios::in|ios::binary); if(file.is_open()){ _eventlogheader logheader; _eventlogrecord logrecord; //reading header file.read((char*)&logheader,sizeof(_eventlogheader)); int startoflog; //loop on every record for(unsigned int numberfile=0;numberfile < logheader.currentrecordnumber -1;numberfile++){ //save position startoflog = file.tellg(); //read log record file.read((char*)&logrecord,sizeof(_eventlogrecord)); /******************************************************* here other information (section 'remarks' on 'eventlogrecord structure' link ********************************************************/ //reading sourcename wchar_t buffdata; wstring sourcename; file.read((char*)&buffdata,sizeof(wchar_t)); while(buffdata!=_t('\0')){ sourcename.push_back(buffdata); file.read((char*)&buffdata,sizeof(wchar_t)); } //reading computer name wstring computername; file.read((char*)&buffdata,sizeof(wchar_t)); while(buffdata!=_t('\0')){ computername.push_back(buffdata); file.read((char*)&buffdata,sizeof(wchar_t)); } //sets position sid offset int readcursor = startoflog + logrecord.usersidoffset; file.seekg(readcursor); char * usersid = null; if(logrecord.usersidlength != 0) { usersid = (pchar)malloc(logrecord.usersidlength); file.read(usersid,logrecord.usersidlength); //reading sid //here can work on sid (but need win32 api).if need it, show how deal sid free(usersid); } //sets position strings offset readcursor = startoflog + logrecord.stringoffset; file.seekg(readcursor); wstring buffstring; vector<wstring> allstrings; //reading strings for(int i=0; i< logrecord.numstrings; i++) { file.read((char*)&buffdata,sizeof(wchar_t)); while(buffdata!=_t('\0')){ buffstring.push_back(buffdata); file.read((char*)&buffdata,sizeof(wchar_t)); } allstrings.push_back(buffstring); buffstring.clear(); } //sets position data offset readcursor = startoflog + logrecord.dataoffset; file.seekg(readcursor); unsigned char *data = (unsigned char *)malloc(logrecord.datalength*sizeof(unsigned char)); file.read((char*)data,logrecord.datalength); //lecture des données //sets position end of log offset readcursor = startoflog + logrecord.length - sizeof(dword) ; file.seekg(readcursor); dword length; file.read((char*)&length,sizeof(dword)); //do want log record //clean before reading next log computername.clear(); sourcename.clear(); allstrings.clear(); free(data); } } }
_t windows-specific means of specifying either narrow character constant/string literal, or wide character constant/string literal, depending on project settings. requires appropriate #include directives not present in code, it's not compiler-defined macro.
however, don't need it. you're using in while(buffdata!=_t('\0')), buffdata has type wchar_t, independent of project settings. in case, use wide character constant: l'\0'.
Comments
Post a Comment