python不用win32api获得windows日志的代码
来源:互联网 发布:windows官网镜像 编辑:程序博客网 时间:2024/06/05 20:12
分享一个不用win32api获得windows日志的python程序(怪无聊的了)。现在还不是很成熟,少一些日志中的细枝末节。
import copyimport ctypesfrom ctypes import byref, POINTER, cast, c_uint64, c_ulong, c_char_p, c_wchar_pfrom ctypes.wintypes import BOOL, DWORD, HANDLE, LPVOID, WORD, HKEY, LONG, PHKEY, LPSTR, PDWORDimport datetimec_uint64_p = POINTER(c_uint64)c_int_p = POINTER(c_ulong)LPDWORD = ctypes.POINTER(DWORD)advapi32 = ctypes.CDLL("advapi32")def openEventLog(computer=None, channel="Application"): param_oel = ((1, 'lpUNCServerName'),(1, 'lpSourceName')) _openEventLog = ctypes.WINFUNCTYPE(HANDLE, ctypes.c_wchar_p, ctypes.c_wchar_p) openEventlog = _openEventLog(('OpenEventLogW', advapi32), param_oel) h = openEventlog(computer, channel) return hdef readEventLog(h, flag=9, offset=0): class EVENTLOGRECORD(ctypes.Structure): _fields_ = [ ('Length', DWORD),('Reserved', DWORD),('RecordNumber',DWORD),('TimeGenerated',DWORD), ('TimeWritten',DWORD),('EventID',DWORD),('EventType', WORD),('NumStrings', WORD),('EventCategory',WORD), ('ReservedFlags',WORD),('ClosingRecordNumber',DWORD),('StringOffset',DWORD),('UserSidLength',DWORD), ('UserSidOffset',DWORD),('DataLength',DWORD),('DataOffset',DWORD)] lpBuffer = ctypes.create_string_buffer(5600) # 没找到释放方法(自动释放?) param_rel = ((1, 'hEventLog'), (1, 'dwReadFlags'), (1, 'dwRecordOffset'), (2, 'lpBuffer', lpBuffer),(1, 'nNumberOfBytesToRead', 5600), (2, 'pnBytesRead'),(2, 'pnMinNumberOfBytesNeeded'))#第五个参数默认值怎么设置合适 _readEventLog = ctypes.WINFUNCTYPE(BOOL, HANDLE, DWORD, DWORD, LPVOID, DWORD, LPDWORD, LPDWORD) readEventLog = _readEventLog(('ReadEventLogW', advapi32), param_rel) events = readEventLog(h, flag, 0) eventlist = [] max_count = events[1] p = events[0] length = 0 while max_count > length: p1 = c_char_p(p[length:length+56]) pevent = cast(p1, POINTER(EVENTLOGRECORD)) if not pevent[0].Length: break length += pevent[0].Length eventlist.append(pevent[0]) return eventlistdef closeEventLog(hevent): param_rel = ((1, 'hEventLog'),) _closeEventLog = ctypes.WINFUNCTYPE(BOOL, HANDLE) closeEventLog = _closeEventLog(('ReadEventLogW', advapi32), param_rel) return Truedef getNumberOfEventLogRecords(hevent): param_rel = ((1, 'hEventLog'), (2, 'NumberOfRecords')) _getNumberOfEventLogRecords = ctypes.WINFUNCTYPE(BOOL, HANDLE, LPDWORD) getNumberOfEventLogRecords = _getNumberOfEventLogRecords(('GetNumberOfEventLogRecords', advapi32), param_rel) return getNumberOfEventLogRecords(hevent)def lookupAccountSid(computer, sid): ''' restype: domain, username, account_type''' sid = str(sid) cchName = DWORD(255) cchReferencedDomainName = DWORD(255) try: NameBuff = ctypes.create_unicode_buffer(255) DomainBuff = ctypes.create_unicode_buffer(255) paramflags = ((1, 'lpSystemName'), (1, 'lpSid'), (2, 'lpName', NameBuff), (1, 'cchName', byref(cchName)), (2, "lpReferencedDomainName", DomainBuff), (1, "cchReferencedDomainName", byref(cchReferencedDomainName)), (2, "peUse")) pass _LookupAccountSid = ctypes.WINFUNCTYPE(BOOL, c_wchar_p, c_wchar_p, c_wchar_p, LPDWORD, c_wchar_p, LPDWORD, c_int_p) _LookupAccountSid = _LookupAccountSid(('LookupAccountSidW', advapi32), paramflags) except AttributeError as e: NameBuff = ctypes.create_string_buffer(255) DomainBuff = ctypes.create_string_buffer(255) paramflags = ((1, 'lpSystemName'), (1, 'lpSid'), (2, 'lpName', NameBuff), (1, 'cchName', 255), (2, "lpReferencedDomainName", DomainBuff), (1, "cchReferencedDomainName", 255), (2, "peUse")) _LookupAccountSid = ctypes.WINFUNCTYPE(BOOL, c_char_p, c_char_p, c_char_p, LPDWORD, c_char_p, LPDWORD ,c_int_p) _LookupAccountSid = _LookupAccountSid(('LookupAccountSidA', advapi32), paramflags)# def _LookupAccountSid_errcheck(result, func, args): # if not result: # raise ctypes.WinError() # return args[2].value, args[1].value, args[3].value# # _LookupAccountSid.errcheck = _LookupAccountSid_errcheck return _LookupAccountSid(computer, sid)def regEnumKeyEx(hKey): lpName = ctypes.create_unicode_buffer(255) paramflags = ((1, 'hKey'), (1, 'dwIndex'), (2, 'lpName', lpName), (1, 'ccnName', 255)) _regEnumKey = ctypes.WINFUNCTYPE(LONG, HKEY, DWORD, c_wchar_p, DWORD) regEnumKey = _regEnumKey(('RegEnumKeyW', advapi32), paramflags) list1 = [] i = 0 s = '' while True: keyname = regEnumKey(hKey, i) if keyname.value != s: list1.append(keyname.value) s = keyname.value else: break i += 1 return list1def regOpenKey(hKey, lpSubKey, ulOptions, samDesired): param_rel = ((1, 'hKey'), (1, 'lpSubKey'), (1, 'ulOptions'), (1, 'samDesired'), (2, 'phkResult')) _regOpenKeyEx = ctypes.WINFUNCTYPE(LONG, HKEY, c_wchar_p, DWORD, c_ulong, PHKEY) regOpenKeyEx = _regOpenKeyEx(('RegOpenKeyExW', advapi32), param_rel) return regOpenKeyEx(hKey, lpSubKey, ulOptions, samDesired)def getNumberOfEventLogRecords(hevent): param_rel = ((1, 'hEventLog'), (2, 'NumberOfRecords')) _getNumberOfEventLogRecords = ctypes.WINFUNCTYPE(BOOL, HANDLE, PDWORD) getNumberOfEventLogRecords = _getNumberOfEventLogRecords(('GetNumberOfEventLogRecords', advapi32), param_rel) return getNumberOfEventLogRecords(hevent)#def _LookupAccountSid_errcheck(result, func, args): # if result != 0: # raise ctypes.WinError() # return args#''#readEventLog.errcheck = _LookupAccountSid_errcheckif __name__ == "__main__": import pprint h = openEventLog() print(h) for i in readEventLog(h): print(i.Length, i.Reserved, i.RecordNumber, i.TimeGenerated, i.TimeWritten, i.EventID, i.EventType, i.NumStrings, i.EventCategory, i.ReservedFlags, i.ClosingRecordNumber, i.StringOffset, i.UserSidLength, i.UserSidOffset, i.DataLength, i.DataOffset)
有问题可以qq827893047联系我,或者这个qq的邮箱发给我。
0 0
- python不用win32api获得windows日志的代码
- python win32api
- Windows编程 Win32API中常见的数据类型
- Windows NT/2000下不用驱动的Ring0代码实现
- Windows NT/2000下不用驱动的Ring0代码实现
- windows下写日志文件的代码
- Python调用win32api
- Python 下载win32api 模块
- 不用缩进的python
- 关于python提示no module named win32api问题的解决
- python import win32api报错问题的解决
- python scrapy 报错 no module named win32api 的解决方案
- C#代码获得windows服务的安装目录
- [python] 获得网站的标题, 非常简单的代码
- windows编译xgboost-python,不用vs编译
- 使用Python玩转WMI进行Win32api/com进行Windows编程开发
- python win32api 使用小技巧
- python win32api 使用小技巧
- 基于CC2530的温湿度传感器和基于C#的应用界面设计
- Opencv Mat与Iplimage的相互转换
- 日本亚马逊海淘经验-2015
- USB-OTG
- Android VCard联系人备份恢复(导入/导出)详解
- python不用win32api获得windows日志的代码
- Open edX 学习、开发、运维相关链接整理
- 【剑指offer】之整数中1出现的次数
- 4.python学习笔记:python多线程下的threading模块
- Boost for Mac安装
- Oracle redo与undo浅析
- maven+jetty+spring的jndi配置
- 使用三元运算符判断奇偶数
- SpringMVC_参数绑定2