none
ReadEventLog() API fails with Error Code 87

    Question

  • Hi All,

    My application reads and displays system event logs. The ReadEventLog() API fails with the error code as 87 which means "The parameter is incorrect". Although all the parameters passed to the API are valid but still the failure.


    Please find the below code used to invoke the API -

    ::ReadEventLog(m_hEventLogHandle,EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ, 
                l_dwLogCounter, l_pEvntLogRecord, BUFFER_SIZE, &l_dwReadBytes, &l_dwNeedBytes);

    where,
     m_hEventLogHandle is a HANDLE to a earlier successfully opened system event log
     DWORD l_dwLogCounter is equal to record number that is to be read.
     l_pEvntLogRecord is a pointer to buffer
     BUFFER_SIZE is the size of the buffer which is large enough to get the data
     DWORD l_dwReadBytes returns the bytes read
     DWORD l_dwNeedBytes returns the bytes need if the buffer is not large enough

    The failure is seen for a random record .i.e. first few record reads are successfull and then for a record the read fails. This failure then remains consistent .i.e. later if we try reading this record again the failure shows up. 

    There is also another weird behavior observed which is when we try to read the latest record then ReadEventLog() returns some random record, the latest ones are never read. Also this behavior has only been seen when log size is more then 2 MB.

    I came across the below link where microsoft has confirmed this behavior as a known bug.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;177199

    The article says that the information applies to Windows NT 4.0. My application is running on 32-bit WinXP Professional with SP2. Is it to be assumed by default that this bug has not been fixed in WinXP as well or is there anyway to confirms that this bug has not been fixed in WinXP.i.e. any link to web page or kb?

    Thanks in advance.

    Regards,
    Santosh.

    • Edited by Santosh M P Wednesday, April 21, 2010 2:42 PM Added sample code
    Wednesday, April 21, 2010 5:50 AM

All replies

  • Hi All,

    My application reads and displays system event logs. The ReadEventLog() API fails with the error code as 87 which means "The parameter is incorrect". Although all the parameters passed to the API are valid but still the failure.

    **********

    Please find the below code used to invoke the API -

    ::ReadEventLog(m_hEventLogHandle,EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ, 
                l_dwLogCounter, l_pEvntLogRecord, BUFFER_SIZE, &l_dwReadBytes, &l_dwNeedBytes);

    where,
     m_hEventLogHandle is a HANDLE to a earlier successfully opened system event log
     DWORD l_dwLogCounter is equal to record number that is to be read.
     l_pEvntLogRecord is a pointer to buffer
     BUFFER_SIZE is the size of the buffer which is large enough to get the data
     DWORD l_dwReadBytes returns the bytes read
     DWORD l_dwNeedBytes returns the bytes need if the buffer is not large enough

    The failure is seen for a random record .i.e. first few record reads are successfull and then for a record the read fails. This failure then remains consistent .i.e. later if we try reading this record again the failure shows up. 

    There is also another weird behavior observed which is when we try to read the latest record then ReadEventLog() returns some random record, the latest ones are never read. Also this behavior has only been seen when log size is more then 2 MB.

    ************

    I came across the below link where microsoft has confirmed this behavior as a known bug.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;177199

    The article says that the information applies to Windows NT 4.0. My application is running on 32-bit WinXP Professional with SP2. Is it to be assumed by default that this bug has not been fixed in WinXP as well or is there anyway to confirms that this bug has not been fixed in WinXP.i.e. any link to web page or kb?

    Thanks in advance.

    Regards,
    Santosh.

    • Edited by Santosh M P Wednesday, April 21, 2010 2:44 PM Updated source code
    • Merged by Yi Feng Li Thursday, April 22, 2010 6:02 AM Same question
    Tuesday, April 20, 2010 1:34 PM
  • No you should never assume that the bug hasn't been fixed. As the article says, it is only a bug in Windows NT 3.51 and 4. Windows NT 5 onwards aren't listed as being affected.

    What you should do is actually ask this question in the Windows SDK forum, since this is a Windows API issue, and this forum is for questions about the Microsoft Implementation of the C++ language. And when you ask the question provide sample code which produces the result you are having. This way, people who know the Windows API could point out possible problems or even confirm that this is still a bug in newer NT based operating systems.


    Visit my (not very good) blog at http://c2kblog.blogspot.com/
    Tuesday, April 20, 2010 1:56 PM
  • It would help if you can post the code of your actual API call with parameters.
    «_Superman_»
    Microsoft MVP (Visual C++)
    Tuesday, April 20, 2010 4:40 PM
  • Hi crescens2k

    Thanks for your reply.

    As suggested I have posted my question to the Windows SDK forum.

    I have updated the source code.

    Regards,

    Santosh.

     

     

    Wednesday, April 21, 2010 2:43 PM
  • Hi __Superman__,

    Thanks for your response.

    I have updated the post with the sample code.

    Regards,

    Santosh.

     

     

    Wednesday, April 21, 2010 2:45 PM
  • What is the value in l_dwLogCounter?

    You could try a smaller value.


    «_Superman_»
    Microsoft MVP (Visual C++)
    Wednesday, April 21, 2010 3:14 PM