Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

EvtFormatMessage.py 3.3KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
  1. import sys
  2. import win32evtlog
  3. def main():
  4. path = "System"
  5. num_events = 5
  6. if len(sys.argv) > 2:
  7. path = sys.argv[1]
  8. num_events = int(sys.argv[2])
  9. elif len(sys.argv) > 1:
  10. path = sys.argv[1]
  11. query = win32evtlog.EvtQuery(path, win32evtlog.EvtQueryForwardDirection)
  12. events = win32evtlog.EvtNext(query, num_events)
  13. context = win32evtlog.EvtCreateRenderContext(win32evtlog.EvtRenderContextSystem)
  14. for i, event in enumerate(events, 1):
  15. result = win32evtlog.EvtRender(
  16. event, win32evtlog.EvtRenderEventValues, Context=context
  17. )
  18. print("Event {}".format(i))
  19. level_value, level_variant = result[win32evtlog.EvtSystemLevel]
  20. if level_variant != win32evtlog.EvtVarTypeNull:
  21. if level_value == 1:
  22. print(" Level: CRITICAL")
  23. elif level_value == 2:
  24. print(" Level: ERROR")
  25. elif level_value == 3:
  26. print(" Level: WARNING")
  27. elif level_value == 4:
  28. print(" Level: INFO")
  29. elif level_value == 5:
  30. print(" Level: VERBOSE")
  31. else:
  32. print(" Level: UNKNOWN")
  33. time_created_value, time_created_variant = result[
  34. win32evtlog.EvtSystemTimeCreated
  35. ]
  36. if time_created_variant != win32evtlog.EvtVarTypeNull:
  37. print(" Timestamp: {}".format(time_created_value.isoformat()))
  38. computer_value, computer_variant = result[win32evtlog.EvtSystemComputer]
  39. if computer_variant != win32evtlog.EvtVarTypeNull:
  40. print(" FQDN: {}".format(computer_value))
  41. provider_name_value, provider_name_variant = result[
  42. win32evtlog.EvtSystemProviderName
  43. ]
  44. if provider_name_variant != win32evtlog.EvtVarTypeNull:
  45. print(" Provider: {}".format(provider_name_value))
  46. try:
  47. metadata = win32evtlog.EvtOpenPublisherMetadata(provider_name_value)
  48. # pywintypes.error: (2, 'EvtOpenPublisherMetadata', 'The system cannot find the file specified.')
  49. except Exception:
  50. pass
  51. else:
  52. try:
  53. message = win32evtlog.EvtFormatMessage(
  54. metadata, event, win32evtlog.EvtFormatMessageEvent
  55. )
  56. # pywintypes.error: (15027, 'EvtFormatMessage: allocated 0, need buffer of size 0', 'The message resource is present but the message was not found in the message table.')
  57. except Exception:
  58. pass
  59. else:
  60. try:
  61. print(" Message: {}".format(message))
  62. except UnicodeEncodeError:
  63. # Obscure error when run under subprocess.Popen(), presumably due to
  64. # not knowing the correct encoding for the console.
  65. # > UnicodeEncodeError: \'charmap\' codec can\'t encode character \'\\u200e\' in position 57: character maps to <undefined>\r\n'
  66. # Can't reproduce when running manually, so it seems more a subprocess.Popen()
  67. # than ours:
  68. print(" Failed to decode:", repr(message))
  69. if __name__ == "__main__":
  70. main()