Search code examples
c++windowswinapievent-log

Access violation error while using EvtSetChannelConfigProperty() function

I'm trying to update the maximum log file size using the EvtSetChannelConfigProperty() function. I get an Access violation when I run the program.

I'm running Visual studio in Administrator mode. Still it shows an access violation.

I've added the <winevt.h> header file:

PEVT_VARIANT value;
UINT64 val = 30000000;
value = PEVT_VARIANT(val);

EVT_HANDLE hlog = EvtOpenChannelConfig(NULL,L"Application",0);
BOOL check = EvtSetChannelConfigProperty(hlog,EvtChannelLoggingConfigMaxSize, 0, value);

Why is it that I get an error saying access violation reading the location?

Error:

'Windows_API.exe' (Win32): Loaded 
'C:\Users\Administrator\source\repos\Windows_API\x64\Debug\Windows_API.exe'. 
 Symbols loaded.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\ntdll.dll'. Cannot 
 find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\kernel32.dll'. Cannot 
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\KernelBase.dll'. 
Cannot find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\apphelp.dll'. Cannot 
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\advapi32.dll'. Cannot 
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\msvcrt.dll'. Cannot 
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\sechost.dll'. Cannot 
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\rpcrt4.dll'. Cannot 
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\msvcp140d.dll'. 
Cannot find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\ucrtbased.dll'. 
Cannot find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\vcruntime140d.dll'. 
Cannot find or open the PDB file.
'Windows_API.exe' (Win32): Unloaded 'C:\Windows\System32\vcruntime140d.dll'
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\vcruntime140d.dll'. 
Cannot find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\wevtapi.dll'. Cannot 
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\bcrypt.dll'. Cannot 
find or open the PDB file.
Exception thrown at 0x00007FFBB52C6749 (wevtapi.dll) in Windows_API.exe: 
0xC0000005: Access violation reading location 0x0000000001C9C38C.

The program '[7672] Windows_API.exe' has exited with code 0 (0x0).
Solution

  • value is an uninitialized pointger that points nowhere. Therefore your program crashes when EvtSetChannelConfigProperty tries to dereference that pointer.

    You probably want something like this:

    EVT_VARIANT value;
value.Count = 0;
value.Type = EvtVarTypeUInt64;
value.UInt64Val = 3000000;

EVT_HANDLE hlog = EvtOpenChannelConfig(NULL, L"Application", 0);
BOOL check = EvtSetChannelConfigProperty(hlog, EvtChannelLoggingConfigMaxSize, 0, &value);

    BTW you don't need to be in adminitrator mode for this.