Export (0) Print
Expand All

EvtRender function

Renders an XML fragment based on the rendering context that you specify.

Syntax


BOOL WINAPI EvtRender(
  _In_   EVT_HANDLE Context,
  _In_   EVT_HANDLE Fragment,
  _In_   DWORD Flags,
  _In_   DWORD BufferSize,
  _In_   PVOID Buffer,
  _Out_  PDWORD BufferUsed,
  _Out_  PDWORD PropertyCount
);

Parameters

Context [in]

A handle to the rendering context that the EvtCreateRenderContext function returns. This parameter must be set to NULL if the Flags parameter is set to EvtRenderEventXml or EvtRenderBookmark.

Fragment [in]

A handle to an event or to a bookmark. Set this parameter to a bookmark handle if the Flags parameter is set to EvtRenderBookmark; otherwise, set to an event handle.

Flags [in]

A flag that identifies what to render. For example, the entire event or specific properties of the event. For possible values, see the EVT_RENDER_FLAGS enumeration.

BufferSize [in]

The size of the Buffer buffer, in bytes.

Buffer [in]

A caller-allocated buffer that will receive the rendered output. The contents is a null-terminated Unicode string if the Flags parameter is set to EvtRenderEventXml or EvtRenderBookmark. Otherwise, if Flags is set to EvtRenderEventValues, the buffer contains an array of EVT_VARIANT structures; one for each property specified by the rendering context. The PropertyCount parameter contains the number of elements in the array.

You can set this parameter to NULL to determine the required buffer size.

BufferUsed [out]

The size, in bytes, of the caller-allocated buffer that the function used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.

PropertyCount [out]

The number of the properties in the Buffer parameter if the Flags parameter is set to EvtRenderEventValues; otherwise, zero.

Return value

Return code/valueDescription
TRUE

The function succeeded.

FALSE

The function failed. Call the GetLastError function to get the error code.

 

Remarks

There is a one-to-one relationship between the array of XPath expressions that you specified when you called the EvtCreateRenderContext function and the array the values returned in the buffer.

When an EVT_HANDLE from this function is used in the EvtRender function, the list of values that is returned by that function consists of an array of EVT_VARIANT structures, each corresponding to exactly one of the XPATH expressions in the original ValuePaths parameter array in order of appearance. Each such EVT_VARIANT structure contains the value that is identified by its corresponding XPATH expression for the event that is being rendered. If no value is found, the EVT_VARIANT structure contains NULL. If multiple values are present, the EVT_VARIANT structure will contain the first value encountered.

Be careful when comparing floating-point numbers in XPath queries. Any string representation of a floating-point number is approximated, so the value displayed in XML might not match the number stored with the event. Floating-point numbers should be compared as being less than or greater than a constant.

Examples

For an example that shows how to use this function, see Rendering Events and Bookmarking Events.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

WinEvt.h

Library

Wevtapi.lib

DLL

Wevtapi.dll

See also

EvtCreateRenderContext

 

 

Community Additions

ADD
Show:
© 2014 Microsoft