Export (0) Print
Expand All
Expand Minimize Query Sequencing

Queries begin with a client application calling the EvtRpcRegisterLogQuery (section method, which returns a handle of type CONTEXT_HANDLE_LOG_QUERY.

The client application can then use the handle for subsequent calls to the EvtRpcQueryNext (section method or the EvtRpcQuerySeek (section method.

The application then closes the handle at the end of the query using EvtRpcClose.

Note that there is also a CONTEXT_HANDLE_OPERATION_CONTROL handle returned by EvtRpcRegisterLogQuery. The sequencing and use of these handles are specified in section

© 2014 Microsoft