Share via

eventlog service stops in Win10 version 2004 when calling API function CloseEventLog()

Asplund, Rickard 11 Reputation points
2020-10-12T12:38:41.393+00:00

I just upgraded to Windows 10 verison 2004 when I stumbled upon a critical problem.
Reproduce: In EventVwr, select some Windows Application log events, save them to a file (Save Selected Events...).
In C++ (Visual Studio 2017) create a program opening the saved event log file with
HANDLE hEventLog = OpenBackupEventLog( NULL, <the file name>);
When calling CloseEventLog(hEventLog); the eventlog service stops!!!

This functionality have been working in older Windows version (XP,7,Servers, 10) but not in latest Windows 10 version 2004.
I reproduced it in version 2004 OS Build 19041.508 and 450.

(I reported this in the FeedbackHub application 2 weeks ago but no response)

/Rickard Asplund

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,523 questions
C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
3,637 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. David Lowndes 4,711 Reputation points
    2020-10-12T13:26:38.18+00:00

    I've just tried a trivial example and can't reproduce what you say in the latest Insider preview build (20231). 

    #include <Windows.h>

int main()
{
    HANDLE hEvtLog = OpenBackupEventLog( NULL, ...path to a  .evtx file here );
    if ( hEvtLog != NULL )
    {
        CloseEventLog( hEvtLog );
    }
}
    0 comments