internal List <dynamic> ReadServiceControlManagerLogsRaw()
{
List <dynamic> ret = new List <dynamic>();
string query = $"Select * From Win32_NTLogEvent WHERE LogFile='System' And (EventCode=12 Or EventCode=7009 or EventCode=7000 or EventCode=7036 or EventCode=7031)";
int n = 0;
using (ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(query))
{
foreach (ManagementBaseObject wmiRow in managementObjectSearcher.Get())
{
var message = Convert.ToString(wmiRow["Message"]);
var code = Convert.ToInt64(wmiRow["EventCode"]);
var timeGenerated = Convert.ToString(wmiRow["TimeGenerated"]);
var data = wmiRow["Data"];
var dataType = data?.GetType().ToString() ?? "null";
var bytes = data == null ? "<null>" : string.Join(",", ((Byte[])data).Select(x => x));
var type = wmiRow["Type"];
var recordNumber = Convert.ToInt64(wmiRow["RecordNumber"]);
WmiUtils.TryParseWmiDateTime(timeGenerated, out var dateTime);
ret.Add(new
{
Type = type,
RecordNumber = recordNumber,
EventCode = code,
Message = message,
TimeGeneratedRaw = timeGenerated,
TimeGenerated = dateTime,
DataType = dataType,
Data = data,
DataAsBytes = bytes,
DataAsAscii = AsAscII((byte[])data),
Parameteters = ParseParameters((byte[])data)
});
if (n++ % 100 == 0)
{
Console.Write(".");
}
}
}
ret = ret.OrderByDescending(x => (long)x.RecordNumber).ToList();
return(ret);
}
internal static bool TryParseWmiDate(string dmtfDate, out DateTime value)
{
try
{
if (dmtfDate.Length != 8)
{
if (dmtfDate.Length > 9)
{
if (dmtfDate[8] != '.')
{
goto label_5;
}
}
else
{
goto label_5;
}
}
value = new DateTime(Int32.Parse(dmtfDate.Substring(0, 4)), Int32.Parse(dmtfDate.Substring(4, 2)), Int32.Parse(dmtfDate.Substring(6, 2)));
return(true);
}
catch
{
}
label_5:
try
{
bool wmiDateTime = WmiUtils.TryParseWmiDateTime(dmtfDate, out value);
value = new DateTime(value.Year, value.Month, value.Day);
return(wmiDateTime);
}
catch
{
}
value = DateTime.MinValue;
return(false);
}