{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 孤傲高冷的网名 的问题《EvtArchiveExportedLog fails with ERROR_DIRECTORY》','https://www.manongdao.com/q-799132.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I need to export some events from Windows Event Log to XML on Windows Server 2008 R2. To achieve it I export these events to a file using EvtExportLog and then try to use EvtArchiveExportedLog to get localized descriptions for events. Here's the sample:
EvtExportLog( 0, 0, query, logFileName, EvtExportLogChannelPath );
EvtArchiveExportedLog( 0, logFileName, 0, 0 );
EvtExportLog function succeeds and creates .evtx file but EvtArchiveExportedLog constantly fails with ERROR_DIRECTORY error code. I have no idea what the reason of such behaviour is.
It seems that I've found the reason.
EvtArchiveExportedLogmakes an RPC call to svchost.exe which hosts eventlog service. This service tries to create a file in "%windir%\ServiceProfiles\LocalService\AppData\Local\Temp" folder, fails withERROR_ACCESS_DENIEDcode and returnsERROR_DIRECTORYto RPC client. So far as RPC server impersonates client, the solution is to grant access privileges to the calling thread.