Last active
December 4, 2024 12:18
-
-
Save m417z/58d2fffd846c358b961f8c70d4f46c0d to your computer and use it in GitHub Desktop.
Check for DWM warnings, context: https://github.com/ramensoftware/windhawk-mods/pull/1293#discussion_r1868305153
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <winevt.h> | |
| bool HasDwminitWarningInLastMinute() { | |
| const WCHAR* queryPath = L"Application"; | |
| const WCHAR* query = | |
| L"*[System[Provider[@Name='Dwminit'] and (Level=3) and " | |
| L"TimeCreated[timediff(@SystemTime) <= 60000]]]"; | |
| EVT_HANDLE queryHandle = EvtQuery(nullptr, // Local machine | |
| queryPath, // Log path (Application log) | |
| query, // Query | |
| EvtQueryChannelPath // Query flags | |
| ); | |
| if (!queryHandle) { | |
| Wh_Log(L"EvtQuery failed with error: %u", GetLastError()); | |
| return false; | |
| } | |
| bool found = false; | |
| EVT_HANDLE eventHandle = nullptr; | |
| DWORD dwReturned = 0; | |
| constexpr DWORD kTimeout = 1000; | |
| if (EvtNext(queryHandle, 1, &eventHandle, kTimeout, 0, &dwReturned)) { | |
| found = true; | |
| EvtClose(eventHandle); | |
| } else if (GetLastError() != ERROR_NO_MORE_ITEMS) { | |
| Wh_Log(L"EvtNext failed with error: %u", GetLastError()); | |
| } | |
| EvtClose(queryHandle); | |
| return found; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment