My program in a sense needs to "sort of" monitor the event viewer for the msiInstaller information event
You may want to use DispHelper and possibly use a variation of the following snippet in a service to monitor msi installs.
Code:
#pragma comment( lib, "user32.lib" ) // Search for user32.lib while linking
#include <windows.h>
#include "disphelper.h"
#include <wchar.h>
#include <iostream>
using namespace std;
/* **************************************************************************
* getWmiStr:
* Helper function to create wmi moniker incorporating computer name.
*
============================================================================ */
static LPWSTR getWmiStr(LPCWSTR szComputer)
{
static WCHAR szWmiStr[256];
wcscpy(szWmiStr, L"winmgmts:{impersonationLevel=impersonate}!\\\\");
if (szComputer) wcsncat(szWmiStr, szComputer, 128);
else wcscat (szWmiStr, L".");
wcscat(szWmiStr, L"\\root\\cimv2");
return szWmiStr;
}
void EnumerateMSI(LPCWSTR szComputer)
{
CDispPtr wmiSvc, colQuickFixes;
CDhStringA szCategory, szEventCode, szEventType;
try
{
dhCheck( dhGetObject(getWmiStr(szComputer), NULL, &wmiSvc) );
dhCheck( dhGetValue(L"%o", &colQuickFixes, wmiSvc, L".ExecQuery(%S)",
L"SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Application' ") );
FOR_EACH(objQuickFix, colQuickFixes, NULL)
{
dhGetValue(L"%s", &szCategory, objQuickFix, L".Category");
dhGetValue(L"%s", &szEventCode, objQuickFix, L".EventCode");
dhGetValue(L"%s", &szEventType, objQuickFix, L".EventType");
if( stricmp(szEventCode, "11728") == 0 )
{
cout << "EventCode: " << szEventCode << endl
<< "Category: " << szCategory << endl
<< "EventType: " << szEventType << endl << endl;
}
}
NEXT_THROW(objQuickFix);
}
catch (string errstr)
{
cerr << "Fatal error details:" << endl << errstr << endl;
}
}
int main(void)
{
CDhInitialize init;
dhToggleExceptions(TRUE);
printf( "Enumerating MSI event 11728 entries\n");
EnumerateMSI(L".");
return 0;
}