signalEvent not be closed

(Chen Wenhao) #1


  1. code from
    signalEvent not be closed, handle leak might happen when calling Open()func many times ?

  2. and one more thing confuse me:
    Pull Subscriptions example as below(

 <... more ...>
 aWaitHandles[1] = CreateEvent(NULL, TRUE, TRUE, NULL);
 <... more ...>

    // Subscribe to events.
    hSubscription = EvtSubscribe(NULL, aWaitHandles[1], pwsPath, pwsQuery, NULL, NULL, NULL, EvtSubscribeStartAtOldestRecord);

// Loop until the user presses a key or there is an error.
while (true)
    dwWait = WaitForMultipleObjects(sizeof(aWaitHandles)/sizeof(HANDLE), aWaitHandles, FALSE, INFINITE);

    if (0 == dwWait - WAIT_OBJECT_0)  // Console input
        if (IsKeyEvent(aWaitHandles[0]))
    else if (1 == dwWait - WAIT_OBJECT_0) // Query results
        if (ERROR_NO_MORE_ITEMS != (status = EnumerateResults(hSubscription)))

<... more ... >

compared to winlogbeat codes

seems we do not use signalEvent as aWaitHandles[1]) do


Is it a bug in Winlogbeat?
(Andrew Kroh) #2

I think Open() is only called once for each event log so we haven’t observed any leaks. But it does look like the Close() method should be updated to all close the handle returned by CreateEvent.

(Chen Wenhao) #3

In my case, if error happens, I'll call Open()to recreate new eventlog instance , then handle leaks observed when some error in my env;

It does hard to lead to leaks if called once, but still might cause issue sometime
do u think should I post any fix code?


(Andrew Kroh) #4

We might as well fix it, so yes, please.

(Chen Wenhao) #5

one more:

why return nil when err happens

(system) closed #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.