当前位置:theitroad>如何获得 Windows 上次重新启动的原因

如何获得 Windows 上次重新启动的原因

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/2140092/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-09 07:05:34  来源:igfitidea点击:

How can I get the Windows last reboot reason

windowswinapishutdownreboot

提问by Frederic

I'd like to know what is the Windows API function (if any exists) that provides information about the last Windows reboot source. There are three main possible causes:

我想知道提供有关上次 Windows 重新启动源的信息的 Windows API 函数是什么(如果存在)。可能的原因主要有以下三种:

  1. The computer crashed on a blue screen
  2. A user or a program shutdown/restarted the computer
  3. A power lost
  1. 电脑蓝屏死机
  2. 用户或程序关闭/重新启动计算机
  3. 失去了力量

The more details I can get the better. However, I need to know at least which reason it is from the main ones.

我能得到的细节越多越好。但是,我至少需要知道主要是哪个原因。

I need to support Windows Vista and Windows 7.

我需要支持 Windows Vista 和 Windows 7。

Answer:

回答:

It seems that there is no direct API to get that information. Instead, we have to harvest the Windows Event Log. System reboot information is located in Event Viewer/Windows Logs/System. Here is the various information provided by the event ids:

似乎没有直接的 API 来获取该信息。相反,我们必须收集 Windows 事件日志。系统重启信息位于事件查看器/Windows 日志/系统中。以下是事件 ID 提供的各种信息:

  • 6005: Windows start-up
  • 6006: Windows shutdown (properly)
  • 6008: Windows shutdown (unexpectedly)
  • 6005:Windows 启动
  • 6006:Windows 关闭(正确)
  • 6008:Windows 关闭(意外)

I do not yet get the difference between power lost and system crash, but it's a good start.

我还不清楚断电和系统崩溃之间的区别,但这是一个好的开始。

采纳答案by Mahesh Neelakanta

This articleexplains in detail how to find the reason for last startup/shutdown. In my case, this was due to windows SCCM pushing updates even though I had it disabled locally. Visit the article for full details with pictures. For reference, here are the steps copy/pasted from the website:

文章详细解释了如何找到最后一个启动/关机的原因。就我而言,这是由于 Windows SCCM 推送更新,即使我在本地禁用了它。访问文章以获取带有图片的完整详细信息。作为参考,以下是从网站复制/粘贴的步骤:

  1. Press the Windows+ Rkeys to open the Rundialog, type eventvwr.msc, and press Enter.

  2. If prompted by UAC, then click/tap on Yes (Windows 7/8) or Continue (Vista).

  3. In the left pane of Event Viewer, double click/tap on Windows Logsto expand it, click on Systemto select it, then right click on System, and click/tap on Filter Current Log.

  4. Do either step 5 or 6 below for what shutdown events you would like to see.

  5. To See the Dates and Times of All User Shut Downs of the Computer

    A) In Event sources, click/tap on the drop down arrow and check the USER32box.

    B) In the All Event IDsfield, type 1074, then click/tap on OK.

    C) This will give you a list of power off (shutdown) and restart Shutdown Type of events at the top of the middle pane in Event Viewer.

    D) You can scroll through these listed events to find the events with power off as the Shutdown Type. You will notice the date and time, and what user was responsible for shutting down the computer per power off event listed.

    E) Go to step 7.

  6. To See the Dates and Times of All Unexpected Shut Downs of the Computer

    A) In the All Event IDsfield, type 6008, then click/tap on OK.

    B) This will give you a list of unexpected shutdown events at the top of the middle pane in Event Viewer. You can scroll through these listed events to see the date and time of each one.

  1. Windows+R键打开“运行”对话框,键入eventvwr.msc,然后按Enter

  2. 如果 UAC 提示,则单击/点击是 (Windows 7/8) 或继续 (Vista)。

  3. Event Viewer的左窗格中,双击/点击Windows Logs将其展开,点击System将其选中,然后右键单击 System,然后点击/点击Filter Current Log

  4. 执行下面的第 5 步或第 6 步,了解您希望看到的关机事件。

  5. 查看所有用户关闭计算机的日期和时间

    A) 在事件源中,单击/点击下拉箭头并选中该USER32框。

    B) 在所有事件 ID字段中,键入1074,然后单击/点击确定

    C) 这将在事件查看器的中间窗格顶部为您提供关闭电源(关机)和重新启动关机类型的事件列表。

    D) 您可以滚动浏览这些列出的事件以查找关机类型为关机类型的事件。您会注意到日期和时间,以及每个列出的关机事件负责关闭计算机的用户。

    E) 转到步骤 7。

  6. 查看所有计算机意外关闭的日期和时间

    A) 在所有事件 ID字段中,键入6008,然后单击/点击确定

    B) 这将在Event Viewer的中间窗格顶部为您提供意外关机事件列表。您可以滚动浏览这些列出的事件以查看每个事件的日期和时间。

回答by Alexander Gessler

Take a look at the Event Log API. Case a) (bluescreen, user cut the power chord or system hang) causes a note ('system did not shutdown correctly' or something like that) to be left in the 'System' event log the next time the system is rebooted properly. You should be able to access it programmatically using the above API (honestly, I've never used it but it should work).

查看事件日志 API。情况 a)(蓝屏,用户切断电源线或系统挂起)会导致下次系统正确重新启动时在“系统”事件日志中留下注释(“系统未正确关闭”或类似内容)。您应该能够使用上述 API 以编程方式访问它(老实说,我从未使用过它,但它应该可以工作)。

相关推荐

如何使用 NetCat for Windows 将二进制文件发送到 TCP 连接?

如何使用 NetCat for Windows 将二进制文件发送到 TCP 连接?

有没有办法“提取”TypeScript 接口属性的类型?

有没有办法“提取”TypeScript 接口属性的类型?

windows Powershell 脚本卡住,从批处理文件调用时不退出

windows Powershell 脚本卡住,从批处理文件调用时不退出

typescript 构建:元素隐式具有“任何”类型,因为索引表达式不是“数字”类型

typescript 构建:元素隐式具有“任何”类型,因为索引表达式不是“数字”类型

相关推荐
最近更新
标签