如何获得 Windows 上次重新启动的原因 [英] How can I get the Windows last reboot reason

问题描述

我想知道提供有关上次 Windows 重新启动源的信息的 Windows API 函数是什么(如果存在).主要有以下三种可能的原因:

1. 电脑蓝屏死机
2. 用户或程序关闭/重新启动了计算机
3. 断电

越详细越好.但是，我至少需要知道主要是哪个原因.

我需要支持 Windows Vista 和 Windows 7.

答案:

似乎没有直接的 API 来获取该信息.相反，我们必须收集 Windows 事件日志.系统重启信息位于事件查看器/Windows 日志/系统中.以下是事件 ID 提供的各种信息:

• 6005:Windows 启动
• 6006:Windows 关闭(正确)
• 6008:Windows 关闭(意外)

我还不清楚断电和系统崩溃之间的区别，但这是一个好的开始.

解决方案

这个 文章 详细解释了如何查找上次启动/关闭的原因.就我而言，这是由于 Windows SCCM 推送更新，即使我在本地禁用了它.访问文章以获取带有图片的完整详细信息.作为参考，以下是从网站复制/粘贴的步骤:

<块引用>

1. 按 Windows + R 键打开 运行 对话框，输入 eventvwr.msc，然后按 Enter.

2. 如果 UAC 提示，则单击/点击是 (Windows 7/8) 或继续 (Vista).

3. 在事件查看器的左窗格中，双击/点击Windows Logs将其展开，点击System选择它，然后右键单击系统，然后点击/点击过滤当前日志.

4. 针对您希望看到的关机事件，执行下面的第 5 步或第 6 步.

5. 查看所有用户关闭计算机的日期和时间

A) 在事件源中，单击/点击下拉箭头并选中USER32框.

B) 在 All Event IDs 字段中，输入 1074，然后单击/点击 OK.

C) 这会给你一个关机(关机)和重启的列表事件查看器中间窗格顶部的关闭事件类型.

D) 您可以滚动浏览这些列出的事件以查找事件关机类型为关机.您会注意到日期和时间，以及每个用户负责关闭计算机列出关机事件.

E) 转到第 7 步.

6. 查看所有计算机意外关闭的日期和时间

A) 在 All Event IDs 字段中输入 6008，然后点击/点击 OK.

B) 这会给你一个意外关机事件列表事件查看器中间窗格的顶部.您可以滚动浏览这些列出事件以查看每个事件的日期和时间.

I'd like to know what is the Windows API function (if any exists) that provides information about the last Windows reboot source. There are three main possible causes:

1. The computer crashed on a blue screen
2. A user or a program shutdown/restarted the computer
3. A power lost

The more details I can get the better. However, I need to know at least which reason it is from the main ones.

I need to support Windows Vista and Windows 7.

Answer:

It seems that there is no direct API to get that information. Instead, we have to harvest the Windows Event Log. System reboot information is located in Event Viewer/Windows Logs/System. Here is the various information provided by the event ids:

• 6005: Windows start-up
• 6006: Windows shutdown (properly)
• 6008: Windows shutdown (unexpectedly)

I do not yet get the difference between power lost and system crash, but it's a good start.

解决方案

This article explains in detail how to find the reason for last startup/shutdown. In my case, this was due to windows SCCM pushing updates even though I had it disabled locally. Visit the article for full details with pictures. For reference, here are the steps copy/pasted from the website:

1. Press the Windows + R keys to open the Run dialog, type eventvwr.msc, and press Enter.

2. If prompted by UAC, then click/tap on Yes (Windows 7/8) or Continue (Vista).

3. In the left pane of Event Viewer, double click/tap on Windows Logs to expand it, click on System to select it, then right click on System, and click/tap on Filter Current Log.

4. Do either step 5 or 6 below for what shutdown events you would like to see.

5. To see the dates and times of all user shut downs of the computer

A) In Event sources, click/tap on the drop down arrow and check the USER32 box.

B) In the All Event IDs field, type 1074, then click/tap on OK.

C) This will give you a list of power off (shutdown) and restart shutdown type of events at the top of the middle pane in Event Viewer.

D) You can scroll through these listed events to find the events with power off as the shutdown type. You will notice the date and time, and what user was responsible for shutting down the computer per power off event listed.

E) Go to step 7.

6. To see the dates and times of all unexpected shut downs of the computer

A) In the All Event IDs field type 6008, then click/tap on OK.

B) This will give you a list of unexpected shutdown events at the top of the middle pane in Event Viewer. You can scroll through these listed events to see the date and time of each one.

这篇关于如何获得 Windows 上次重新启动的原因的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！