dotnet interop: I'm attempting to make sense of all of the data from a pointer obtained
by calling ReadEventLog. The pointer contains an EVENTLOGRECORD
structure, plus additional data tacked on to the end that can be of
variable length.

I'm able to successfully pull the EVENTLOGRECORD structure out of the
pointer using Marshal.PtrToStructure(ptr, typeof(EVENTLOGRECORD)) but
I'm unsure about how to pluck the additional, variable length strings
from rest of the pointer.

The definition of the EVENTLOGRECORD structure can be seen at:

http://msdn.microsoft.com/library/en-us/debug/base/eventlogrecord_str.asp

The variable length information that follows the structure is described
in the remarks section.

I'm aware of the event log management capabilities of the
System.Diagnostics and System.Management namespaces but figuring this
out is important to me.

Any help would be greatly appreciated.

Just as a follow up to this, I've managed to successfully use
Marshal.ReadByte(IntPtr, Int32) to read the data past the end of the
EVENTLOGRECORD into a byte array, starting from
Marshal.SizeOf(typeof(EVENTLOGRECORD)) and ending at pnBytesRead -
Marshal.SizeOf(typeof(EVENTLOGRECORD)).

Once the "extra" data is read into a byte array I'm hoping to parse out
the category string, machine name, and the rest of the event
information. Hopefully this information will be of some help to you if
you're working with ReadEventLog from managed code.