How can I delete EVT log records for a specific time period on a Windows XP system?

You can use either DLL injection or the DuplicateHandle method to obtain a handle to the EVT log file, then map it into memory via CreateFileMapping and MapViewOfFile, and overwrite the targeted records. On XP, first enumerate handles using NtQuerySystemInformation with SystemExtendedHandleInformation (type 0x1c for file handles), filter for log file handles with GrantedAccess = 0x0012019f, and then apply the chosen technique. For full implementation, refer to the Windows Event Viewer Log (EVT) Single Log Deletion (Part 3) article and the linked Part 2 for the core deletion logic.