New Project

[Magnum]

I am  converting some C code to assembly.

This will keep me busy for a while.

I am having problems with some of the equates.

I understand that if Unicode isn't defined, ANSI is assumed.

I have also asked some C programmers for some help.

Code:

;#define UNICODE

; #include <windows.h>
; #include <stdio.h>
;
; #pragma comment(lib, "advapi32.lib")
;
; #define PROVIDER_NAME L"MyEventProvider"

Provider_Name L equ "MyEventProvider"

C:\masm32\SOURCE\C_Code.asm(23) : error A2008: syntax error : L

; #define KEYBOARD_EVENT 0

KEYBOARD_EVENT equ 0

; Event_Log_Change.asm
;
; http://msdn.microsoft.com/en-us/library/aa363677%28v=vs.85%29.aspx

; Define the events in a message text file
;
; http://msdn.microsoft.com/en-us/library/aa363680%28v=vs.85%29.aspx

; The following example shows how to use the NotifyChangeEventLog function
; to receive notification when an event is logged.
; This example filters for the events written by the example in Reporting an Event.

Code Select Expand

[redskull]

MASM doesn't support the "L" string prefix for UNICODE.  In fact, MASM doesn't really support UNICODE at all

[Magnum]

MASM doesn't support the "L" string prefix for UNICODE.  In fact, MASM doesn't really support UNICODE at all

Thanks for letting me know before I got too far along.

It sounds like an assembly source code can't be generated that would produce a program to receive notification
when an event is logged in the .evt log file.

I wonder if looking at an .exe written in C could be studied and something useful gleaned from it?

[jj2007]

MASM doesn't really support UNICODE at all

Red & Magnum,

Masm is dumb, but there are some Unicode macros in \masm32\macros\ucmacros.asm;
\masm32\help\masmlib.chm list 16 uc functions, while MasmBasic features 18 "w" variants.

[Magnum]

Thanks jj2007.

I will look at it.

I have asked some C programmers if they could make the program and I could study it.

[redskull]

Yes, I should have clarified that MASM doesn't have any built-in UNICODE support

[hutch--]

The conventional way to handle UNICODE string data is to place the data in a resource file while is by default UNICODE. Then use the UNICODE API calls on UNICODE data.

[Magnum]

The conventional way to handle UNICODE string data is to place the data in a resource file while is by default UNICODE. Then use the UNICODE API calls on UNICODE data.

This is part of my project that defines the events in a message text file.
(Farther down the road.)

http://msdn.microsoft.com/en-us/library/aa363680%28v=vs.85%29.aspx

I asked about the #define UNICODE and was told:

;#define UNICODE
; If you decide to define unicode, you wil need to change all
; your string definitions to word size instead of bytes, and you will
; need to use Wide version of api functions (W) instead of Ansi (A)

[Magnum]

I am having trouble converting starting from HANDLE GetMessageResources();

Code Select Expand


; Event_Log_Change.asm  Receive notification when an event is logged
;                  Contributors: Homer,dargueta,Hutch,
;
; http://msdn.microsoft.com/en-us/library/aa363677%28v=vs.85%29.aspx
; http://msdn.microsoft.com/en-us/library/aa363680%28v=vs.85%29.aspx

INCLUDE    \masm32\include\masm32rt.inc

; #define UNICODE
; For #define UNICODE, when passing parameters to ml.exe
; on the command line, add /D UNICODE.

; If you decide to define unicode, you will need to change all
; your string definitions to word size instead of bytes, and you will
; need to use Wide version of api functions (W) instead of Ansi (A)

;#include <windows.h>
;#include <stdio.h>

; #pragma comment(lib, "advapi32.lib")
; /Fo advapi32.lib on the command line.
; It should be one of the first ones since it's order-sensitive.

includelib \masm32\lib\advapi32.lib

.const

;#define KEYBOARD_EVENT     0

KEYBOARD_EVENT     equ   0

;#define NOTIFICATION_EVENT 1

NOTIFICATION_EVENT equ 1

.data

;#define PROVIDER_NAME L"MyEventProvider"

Provider_Name  dw "MyEventProvider",0

; #define RESOURCE_DLL  L"<path>\\Provider.dll"
; By the way, in C/C++ code the 'L' must be directly adjacent to the quote
; it modifies. Usually it follows the string, but the programmer in this
; case decided not to do so.

RESOURCE_DLL   db "c:\masm32\source\Provider.dll",0

HANDLE GetMessageResources();
DWORD SeekToLastRecord(HANDLE hEventLog);
DWORD GetLastRecordNumber(HANDLE hEventLog, DWORD* pdwMarker);
DWORD ReadRecord(HANDLE hEventLog, PBYTE & pBuffer, DWORD dwRecordNumber, DWORD dwFlags);
DWORD DumpNewRecords(HANDLE hEventLog);
DWORD GetEventTypeName(DWORD EventType);
LPWSTR GetMessageString(DWORD Id, DWORD argc, LPWSTR args);
DWORD ApplyParameterStringsToMessage(CONST LPCWSTR pMessage, LPWSTR & pFinalMessage);
BOOL IsKeyEvent(HANDLE hStdIn);

CONST LPWSTR pEventTypeNames[] = {L"Error", L"Warning", L"Informational", L"Audit Success", L"Audit Failure"};
HANDLE g_hResources = NULL;

.code

void wmain(void)
{



[dedndave]

what is this for ?
i can find this reference to Provider.dll...

ThinkVantage Fingerprint Reader by UPEK

[Magnum]

Have you gone to the second webpage listed in my source code?

This is another part of my project.

I went there and it looks like I need provider.h.

A quick search found nothing.

Have to go to work.

[Gunner]

Provider_Name  dw "MyEventProvider",0
this ^^^^^^^ is wrong, to define a unicode string use one of the macros or all this typing plus that won't assemble, the data is too big:
Provider_Name  dw "M","y","E","v","e","n","t","P","r","o","v","i","d","e","r",0,0  ; Don't remember if unicode needs to be terminated by two nulls?

you can test your unicode strings with the unicode messagebox:
invoke   MessageBoxW, NULL, offset Provider_Name, NULL, 0

If you have the PSDK, it has MANY header files you can convert to MASM inc file and Provider.h is one of them.. if not, let me know and I will send it your way

[dedndave]

i am wondering if this is .NOT code or something   :P

[Gunner]

I think I get what you are doing...  You do not need provider.h... that is totally something different.  the "provider.dll" in the samples is JUST a sample name for the dll...  you need to create a message only dll and call it whatever you want.  I though you just want to be notified when something is written to the event log... but that sample is for WRITING errors to the event log....  create a mc file with all your errors then compile to a message dll, register that dll in the registry and (you) the dll will now be a "provider"

[Magnum]

I think I get what you are doing...  You do not need provider.h... that is totally something different.  the "provider.dll" in the samples is JUST a sample name for the dll...  you need to create a message only dll and call it whatever you want.  I though you just want to be notified when something is written to the event log... but that sample is for WRITING errors to the event log....  create a mc file with all your errors then compile to a message dll, register that dll in the registry and (you) the dll will now be a "provider"

I am getting different answers to some of the conversions from C to asm
which you may have noticed in my notes.

I have asked for help from some C programmers, but not a peep.

I also asked if they could produce an .exe using the C source, so I could study it.

I will find some more C forums and post there.

I am not ready to give up yet.  :U