DWORD SeekToLastRecord(HANDLE hEventLog);

Magnum · January 30, 2011, 03:38:44 AM

This is the next part of my project to convert to asm.

I am not too far from getting to the code section.

; DWORD SeekToLastRecord(HANDLE hEventLog);

I found this in the code section.

// Seek to the last record in the event log and read it in order
    // to position the cursor for reading any new records when the
    // service notifies you that new records have been written to the 
    // log file.
    status = SeekToLastRecord(hEventLog);
    if (ERROR_SUCCESS != status)
    {
        wprintf(L"SeekToLastRecord failed with %lu.\n", status);
        goto cleanup;
    }

ragdog · January 30, 2011, 06:30:48 PM

Code Select


invoke SeekToLastRecord,addr hEventLog

.if eax !=ERROR_SUCCESS
    mov status,eax
   Invoke wsprintf,addr hBuffer,CTEXT ("SeekToLastRecord failed with %lu."),eax
.endif

I not know what make goto cleanup;

qWord · January 30, 2011, 06:40:14 PM

it should be:

Code Select

.if rv(SeekToLastRecord,hEventLog) != ERROR_SUCCESS
    invoke crt_sprintf,"SeekToLastRecord failed with %lu.",eax
    jmp cleanup
.endif

Magnum · January 30, 2011, 07:47:37 PM

cleanup:

if (hEventLog)
CloseEventLog(hEventLog);

if (aWaitHandles[0])
CloseHandle(aWaitHandles[0]);

if (aWaitHandles[1])
CloseHandle(aWaitHandles[1]);

Magnum · January 30, 2011, 07:57:05 PM

Quote from: qWord on January 30, 2011, 06:40:14 PM
it should be:
Code Select Expand
.if rv(SeekToLastRecord,hEventLog) != ERROR_SUCCESS invoke crt_sprintf,"SeekToLastRecord failed with %lu.",eax jmp cleanup .endif

I found multiple rv macros in the macros.asm.

Which one of those in there, does your post use ?

I am also trying to figure out the mechanics of SeekToLastRecord.

qWord · January 30, 2011, 08:06:32 PM

Quote from: Magnum on January 30, 2011, 07:57:05 PMI found multiple rv macros in the macros.asm.

Which one of those in there, does your post use ?

there is only one rv-macros - but you can also simply use invoke.

Quote from: Magnum on January 30, 2011, 07:57:05 PMI am also trying to figure out the mechanics of SeekToLastRecord.

I'm not a psychic :lol

dedndave · January 30, 2011, 08:07:59 PM

rv is just a macro that invokes a function, returning the value from eax

so, instead of

Code Select

invoke GetCurrentProcess
mov hInstance,eax

you can use

Code Select

mov hInstance,rv(GetCurrentProcess)

oex · January 30, 2011, 08:22:53 PM

Quote from: qWord on January 30, 2011, 08:06:32 PM
Quote from: Magnum on January 30, 2011, 07:57:05 PMI am also trying to figure out the mechanics of SeekToLastRecord.
I'm not a psychic :lol

I am :wink

huuummmmm.... I see a function.... It seeks to last record.... :lol

dedndave · January 30, 2011, 08:48:06 PM

i'm physic, too
i am guessing it sets the file pointer to EOF

dedndave · January 30, 2011, 08:57:12 PM

Code Select

SeekToLastRecord PROC hFile:DWORD

        xor     eax,eax
        INVOKE  SetFilePointer,hFile,eax,eax,FILE_END
        ret

SeekToLastRecord ENDP

oex · January 30, 2011, 09:14:42 PM

http://www.ebaumsworld.com/video/watch/80983084/

Magnum · January 30, 2011, 09:34:42 PM

Quote from: dedndave on January 30, 2011, 08:57:12 PM
Code Select Expand
SeekToLastRecord PROC hFile:DWORD xor eax,eax INVOKE SetFilePointer,hFile,eax,eax,FILE_END ret SeekToLastRecord ENDP

Now it makes sense.

I could not find a SeekToLastRecord API, so of course I wanted to know.

Thanks for your psychic powers. :thumbu

Gunner · January 30, 2011, 11:24:22 PM

That is not right... you have all the C code you need to convert in one of the links you posted. In that code, they use MANY procedures, we don't need all of them so I consolidated them.. it should go something like this: NOT TESTED but it should work...

Code Select


SeekToLastRecord proc hEventLog:DWORD
	LOCAL	OldestRecord:DWORD
	LOCAL	NumberOfRecords:DWORD
	LOCAL	dwBytesToRead:DWORD	
	LOCAL	dwBytesRead:DWORD
	LOCAL	dwMinimumBytesToRead:DWORD
	LOCAL	LastRecordNumber:DWORD
	invoke	GetNumberOfEventLogRecords, hEventLog, addr NumberOfRecords
	.if eax == 0
		; do your cleanup here
		ret
	.endif
	
	invoke	GetOldestEventLogRecord, hEventLog, addr OldestRecord
	.if eax == 0
		; do cleanup here
		ret
	.endif
	
	mov		eax, NumberOfRecords
	add		eax, OldestRecord
	sub		eax, 1
	mov		LastRecordNumber, eax
	
	; get buffer size for record
	mov		dwBytesToRead, sizeof EVENTLOGRECORD
	mov		dwBytesRead, 0
	mov		dwMinimumBytesToRead, 0
	invoke	HeapAlloc, hHeap, HEAP_ZERO_MEMORY, sizeof EVENTLOGRECORD
	mov		pBuffer, eax
	;ReadEventLog(hEventLog, dwFlags, dwRecordNumber, pBuffer, dwBytesToRead, &dwBytesRead, &dwMinimumBytesToRead))
	invoke	ReadEventLog, hEventLog, EVENTLOG_SEEK_READ or EVENTLOG_FORWARDS_READ, LastRecordNumber, pBuffer, dwBytesToRead, addr dwBytesRead, addr dwMinimumBytesToRead
	; do checks here
	
	invoke	HeapReAlloc, hHeap, 0, pBuffer, dwMinimumBytesToRead
	
	mov		eax, dwMinimumBytesToRead
	mov		dwBytesToRead, eax
	
	; now read record
	invoke	ReadEventLog, hEventLog, EVENTLOG_SEEK_READ or EVENTLOG_FORWARDS_READ, LastRecordNumber, pBuffer, dwBytesToRead, addr dwBytesRead, addr dwMinimumBytesToRead

	; do checks here
	
	invoke	HeapFree, hHeap,0, pBuffer
	ret

SeekToLastRecord endp

Magnum · January 31, 2011, 01:10:48 AM

Thanks.

News:

DWORD SeekToLastRecord(HANDLE hEventLog);