CONST LPWSTR pBadCommand = L"The command that was not valid";

[Magnum]

I decided to take a break writing procedures.  :U

I can convert most stuff here.

I need help with the "Hardcoded insert string for the event messages."

Code Select Expand

// Example shows how to use the ReportEvent function to write the events defined
// in the above message text file.
#define UNICODE
#include <windows.h>
#include <stdio.h>
#include "provider.h"

#pragma comment(lib, "advapi32.lib")

#define PROVIDER_NAME L"MyEventProvider"

// Hardcoded insert string for the event messages.
CONST LPWSTR pBadCommand = L"The command that was not valid";
CONST LPWSTR pFilename = L"c:\\folder\\file.ext";
CONST LPWSTR pNumberOfRetries = L"3";
CONST LPWSTR pSuccessfulRetries = L"0";
CONST LPWSTR pQuarts = L"8";
CONST LPWSTR pGallons = L"2";


[evlncrn8]

well its just unicode

L dictates unicode.. the text is in the quotes

LPWSTR = LONG POINTER WIDE STRING (or smth like that)...

[Magnum]

This is the first string.

pBadCommand WORD "T","h","e"," ","c","o","m","m","a","n","d"," ","t","h","a","t"," ","w","a","s"," ","n","o","t"," ","v","a","l","i","d",".",0

[qWord]

take a look in \masm32\macros\ucmacros.asm - there are two macros for declaring unicode strings.

[Magnum]

Thanks qWord.

I am working on the "if (!ReportEvent" line.
I understand that it is seeing if an event can be written to the Event Log.

I found an example of printing a unicode string that uses a
macro from ucmacros.asm.

I could use some guidance, as there may be two ways to write the string ??

25 Deg. F in Pearland, Tx.
Off to make some hot cocoa.

What's it like in your "hood" ?

Code Select Expand

#define UNICODE
#include <windows.h>
#include <stdio.h>
#include "provider.h"

// Hardcoded insert string for the event messages.

CONST LPWSTR pBadCommand = L"The command that was not valid";
pBadCommand WORD "T","h","e"," ","c","o","m","m","a","n","d"," ","t","h","a","t"," ","w","a","s"," ","n","o","t"," ","v","a","l","i","d",".",0

void wmain(void)
{
    HANDLE hEventLog = NULL;
    LPWSTR pInsertStrings[2] = {NULL, NULL};
    DWORD dwEventDataSize = 0;

    // The source name (provider) must exist as a subkey of Application.
    hEventLog = RegisterEventSource(NULL, PROVIDER_NAME);
    if (NULL == hEventLog)
    {
        wprintf(L"RegisterEventSource failed with 0x%x.\n", GetLastError());
        goto cleanup;
    }

    // This event includes user-defined data as part of the event. The event message
    // does not use insert strings.
    dwEventDataSize = (wcslen(pBadCommand) + 1) * sizeof(WCHAR);
    if (!ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, UI_CATEGORY, MSG_INVALID_COMMAND, NULL, 0, dwEventDataSize, NULL, pBadCommand))
    {
        wprintf(L"ReportEvent failed with 0x%x for event 0x%x.\n", GetLastError(), MSG_INVALID_COMMAND);
        goto cleanup;
    }
}


[dedndave]

Code Select Expand

        .DATA
wstr StringLabel,"String"

[evlncrn8]

Provider_Name  dw  "MyEventProvider",0

doesnt look right...

also tried formatting the code.. it messed up, but is readable.. so bleh... i aint doing everything ;p

and wstr usage might be wrong too.. anyway, its mostly there, so small fixes to do...you can do that i'm sure

Code Select Expand



.data

; use the WSTR macro from the masm32\include\ucmacros.asm to do unicode stuff easily

Provider_Name WSTR "MyEventProvider" ; #define PROVIDER_NAME L"MyEventProvider"
pBadCommand WSTR "The command that was not valid" ; CONST LPWSTR pBadCommand = L"The command that was not valid";
pFilename WSTR "C:\masm32\source\Events_Log.txt" ; pFilename = L"c:\\masm32\source\\Events_Log.txt"; ; << check your typing \\ is an escape code, its only one \ when compiled in c...you've mixed them
pNumberOfRetries WSTR "3" ; CONST LPWSTR pNumberOfRetries = L"3";
pSuccessfulRetries WSTR "0" ; CONST LPWSTR pSuccessfulRetries = L"0";
pQuarts WSTR "8" ; CONST LPWSTR pQuarts = L"8";
pGallons WSTR "2" ; CONST LPWSTR pGallons = L"2";


.code

wmainproc proc uses ebx ecx edx esi edi

    LOCAL hEventLog:HANDLE
    LOCAL dwEventDataSize:DWORD
    LOCAL pInsertStrings[2]:LPVOID

    mov [hEventLog], NULL ; HANDLE hEventLog = NULL;
    mov [dwEventDataSize], NULL ; DWORD dwEventDataSize = 0;
    mov [pInsertStrings[0]], NULL ; first part of LPWSTR pInsertStrings[2] = {NULL, NULL};
    mov [pInsertStrings[1]], NULL ; second part of LPWSTR pInsertStrings[2] = {NULL, NULL};

    push offset Provider_name
    push NULL
    Call RegisterEventSource ; hEventLog = RegisterEventSource(NULL, PROVIDER_NAME);

    mov [hEventLog], eax

    cmp [hEventLog], NULL
    jne outofthisroutine

    ; register event failed.. getlasterror, do some logging

    jmp outofthisroutine

gotahandle:

    ; push     offset pBadCommand
    ; call     wcslen ; dwEventDataSize = (wcslen(pBadCommand) + 1) * sizeof(WCHAR);

    ; lea     eax, [eax + (sizeof WORD)]

    ; mov     [dwEventDataSize], eax

    ; actually, that code isnt needed, we can get the compiler to do the work for us.. whee i optimised it ;p

    mov [dwEventDataSize], (sizeof pBadCommand) ; or maybe lengthof.. can't remember.. experiment ;p

    push offset pBadCommand
    push NULL
    push [dwEventDataSize] ; could be optimised to push (sizeof pBadCommand) ; thus not needing the dwEventDataSize local at all..
    push NULL
    push MSG_INVALID_COMMAND ; will be in some header somewhere..
    push UI_CATEGORY
    push EVENTLOG_ERROR_TYPE
    push [hEventLog]
    call ReportEvent

    cmp         eax, FALSE
    jne         reporteventworked

    ; reportevent failed.. do some logging

closehandleandgetout:

    push [hEventLog]
    call DeregisterEventSource ; DeregisterEventSource(hEventLog);

    ; close the handle too (probably needed.. you can test this)

    push [hEventLog]
    call CloseHandle

    mov [hEventLog], NULL

    jmp outofthisroutine

reporteventworked:

    mov [pInsertStrings[0]], offset pFileName ; pInsertStrings[0] = pFilename;

    lea eax, pInsertStrings[0]

    push NULL
    push eax
    push NULL
    push 1
    push NULL
    push MSG_BAD_FILE_CONTENTS
    push DATABASE_CATEGORY
    push EVENTLOG_ERROR_TYPE
    push [hEventLog]
    call ReportEvent

    cmp eax, FALSE
    jne reporteventworked2

    ; reportevent failed.. do some logging

    jmp closehandleandgetout

reporteventworked2:

    mov [pInsertStrings[0]], offset pNumberOfRetries ;    pInsertStrings[0] = pNumberOfRetries;
    mov [pInsertStrings[1]], offset pSuccessfulRetries ;    pInsertStrings[1] = pSuccessfulRetries;

    lea eax, pInsertStrings[0]

    push NULL
    push eax
    push NULL
    push 2
    push NULL
    push MSG_RETRIES
    push NETWORK_CATEGORY
    push EVENTLOG_WARNING_TYPE
    push [hEventLog]
    call ReportEvent

    cmp eax, FALSE
    jne reporteventworked3

    ; reportevent failed.. do some logging

    jmp closehandleandgetout

reporteventworked3:

    mov [pInsertStrings[0]], offset pQuarts ;    pInsertStrings[0] = pQuarts;
    mov [pInsertStrings[1]], offset pGallons         ;    pInsertStrings[1] = pGallons;

    lea eax, pInsertStrings[0]

    push NULL
    push eax
    push NULL
    push 2
    push MSG_COMPUTE_CONVERSION
    push UI_CATEGORY
    push EVENTLOG_INFORMATION_TYPE
    push [hEventLog]
    call ReportEvent

    cmp eax, FALSE
    je wearealldoneithink

    ; reportevent failed.. do some logging

    jmp closehandleandgetout

wearealldoneithink:

    ; more?

    jmp closehandleandgetout

outofthisroutine:

    ; DONE...

    ret

wmainproc endp



hopefully you'll learn a bit from this and be able to do the next bit yourself...

i left some of the c code still in as comments, so you can perhaps understand them a bit better...

dont know if the code compiles, but im sure you can fix any of the asm errors that might crop up...

[Magnum]

Thanks evlncrn8.

You have given me a lot to help me learn more.

And keep out of the "graveyard."  :thumbu

[Magnum]

; Up to the "push MSG_INVALID_COMMAND" line before an error

I have attached MyEventProvider.h

Code Select Expand

; Contributors: evlncrn8,

.data

RESOURCE_DLL   db  "c:\masm32\source\MyEventProvider.dll",0
Provider_Name  dw  "MyEventProvider",0
pBadCommand    WORD "T","h","e"," ","c","o","m","m","a","n","d"," ","t","h","a","t"," ","w","a","s"," ","n","o","t"," ","v","a","l","i","d",".",0

.code

start:

wmainproc proc uses ebx ecx edx esi edi

    LOCAL hEventLog:HANDLE
    LOCAL dwEventDataSize:DWORD
    LOCAL pInsertStrings[2]:LPVOID

    mov [hEventLog], NULL ; HANDLE hEventLog = NULL;
    mov [dwEventDataSize], NULL ; DWORD dwEventDataSize = 0;
    mov [pInsertStrings[0]], NULL ; first part of LPWSTR pInsertStrings[2] = {NULL, NULL};
    mov [pInsertStrings[1]], NULL ; second part of LPWSTR pInsertStrings[2] = {NULL, NULL};

    push offset Provider_Name
    push NULL
    Call RegisterEventSource ; hEventLog = RegisterEventSource(NULL, PROVIDER_NAME);

    mov [hEventLog], eax

    cmp [hEventLog], NULL
    jne outofthisroutine

    ; register event failed.. getlasterror, do some logging

    jmp outofthisroutine

gotahandle:

    ; push     offset pBadCommand
    ; call     wcslen ; dwEventDataSize = (wcslen(pBadCommand) + 1) * sizeof(WCHAR);

    ; lea     eax, [eax + (sizeof WORD)]

    ; mov     [dwEventDataSize], eax

    ; actually, that code isnt needed, we can get the compiler to do the work for us.. whee i optimised it ;p

    mov [dwEventDataSize], (sizeof pBadCommand) ; or maybe lengthof.. can't remember.. experiment ;p

    push offset pBadCommand
    push NULL
    push [dwEventDataSize] ; could be optimised to push (sizeof pBadCommand) ; thus not needing the dwEventDataSize local at all..
    push NULL
    push MSG_INVALID_COMMAND ; will be in some header somewhere..
    push UI_CATEGORY
    push EVENTLOG_ERROR_TYPE
    push [hEventLog]
    call ReportEvent

    cmp         eax, FALSE
    jne         reporteventworked

    ; reportevent failed.. do some logging

closehandleandgetout:

    push [hEventLog]
    call DeregisterEventSource ; DeregisterEventSource(hEventLog);

    ; close the handle too (probably needed.. you can test this)

    push [hEventLog]
    call CloseHandle

    mov [hEventLog], NULL

    jmp outofthisroutine

reporteventworked:

    mov [pInsertStrings[0]], offset pFileName ; pInsertStrings[0] = pFilename;

    lea eax, pInsertStrings[0]

    push NULL
    push eax
    push NULL
    push 1
    push NULL
    push MSG_BAD_FILE_CONTENTS
    push DATABASE_CATEGORY
    push EVENTLOG_ERROR_TYPE
    push [hEventLog]
    call ReportEvent

    cmp eax, FALSE
    jne reporteventworked2

    ; reportevent failed.. do some logging

    jmp closehandleandgetout

reporteventworked2:

    mov [pInsertStrings[0]], offset pNumberOfRetries ;    pInsertStrings[0] = pNumberOfRetries;
    mov [pInsertStrings[1]], offset pSuccessfulRetries ;    pInsertStrings[1] = pSuccessfulRetries;

    lea eax, pInsertStrings[0]

    push NULL
    push eax
    push NULL
    push 2
    push NULL
    push MSG_RETRIES
    push NETWORK_CATEGORY
    push EVENTLOG_WARNING_TYPE
    push [hEventLog]
    call ReportEvent

    cmp eax, FALSE
    jne reporteventworked3

    ; reportevent failed.. do some logging

    jmp closehandleandgetout

reporteventworked3:

    mov [pInsertStrings[0]], offset pQuarts ;    pInsertStrings[0] = pQuarts;
    mov [pInsertStrings[1]], offset pGallons         ;    pInsertStrings[1] = pGallons;

    lea eax, pInsertStrings[0]

    push NULL
    push eax
    push NULL
    push 2
    push MSG_COMPUTE_CONVERSION
    push UI_CATEGORY
    push EVENTLOG_INFORMATION_TYPE
    push [hEventLog]
    call ReportEvent

    cmp eax, FALSE
    je wearealldoneithink

    ; reportevent failed.. do some logging

    jmp closehandleandgetout

wearealldoneithink:

    ; more?

    jmp closehandleandgetout

outofthisroutine:

    ; DONE...

    ret

wmainproc endp

end start

[Magnum]

Attached is the conversion of the header file to an include.

[Magnum]

I found some code and the executable here for making an event log.

http://www.codeproject.com/KB/system/xeventlog.aspx

I don't know if converting it to assembly would be easier
than the previous .c or .cpp code that I posted.

(I used Visual C++, but ran into some "entanglements.")