I am converting some C code to assembly.
This will keep me busy for a while.
I am having problems with some of the equates.
I understand that if Unicode isn't defined, ANSI is assumed.
I have also asked some C programmers for some help.
Code:
;#define UNICODE
; #include <windows.h>
; #include <stdio.h>
;
; #pragma comment(lib, "advapi32.lib")
;
; #define PROVIDER_NAME L"MyEventProvider"
Provider_Name L equ "MyEventProvider"
C:\masm32\SOURCE\C_Code.asm(23) : error A2008: syntax error : L
; #define KEYBOARD_EVENT 0
KEYBOARD_EVENT equ 0
; Event_Log_Change.asm
;
; http://msdn.microsoft.com/en-us/library/aa363677%28v=vs.85%29.aspx
; Define the events in a message text file
;
; http://msdn.microsoft.com/en-us/library/aa363680%28v=vs.85%29.aspx
; The following example shows how to use the NotifyChangeEventLog function
; to receive notification when an event is logged.
; This example filters for the events written by the example in Reporting an Event.
MASM doesn't support the "L" string prefix for UNICODE. In fact, MASM doesn't really support UNICODE at all
Quote from: redskull on January 26, 2011, 05:53:05 PM
MASM doesn't support the "L" string prefix for UNICODE. In fact, MASM doesn't really support UNICODE at all
Thanks for letting me know before I got too far along.
It sounds like an assembly source code can't be generated that would produce a program to receive notification
when an event is logged in the .evt log file.
I wonder if looking at an .exe written in C could be studied and something useful gleaned from it?
Quote from: redskull on January 26, 2011, 05:53:05 PM
MASM doesn't really support UNICODE at all
Red & Magnum,
Masm is dumb, but there are some Unicode macros in \masm32\macros\ucmacros.asm;
\masm32\help\masmlib.chm list 16 uc functions, while MasmBasic features 18 "w" variants.
Thanks jj2007.
I will look at it.
I have asked some C programmers if they could make the program and I could study it.
Yes, I should have clarified that MASM doesn't have any built-in UNICODE support
The conventional way to handle UNICODE string data is to place the data in a resource file while is by default UNICODE. Then use the UNICODE API calls on UNICODE data.
Quote from: hutch-- on January 27, 2011, 02:50:37 AM
The conventional way to handle UNICODE string data is to place the data in a resource file while is by default UNICODE. Then use the UNICODE API calls on UNICODE data.
This is part of my project that defines the events in a message text file.
(Farther down the road.)
http://msdn.microsoft.com/en-us/library/aa363680%28v=vs.85%29.aspx
I asked about the #define UNICODE and was told:
;#define UNICODE
; If you decide to define unicode, you wil need to change all
; your string definitions to word size instead of bytes, and you will
; need to use Wide version of api functions (W) instead of Ansi (A)
I am having trouble converting starting from HANDLE GetMessageResources();
; Event_Log_Change.asm Receive notification when an event is logged
; Contributors: Homer,dargueta,Hutch,
;
; http://msdn.microsoft.com/en-us/library/aa363677%28v=vs.85%29.aspx
; http://msdn.microsoft.com/en-us/library/aa363680%28v=vs.85%29.aspx
INCLUDE \masm32\include\masm32rt.inc
; #define UNICODE
; For #define UNICODE, when passing parameters to ml.exe
; on the command line, add /D UNICODE.
; If you decide to define unicode, you will need to change all
; your string definitions to word size instead of bytes, and you will
; need to use Wide version of api functions (W) instead of Ansi (A)
;#include <windows.h>
;#include <stdio.h>
; #pragma comment(lib, "advapi32.lib")
; /Fo advapi32.lib on the command line.
; It should be one of the first ones since it's order-sensitive.
includelib \masm32\lib\advapi32.lib
.const
;#define KEYBOARD_EVENT 0
KEYBOARD_EVENT equ 0
;#define NOTIFICATION_EVENT 1
NOTIFICATION_EVENT equ 1
.data
;#define PROVIDER_NAME L"MyEventProvider"
Provider_Name dw "MyEventProvider",0
; #define RESOURCE_DLL L"<path>\\Provider.dll"
; By the way, in C/C++ code the 'L' must be directly adjacent to the quote
; it modifies. Usually it follows the string, but the programmer in this
; case decided not to do so.
RESOURCE_DLL db "c:\masm32\source\Provider.dll",0
HANDLE GetMessageResources();
DWORD SeekToLastRecord(HANDLE hEventLog);
DWORD GetLastRecordNumber(HANDLE hEventLog, DWORD* pdwMarker);
DWORD ReadRecord(HANDLE hEventLog, PBYTE & pBuffer, DWORD dwRecordNumber, DWORD dwFlags);
DWORD DumpNewRecords(HANDLE hEventLog);
DWORD GetEventTypeName(DWORD EventType);
LPWSTR GetMessageString(DWORD Id, DWORD argc, LPWSTR args);
DWORD ApplyParameterStringsToMessage(CONST LPCWSTR pMessage, LPWSTR & pFinalMessage);
BOOL IsKeyEvent(HANDLE hStdIn);
CONST LPWSTR pEventTypeNames[] = {L"Error", L"Warning", L"Informational", L"Audit Success", L"Audit Failure"};
HANDLE g_hResources = NULL;
.code
void wmain(void)
{
what is this for ?
i can find this reference to Provider.dll...
ThinkVantage Fingerprint Reader by UPEK
Have you gone to the second webpage listed in my source code?
This is another part of my project.
I went there and it looks like I need provider.h.
A quick search found nothing.
Have to go to work.
Provider_Name dw "MyEventProvider",0
this ^^^^^^^ is wrong, to define a unicode string use one of the macros or all this typing plus that won't assemble, the data is too big:
Provider_Name dw "M","y","E","v","e","n","t","P","r","o","v","i","d","e","r",0,0 ; Don't remember if unicode needs to be terminated by two nulls?
you can test your unicode strings with the unicode messagebox:
invoke MessageBoxW, NULL, offset Provider_Name, NULL, 0
If you have the PSDK, it has MANY header files you can convert to MASM inc file and Provider.h is one of them.. if not, let me know and I will send it your way
i am wondering if this is .NOT code or something :P
I think I get what you are doing... You do not need provider.h... that is totally something different. the "provider.dll" in the samples is JUST a sample name for the dll... you need to create a message only dll and call it whatever you want. I though you just want to be notified when something is written to the event log... but that sample is for WRITING errors to the event log.... create a mc file with all your errors then compile to a message dll, register that dll in the registry and (you) the dll will now be a "provider"
Quote from: Gunner on January 28, 2011, 12:59:47 AM
I think I get what you are doing... You do not need provider.h... that is totally something different. the "provider.dll" in the samples is JUST a sample name for the dll... you need to create a message only dll and call it whatever you want. I though you just want to be notified when something is written to the event log... but that sample is for WRITING errors to the event log.... create a mc file with all your errors then compile to a message dll, register that dll in the registry and (you) the dll will now be a "provider"
I am getting different answers to some of the conversions from C to asm
which you may have noticed in my notes.
I have asked for help from some C programmers, but not a peep.
I also asked if they could produce an .exe using the C source, so I could study it.
I will find some more C forums and post there.
I am not ready to give up yet. :U
the function named "GetMessageResources" is in the code at msdn (there may be others)
you have to write the function in asm before you can call it
// Get the provider DLL that contains the string resources for the
// category strings, event message strings, and parameter insert strings.
// For this example, the path to the DLL is hardcoded but typically,
// you would read the CategoryMessageFile, EventMessageFile, and
// ParameterMessageFile registry values under the source's registry key located
// under \SYSTEM\CurrentControlSet\Services\Eventlog\Application in
// the HKLM registry hive. In this example, all resources are included in
// the same resource-only DLL.
HANDLE GetMessageResources()
{
HANDLE hResources = NULL;
hResources = LoadLibraryEx(RESOURCE_DLL, NULL, LOAD_LIBRARY_AS_IMAGE_RESOURCE | LOAD_LIBRARY_AS_DATAFILE);
if (NULL == hResources)
{
wprintf(L"LoadLibrary failed with %lu.\n", GetLastError());
}
return hResources;
}
Thanks a lot dedndave.