This is the next part of my project to convert to asm.
I am not too far from getting to the code section.
; DWORD SeekToLastRecord(HANDLE hEventLog);
I found this in the code section.
// Seek to the last record in the event log and read it in order
// to position the cursor for reading any new records when the
// service notifies you that new records have been written to the
// log file.
status = SeekToLastRecord(hEventLog);
if (ERROR_SUCCESS != status)
{
wprintf(L"SeekToLastRecord failed with %lu.\n", status);
goto cleanup;
}
invoke SeekToLastRecord,addr hEventLog
.if eax !=ERROR_SUCCESS
mov status,eax
Invoke wsprintf,addr hBuffer,CTEXT ("SeekToLastRecord failed with %lu."),eax
.endif
I not know what make goto cleanup;
it should be:
.if rv(SeekToLastRecord,hEventLog) != ERROR_SUCCESS
invoke crt_sprintf,"SeekToLastRecord failed with %lu.",eax
jmp cleanup
.endif
cleanup:
if (hEventLog)
CloseEventLog(hEventLog);
if (aWaitHandles[0])
CloseHandle(aWaitHandles[0]);
if (aWaitHandles[1])
CloseHandle(aWaitHandles[1]);
Quote from: qWord on January 30, 2011, 06:40:14 PM
it should be:
.if rv(SeekToLastRecord,hEventLog) != ERROR_SUCCESS
invoke crt_sprintf,"SeekToLastRecord failed with %lu.",eax
jmp cleanup
.endif
I found multiple rv macros in the macros.asm.
Which one of those in there, does your post use ?
I am also trying to figure out the mechanics of SeekToLastRecord.
Quote from: Magnum on January 30, 2011, 07:57:05 PMI found multiple rv macros in the macros.asm.
Which one of those in there, does your post use ?
there is only one rv-macros - but you can also simply use invoke.
Quote from: Magnum on January 30, 2011, 07:57:05 PMI am also trying to figure out the mechanics of SeekToLastRecord.
I'm not a psychic :lol
rv is just a macro that invokes a function, returning the value from eax
so, instead of
invoke GetCurrentProcess
mov hInstance,eax
you can use
mov hInstance,rv(GetCurrentProcess)
Quote from: qWord on January 30, 2011, 08:06:32 PM
Quote from: Magnum on January 30, 2011, 07:57:05 PMI am also trying to figure out the mechanics of SeekToLastRecord.
I'm not a psychic :lol
I am :wink
huuummmmm.... I see a function.... It seeks to last record.... :lol
i'm physic, too
i am guessing it sets the file pointer to EOF
SeekToLastRecord PROC hFile:DWORD
xor eax,eax
INVOKE SetFilePointer,hFile,eax,eax,FILE_END
ret
SeekToLastRecord ENDP
http://www.ebaumsworld.com/video/watch/80983084/
Quote from: dedndave on January 30, 2011, 08:57:12 PM
SeekToLastRecord PROC hFile:DWORD
xor eax,eax
INVOKE SetFilePointer,hFile,eax,eax,FILE_END
ret
SeekToLastRecord ENDP
Now it makes sense.
I could not find a SeekToLastRecord API, so of course I wanted to know.
Thanks for your psychic powers. :thumbu
That is not right... you have all the C code you need to convert in one of the links you posted. In that code, they use MANY procedures, we don't need all of them so I consolidated them.. it should go something like this: NOT TESTED but it should work...
SeekToLastRecord proc hEventLog:DWORD
LOCAL OldestRecord:DWORD
LOCAL NumberOfRecords:DWORD
LOCAL dwBytesToRead:DWORD
LOCAL dwBytesRead:DWORD
LOCAL dwMinimumBytesToRead:DWORD
LOCAL LastRecordNumber:DWORD
invoke GetNumberOfEventLogRecords, hEventLog, addr NumberOfRecords
.if eax == 0
; do your cleanup here
ret
.endif
invoke GetOldestEventLogRecord, hEventLog, addr OldestRecord
.if eax == 0
; do cleanup here
ret
.endif
mov eax, NumberOfRecords
add eax, OldestRecord
sub eax, 1
mov LastRecordNumber, eax
; get buffer size for record
mov dwBytesToRead, sizeof EVENTLOGRECORD
mov dwBytesRead, 0
mov dwMinimumBytesToRead, 0
invoke HeapAlloc, hHeap, HEAP_ZERO_MEMORY, sizeof EVENTLOGRECORD
mov pBuffer, eax
;ReadEventLog(hEventLog, dwFlags, dwRecordNumber, pBuffer, dwBytesToRead, &dwBytesRead, &dwMinimumBytesToRead))
invoke ReadEventLog, hEventLog, EVENTLOG_SEEK_READ or EVENTLOG_FORWARDS_READ, LastRecordNumber, pBuffer, dwBytesToRead, addr dwBytesRead, addr dwMinimumBytesToRead
; do checks here
invoke HeapReAlloc, hHeap, 0, pBuffer, dwMinimumBytesToRead
mov eax, dwMinimumBytesToRead
mov dwBytesToRead, eax
; now read record
invoke ReadEventLog, hEventLog, EVENTLOG_SEEK_READ or EVENTLOG_FORWARDS_READ, LastRecordNumber, pBuffer, dwBytesToRead, addr dwBytesRead, addr dwMinimumBytesToRead
; do checks here
invoke HeapFree, hHeap,0, pBuffer
ret
SeekToLastRecord endp
Thanks.