I decided to take a break writing procedures. :U
I can convert most stuff here.
I need help with the "Hardcoded insert string for the event messages."
// Example shows how to use the ReportEvent function to write the events defined
// in the above message text file.
#define UNICODE
#include <windows.h>
#include <stdio.h>
#include "provider.h"
#pragma comment(lib, "advapi32.lib")
#define PROVIDER_NAME L"MyEventProvider"
// Hardcoded insert string for the event messages.
CONST LPWSTR pBadCommand = L"The command that was not valid";
CONST LPWSTR pFilename = L"c:\\folder\\file.ext";
CONST LPWSTR pNumberOfRetries = L"3";
CONST LPWSTR pSuccessfulRetries = L"0";
CONST LPWSTR pQuarts = L"8";
CONST LPWSTR pGallons = L"2";
well its just unicode
L dictates unicode.. the text is in the quotes
LPWSTR = LONG POINTER WIDE STRING (or smth like that)...
This is the first string.
pBadCommand WORD "T","h","e"," ","c","o","m","m","a","n","d"," ","t","h","a","t"," ","w","a","s"," ","n","o","t"," ","v","a","l","i","d",".",0
take a look in \masm32\macros\ucmacros.asm - there are two macros for declaring unicode strings.
Thanks qWord.
I am working on the "if (!ReportEvent" line.
I understand that it is seeing if an event can be written to the Event Log.
I found an example of printing a unicode string that uses a
macro from ucmacros.asm.
I could use some guidance, as there may be two ways to write the string ??
25 Deg. F in Pearland, Tx.
Off to make some hot cocoa.
What's it like in your "hood" ?
#define UNICODE
#include <windows.h>
#include <stdio.h>
#include "provider.h"
// Hardcoded insert string for the event messages.
CONST LPWSTR pBadCommand = L"The command that was not valid";
pBadCommand WORD "T","h","e"," ","c","o","m","m","a","n","d"," ","t","h","a","t"," ","w","a","s"," ","n","o","t"," ","v","a","l","i","d",".",0
void wmain(void)
{
HANDLE hEventLog = NULL;
LPWSTR pInsertStrings[2] = {NULL, NULL};
DWORD dwEventDataSize = 0;
// The source name (provider) must exist as a subkey of Application.
hEventLog = RegisterEventSource(NULL, PROVIDER_NAME);
if (NULL == hEventLog)
{
wprintf(L"RegisterEventSource failed with 0x%x.\n", GetLastError());
goto cleanup;
}
// This event includes user-defined data as part of the event. The event message
// does not use insert strings.
dwEventDataSize = (wcslen(pBadCommand) + 1) * sizeof(WCHAR);
if (!ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, UI_CATEGORY, MSG_INVALID_COMMAND, NULL, 0, dwEventDataSize, NULL, pBadCommand))
{
wprintf(L"ReportEvent failed with 0x%x for event 0x%x.\n", GetLastError(), MSG_INVALID_COMMAND);
goto cleanup;
}
}
.DATA
wstr StringLabel,"String"
Provider_Name dw "MyEventProvider",0
doesnt look right...
also tried formatting the code.. it messed up, but is readable.. so bleh... i aint doing everything ;p
and wstr usage might be wrong too.. anyway, its mostly there, so small fixes to do...you can do that i'm sure
.data
; use the WSTR macro from the masm32\include\ucmacros.asm to do unicode stuff easily
Provider_Name WSTR "MyEventProvider" ; #define PROVIDER_NAME L"MyEventProvider"
pBadCommand WSTR "The command that was not valid" ; CONST LPWSTR pBadCommand = L"The command that was not valid";
pFilename WSTR "C:\masm32\source\Events_Log.txt" ; pFilename = L"c:\\masm32\source\\Events_Log.txt"; ; << check your typing \\ is an escape code, its only one \ when compiled in c...you've mixed them
pNumberOfRetries WSTR "3" ; CONST LPWSTR pNumberOfRetries = L"3";
pSuccessfulRetries WSTR "0" ; CONST LPWSTR pSuccessfulRetries = L"0";
pQuarts WSTR "8" ; CONST LPWSTR pQuarts = L"8";
pGallons WSTR "2" ; CONST LPWSTR pGallons = L"2";
.code
wmainproc proc uses ebx ecx edx esi edi
LOCAL hEventLog:HANDLE
LOCAL dwEventDataSize:DWORD
LOCAL pInsertStrings[2]:LPVOID
mov [hEventLog], NULL ; HANDLE hEventLog = NULL;
mov [dwEventDataSize], NULL ; DWORD dwEventDataSize = 0;
mov [pInsertStrings[0]], NULL ; first part of LPWSTR pInsertStrings[2] = {NULL, NULL};
mov [pInsertStrings[1]], NULL ; second part of LPWSTR pInsertStrings[2] = {NULL, NULL};
push offset Provider_name
push NULL
Call RegisterEventSource ; hEventLog = RegisterEventSource(NULL, PROVIDER_NAME);
mov [hEventLog], eax
cmp [hEventLog], NULL
jne outofthisroutine
; register event failed.. getlasterror, do some logging
jmp outofthisroutine
gotahandle:
; push offset pBadCommand
; call wcslen ; dwEventDataSize = (wcslen(pBadCommand) + 1) * sizeof(WCHAR);
; lea eax, [eax + (sizeof WORD)]
; mov [dwEventDataSize], eax
; actually, that code isnt needed, we can get the compiler to do the work for us.. whee i optimised it ;p
mov [dwEventDataSize], (sizeof pBadCommand) ; or maybe lengthof.. can't remember.. experiment ;p
push offset pBadCommand
push NULL
push [dwEventDataSize] ; could be optimised to push (sizeof pBadCommand) ; thus not needing the dwEventDataSize local at all..
push NULL
push MSG_INVALID_COMMAND ; will be in some header somewhere..
push UI_CATEGORY
push EVENTLOG_ERROR_TYPE
push [hEventLog]
call ReportEvent
cmp eax, FALSE
jne reporteventworked
; reportevent failed.. do some logging
closehandleandgetout:
push [hEventLog]
call DeregisterEventSource ; DeregisterEventSource(hEventLog);
; close the handle too (probably needed.. you can test this)
push [hEventLog]
call CloseHandle
mov [hEventLog], NULL
jmp outofthisroutine
reporteventworked:
mov [pInsertStrings[0]], offset pFileName ; pInsertStrings[0] = pFilename;
lea eax, pInsertStrings[0]
push NULL
push eax
push NULL
push 1
push NULL
push MSG_BAD_FILE_CONTENTS
push DATABASE_CATEGORY
push EVENTLOG_ERROR_TYPE
push [hEventLog]
call ReportEvent
cmp eax, FALSE
jne reporteventworked2
; reportevent failed.. do some logging
jmp closehandleandgetout
reporteventworked2:
mov [pInsertStrings[0]], offset pNumberOfRetries ; pInsertStrings[0] = pNumberOfRetries;
mov [pInsertStrings[1]], offset pSuccessfulRetries ; pInsertStrings[1] = pSuccessfulRetries;
lea eax, pInsertStrings[0]
push NULL
push eax
push NULL
push 2
push NULL
push MSG_RETRIES
push NETWORK_CATEGORY
push EVENTLOG_WARNING_TYPE
push [hEventLog]
call ReportEvent
cmp eax, FALSE
jne reporteventworked3
; reportevent failed.. do some logging
jmp closehandleandgetout
reporteventworked3:
mov [pInsertStrings[0]], offset pQuarts ; pInsertStrings[0] = pQuarts;
mov [pInsertStrings[1]], offset pGallons ; pInsertStrings[1] = pGallons;
lea eax, pInsertStrings[0]
push NULL
push eax
push NULL
push 2
push MSG_COMPUTE_CONVERSION
push UI_CATEGORY
push EVENTLOG_INFORMATION_TYPE
push [hEventLog]
call ReportEvent
cmp eax, FALSE
je wearealldoneithink
; reportevent failed.. do some logging
jmp closehandleandgetout
wearealldoneithink:
; more?
jmp closehandleandgetout
outofthisroutine:
; DONE...
ret
wmainproc endp
hopefully you'll learn a bit from this and be able to do the next bit yourself...
i left some of the c code still in as comments, so you can perhaps understand them a bit better...
dont know if the code compiles, but im sure you can fix any of the asm errors that might crop up...
Thanks evlncrn8.
You have given me a lot to help me learn more.
And keep out of the "graveyard." :thumbu
; Up to the "push MSG_INVALID_COMMAND" line before an error
I have attached MyEventProvider.h
; Contributors: evlncrn8,
.data
RESOURCE_DLL db "c:\masm32\source\MyEventProvider.dll",0
Provider_Name dw "MyEventProvider",0
pBadCommand WORD "T","h","e"," ","c","o","m","m","a","n","d"," ","t","h","a","t"," ","w","a","s"," ","n","o","t"," ","v","a","l","i","d",".",0
.code
start:
wmainproc proc uses ebx ecx edx esi edi
LOCAL hEventLog:HANDLE
LOCAL dwEventDataSize:DWORD
LOCAL pInsertStrings[2]:LPVOID
mov [hEventLog], NULL ; HANDLE hEventLog = NULL;
mov [dwEventDataSize], NULL ; DWORD dwEventDataSize = 0;
mov [pInsertStrings[0]], NULL ; first part of LPWSTR pInsertStrings[2] = {NULL, NULL};
mov [pInsertStrings[1]], NULL ; second part of LPWSTR pInsertStrings[2] = {NULL, NULL};
push offset Provider_Name
push NULL
Call RegisterEventSource ; hEventLog = RegisterEventSource(NULL, PROVIDER_NAME);
mov [hEventLog], eax
cmp [hEventLog], NULL
jne outofthisroutine
; register event failed.. getlasterror, do some logging
jmp outofthisroutine
gotahandle:
; push offset pBadCommand
; call wcslen ; dwEventDataSize = (wcslen(pBadCommand) + 1) * sizeof(WCHAR);
; lea eax, [eax + (sizeof WORD)]
; mov [dwEventDataSize], eax
; actually, that code isnt needed, we can get the compiler to do the work for us.. whee i optimised it ;p
mov [dwEventDataSize], (sizeof pBadCommand) ; or maybe lengthof.. can't remember.. experiment ;p
push offset pBadCommand
push NULL
push [dwEventDataSize] ; could be optimised to push (sizeof pBadCommand) ; thus not needing the dwEventDataSize local at all..
push NULL
push MSG_INVALID_COMMAND ; will be in some header somewhere..
push UI_CATEGORY
push EVENTLOG_ERROR_TYPE
push [hEventLog]
call ReportEvent
cmp eax, FALSE
jne reporteventworked
; reportevent failed.. do some logging
closehandleandgetout:
push [hEventLog]
call DeregisterEventSource ; DeregisterEventSource(hEventLog);
; close the handle too (probably needed.. you can test this)
push [hEventLog]
call CloseHandle
mov [hEventLog], NULL
jmp outofthisroutine
reporteventworked:
mov [pInsertStrings[0]], offset pFileName ; pInsertStrings[0] = pFilename;
lea eax, pInsertStrings[0]
push NULL
push eax
push NULL
push 1
push NULL
push MSG_BAD_FILE_CONTENTS
push DATABASE_CATEGORY
push EVENTLOG_ERROR_TYPE
push [hEventLog]
call ReportEvent
cmp eax, FALSE
jne reporteventworked2
; reportevent failed.. do some logging
jmp closehandleandgetout
reporteventworked2:
mov [pInsertStrings[0]], offset pNumberOfRetries ; pInsertStrings[0] = pNumberOfRetries;
mov [pInsertStrings[1]], offset pSuccessfulRetries ; pInsertStrings[1] = pSuccessfulRetries;
lea eax, pInsertStrings[0]
push NULL
push eax
push NULL
push 2
push NULL
push MSG_RETRIES
push NETWORK_CATEGORY
push EVENTLOG_WARNING_TYPE
push [hEventLog]
call ReportEvent
cmp eax, FALSE
jne reporteventworked3
; reportevent failed.. do some logging
jmp closehandleandgetout
reporteventworked3:
mov [pInsertStrings[0]], offset pQuarts ; pInsertStrings[0] = pQuarts;
mov [pInsertStrings[1]], offset pGallons ; pInsertStrings[1] = pGallons;
lea eax, pInsertStrings[0]
push NULL
push eax
push NULL
push 2
push MSG_COMPUTE_CONVERSION
push UI_CATEGORY
push EVENTLOG_INFORMATION_TYPE
push [hEventLog]
call ReportEvent
cmp eax, FALSE
je wearealldoneithink
; reportevent failed.. do some logging
jmp closehandleandgetout
wearealldoneithink:
; more?
jmp closehandleandgetout
outofthisroutine:
; DONE...
ret
wmainproc endp
end start
Attached is the conversion of the header file to an include.
I found some code and the executable here for making an event log.
http://www.codeproject.com/KB/system/xeventlog.aspx
I don't know if converting it to assembly would be easier
than the previous .c or .cpp code that I posted.
(I used Visual C++, but ran into some "entanglements.")