Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Sept/Oct 2019 Issue of The NT Insider available


Download PDF here: http://insider.osr.com/2019/ntinsider_2019_01.pdf

It’s a particularly BIG issue, too: 40 pages of technical goodness, ranging from WDF to Minifilters. Check it out.
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

No resource for ETW

Sergey_PisarevSergey_Pisarev Member - All Emails Posts: 152
Hello! I am learning how to use ETW. I was able to create manifest file and use generated macroses (EventWrite...). However I can’t successfully install the manifest:
C:\Users\adm\Desktop>wevtutil im iomon_etw.man
**** Warning: The resource file for publisher Iomon was not found or could not be opened.

resourceFileName: %Systemroot%\System32\drivers\iomon.sys

**** Warning: Publisher Iomon resources could not be found or are not accessible
to the Local Service account.

As I understand that means that some resources aren’t compiled in sys file(maybe I’m wrong). I am doing everything step by step according to tutorial https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/adding-event-tracing-to-kernel-mode-drivers .

What should I do to fix this?

Comments

  • Pavel_APavel_A Member Posts: 2,688

    In your .man file you've specified two binaries:
    1. resourceFileName - contains the main compiled manifest resource
    2. messageFileName - contains localized string resource(s)
    see: https://docs.microsoft.com/en-us/windows/desktop/WES/identifying-the-provider

    When you compile the .man, MC creates the binary resources (.bin files) and a .rc (resource compiler) file:
    https://docs.microsoft.com/en-us/windows/desktop/WES/message-compiler--mc-exe-
    The .rc and .bin resources need to be compiled and linked to some PE file that can contain resources.
    It can be the .sys file itself, or a separate resource-only DLL.
    This is probably the step you're missing.

    Finally, run wevtutil to get all bits together. So simple and intuitive ;)

    -- pa

  • Sergey_PisarevSergey_Pisarev Member - All Emails Posts: 152
    via Email
    Thank you!
    I’ll try that

    Sent from my iPhone
  • jayajaya Member Posts: 5
    edited September 25

    I have a same issue. I tried adding the resource file to the visual studio project, but i get linking error. As i have another .rc file in the driver which is the reason. So how can i add both existing .mc along with the this new .man.

    CVTRES : fatal error CVT1100: duplicate resource. type:MESSAGETABLE, name:1, language:0x0409
    LINK : fatal error LNK1123: failure during conversion to COFF: file invalid or corrupt

    1.rc - this is from manifest
    LANGUAGE 0x9,0x1
    1 11 "rev_etw_evts_MSG00001.bin"
    1 WEVT_TEMPLATE "rev_etw_evtsTEMP.BIN"

    2.rc - existing for wpp logs.
    LANGUAGE 0x9,0x1
    1 11 "drvlog_MSG00001.bin"

    Please help here.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 21 Oct 2019 OSR Seminar Space & ONLINE
Internals & Software Drivers 18 Nov 2019 Dulles, VA
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 27 Apr 2020 OSR Seminar Space & ONLINE