Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


No resource for ETW

Sergey_PisarevSergey_Pisarev Member - All Emails Posts: 226
Hello! I am learning how to use ETW. I was able to create manifest file and use generated macroses (EventWrite...). However I can’t successfully install the manifest:
C:\Users\adm\Desktop>wevtutil im iomon_etw.man
**** Warning: The resource file for publisher Iomon was not found or could not be opened.

resourceFileName: %Systemroot%\System32\drivers\iomon.sys

**** Warning: Publisher Iomon resources could not be found or are not accessible
to the Local Service account.

As I understand that means that some resources aren’t compiled in sys file(maybe I’m wrong). I am doing everything step by step according to tutorial https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/adding-event-tracing-to-kernel-mode-drivers .

What should I do to fix this?

Comments

  • Pavel_APavel_A Member Posts: 2,708

    In your .man file you've specified two binaries:
    1. resourceFileName - contains the main compiled manifest resource
    2. messageFileName - contains localized string resource(s)
    see: https://docs.microsoft.com/en-us/windows/desktop/WES/identifying-the-provider

    When you compile the .man, MC creates the binary resources (.bin files) and a .rc (resource compiler) file:
    https://docs.microsoft.com/en-us/windows/desktop/WES/message-compiler--mc-exe-
    The .rc and .bin resources need to be compiled and linked to some PE file that can contain resources.
    It can be the .sys file itself, or a separate resource-only DLL.
    This is probably the step you're missing.

    Finally, run wevtutil to get all bits together. So simple and intuitive ;)

    -- pa

  • Sergey_PisarevSergey_Pisarev Member - All Emails Posts: 226
    via Email
    Thank you!
    I’ll try that

    Sent from my iPhone
  • jayajaya Member Posts: 5
    edited September 2019

    I have a same issue. I tried adding the resource file to the visual studio project, but i get linking error. As i have another .rc file in the driver which is the reason. So how can i add both existing .mc along with the this new .man.

    CVTRES : fatal error CVT1100: duplicate resource. type:MESSAGETABLE, name:1, language:0x0409
    LINK : fatal error LNK1123: failure during conversion to COFF: file invalid or corrupt

    1.rc - this is from manifest
    LANGUAGE 0x9,0x1
    1 11 "rev_etw_evts_MSG00001.bin"
    1 WEVT_TEMPLATE "rev_etw_evtsTEMP.BIN"

    2.rc - existing for wpp logs.
    LANGUAGE 0x9,0x1
    1 11 "drvlog_MSG00001.bin"

    Please help here.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA