Problems with error logging...

Hello Everyone,

I seem to be missing something when trying to log errors from the driver and
was wondering if you might give me a hint. Code below illustrates my calls
to the IoWriteErrorLogEntry(), however while everything seems to work fine,
I am unable to see any entries in the Computer Management\System Tools\Event
Viewer\System. Is this the place I should be looking at for logs?

Thanks,

Anton S. Yemelyanov


PIO_ERROR_LOG_PACKET errorLogEntry;

errorLogEntry = (PIO_ERROR_LOG_PACKET)

IoAllocateErrorLogEntry(
DeviceObject,
(UCHAR)(sizeof(IO_ERROR_LOG_PACKET)

  • sizeof(DEVICE_OBJECT))
    );

if (errorLogEntry != NULL)
{
errorLogEntry->ErrorCode = STATUS_SUCESS;
errorLogEntry->UniqueErrorValue = 0;
errorLogEntry->FinalStatus = IO_ERR_INTERNAL_ERROR;

RtlCopyMemory(
&errorLogEntry->DumpData[0],
&DeviceObject,
sizeof(DEVICE_OBJECT));

errorLogEntry->DumpDataSize = sizeof(DEVICE_OBJECT);
IoWriteErrorLogEntry(errorLogEntry);
}

Hi Anton,

I have some questions for you and those me give some
hints to you.

  1. Have registered your driver as event logger in the
    System registry ?
  2. Have you build your binary with event messages
    emebeded into the binary code ?

If you have any doubt ? reply

Girish

— “Anton S. Yemelyanov” wrote:
> Hello Everyone,
>
> I seem to be missing something when trying to log
> errors from the driver and
> was wondering if you might give me a hint. Code
> below illustrates my calls
> to the IoWriteErrorLogEntry(), however while
> everything seems to work fine,
> I am unable to see any entries in the Computer
> Management\System Tools\Event
> Viewer\System. Is this the place I should be looking
> at for logs?
>
> Thanks,
>
> Anton S. Yemelyanov
>
> —
>
> PIO_ERROR_LOG_PACKET errorLogEntry;
>
> errorLogEntry = (PIO_ERROR_LOG_PACKET)
>
> IoAllocateErrorLogEntry(
> DeviceObject,
>
> (UCHAR)(sizeof(IO_ERROR_LOG_PACKET)
> + sizeof(DEVICE_OBJECT))
> );
>
> if (errorLogEntry != NULL)
> {
> errorLogEntry->ErrorCode = STATUS_SUCESS;
> errorLogEntry->UniqueErrorValue = 0;
> errorLogEntry->FinalStatus =
> IO_ERR_INTERNAL_ERROR;
>
> RtlCopyMemory(
> &errorLogEntry->DumpData[0],
> &DeviceObject,
> sizeof(DEVICE_OBJECT));
>
> errorLogEntry->DumpDataSize =
> sizeof(DEVICE_OBJECT);
> IoWriteErrorLogEntry(errorLogEntry);
> }
>
>
>
> —
> You are currently subscribed to ntfsd as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
> $subst(‘Email.Unsub’)
>
>

__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

Is your device a named object ?
If not, replace Device Object by your Driver Object and try again.

Inaki.

-----Original Message-----
From: Anton S. Yemelyanov
Sent: martes 28 de marzo de 2000 13:35
To: File Systems Developers
Subject: [ntfsd] Problems with error logging…

Hello Everyone,

I seem to be missing something when trying to log errors from the driver
and
was wondering if you might give me a hint. Code below illustrates my
calls
to the IoWriteErrorLogEntry(), however while everything seems to work
fine,
I am unable to see any entries in the Computer Management\System
Tools\Event
Viewer\System. Is this the place I should be looking at for logs?

Thanks,

Anton S. Yemelyanov


PIO_ERROR_LOG_PACKET errorLogEntry;

errorLogEntry = (PIO_ERROR_LOG_PACKET)

IoAllocateErrorLogEntry(
DeviceObject,
(UCHAR)(sizeof(IO_ERROR_LOG_PACKET)

  • sizeof(DEVICE_OBJECT))
    );

if (errorLogEntry != NULL)
{
errorLogEntry->ErrorCode = STATUS_SUCESS;
errorLogEntry->UniqueErrorValue = 0;
errorLogEntry->FinalStatus = IO_ERR_INTERNAL_ERROR;

RtlCopyMemory(
&errorLogEntry->DumpData[0],
&DeviceObject,
sizeof(DEVICE_OBJECT));

errorLogEntry->DumpDataSize = sizeof(DEVICE_OBJECT);
IoWriteErrorLogEntry(errorLogEntry);
}


You are currently subscribed to ntfsd as: xxxxx@pandasoftware.es
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

Actually, to save only bynary data, it is not necessary to register as event
log resource.
The problem is that you will not be able to see strings.

-----Original Message-----
From: Girish Kumar
Sent: martes 28 de marzo de 2000 13:48
To: File Systems Developers
Subject: [ntfsd] Re: Problems with error logging…

Hi Anton,

I have some questions for you and those me give some
hints to you.

  1. Have registered your driver as event logger in the
    System registry ?
  2. Have you build your binary with event messages
    emebeded into the binary code ?

If you have any doubt ? reply

Girish

— “Anton S. Yemelyanov” wrote:
> > Hello Everyone,
> >
> > I seem to be missing something when trying to log
> > errors from the driver and
> > was wondering if you might give me a hint. Code
> > below illustrates my calls
> > to the IoWriteErrorLogEntry(), however while
> > everything seems to work fine,
> > I am unable to see any entries in the Computer
> > Management\System Tools\Event
> > Viewer\System. Is this the place I should be looking
> > at for logs?
> >
> > Thanks,
> >
> > Anton S. Yemelyanov
> >
> > —
> >
> > PIO_ERROR_LOG_PACKET errorLogEntry;
> >
> > errorLogEntry = (PIO_ERROR_LOG_PACKET)
> >
> > IoAllocateErrorLogEntry(
> > DeviceObject,
> >
> > (UCHAR)(sizeof(IO_ERROR_LOG_PACKET)
> > + sizeof(DEVICE_OBJECT))
> > );
> >
> > if (errorLogEntry != NULL)
> > {
> > errorLogEntry->ErrorCode = STATUS_SUCESS;
> > errorLogEntry->UniqueErrorValue = 0;
> > errorLogEntry->FinalStatus =
> > IO_ERR_INTERNAL_ERROR;
> >
> > RtlCopyMemory(
> > &errorLogEntry->DumpData[0],
> > &DeviceObject,
> > sizeof(DEVICE_OBJECT));
> >
> > errorLogEntry->DumpDataSize =
> > sizeof(DEVICE_OBJECT);
> > IoWriteErrorLogEntry(errorLogEntry);
> > }
> >
> >
> >
> > —
> > You are currently subscribed to ntfsd as:
> > xxxxx@yahoo.com
> > To unsubscribe send a blank email to
> > $subst(‘Email.Unsub’)
> >
> >
>
> __________________________________________________
> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com
>
> —
> You are currently subscribed to ntfsd as: xxxxx@pandasoftware.es
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)

thats fine…

but I’m not aware of the fact that which method of
Logging Anton is using…
one by using event log dll the other by embedding
messages into binary data…The questions where put
to give hints in genral…and are not the steps…to
be followed…

Anton should respond…

Girish

— Iñaki_Castillo wrote:
> Actually, to save only bynary data, it is not
> necessary to register as event
> log resource.
> The problem is that you will not be able to see
> strings.
>
>
> > -----Original Message-----
> > From: Girish Kumar
> > Sent: martes 28 de marzo de 2000 13:48
> > To: File Systems Developers
> > Subject: [ntfsd] Re: Problems with error
> logging…
> >
> > Hi Anton,
> >
> > I have some questions for you and those me give
> some
> > hints to you.
> >
> > 1) Have registered your driver as event logger in
> the
> > System registry ?
> > 2) Have you build your binary with event messages
> > emebeded into the binary code ?
> >
> > If you have any doubt ? reply
> >
> > Girish
> >
> >
> >
> > — “Anton S. Yemelyanov”
> wrote:
> > > Hello Everyone,
> > >
> > > I seem to be missing something when trying to
> log
> > > errors from the driver and
> > > was wondering if you might give me a hint. Code
> > > below illustrates my calls
> > > to the IoWriteErrorLogEntry(), however while
> > > everything seems to work fine,
> > > I am unable to see any entries in the Computer
> > > Management\System Tools\Event
> > > Viewer\System. Is this the place I should be
> looking
> > > at for logs?
> > >
> > > Thanks,
> > >
> > > Anton S. Yemelyanov
> > >
> > > —
> > >
> > > PIO_ERROR_LOG_PACKET errorLogEntry;
> > >
> > > errorLogEntry = (PIO_ERROR_LOG_PACKET)
> > >
> > > IoAllocateErrorLogEntry(
> > > DeviceObject,
> > >
> > > (UCHAR)(sizeof(IO_ERROR_LOG_PACKET)
> > > + sizeof(DEVICE_OBJECT))
> > > );
> > >
> > > if (errorLogEntry != NULL)
> > > {
> > > errorLogEntry->ErrorCode =
> STATUS_SUCESS;
> > > errorLogEntry->UniqueErrorValue = 0;
> > > errorLogEntry->FinalStatus =
> > > IO_ERR_INTERNAL_ERROR;
> > >
> > > RtlCopyMemory(
> > > &errorLogEntry->DumpData[0],
> > > &DeviceObject,
> > > sizeof(DEVICE_OBJECT));
> > >
> > > errorLogEntry->DumpDataSize =
> > > sizeof(DEVICE_OBJECT);
> > > IoWriteErrorLogEntry(errorLogEntry);
> > > }
> > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntfsd as:
> > > xxxxx@yahoo.com
> > > To unsubscribe send a blank email to
> > > $subst(‘Email.Unsub’)
> > >
> > >
> >
> >
> > Do You Yahoo!?
> > Talk to your friends online with Yahoo! Messenger.
> > http://im.yahoo.com
> >
> > —
> > You are currently subscribed to ntfsd as:
> xxxxx@pandasoftware.es
> > To unsubscribe send a blank email to
> $subst(‘Email.Unsub’)
>
> —
> You are currently subscribed to ntfsd as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
> $subst(‘Email.Unsub’)
>
>


Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

Hello again,

Thanks for the fast feedback.

I am not registering my driver as an event log resource… I am trying to
output only the binary data for now. I have not build the binary with event
messages embeded in the code… I guess this is something I will be trying
this evening, however I am still curious why this code doesn’t work.

Consider a simple driver with a dummy driver entry which contains only the
code I have posted before… What might be missing?..

As far as the device being a named object, I did the following:

RtlInitUnicodeString(&uszDriverString, L"\Device\asytest");

ntStatus = IoCreateDevice(DriverObject,
sizeof(DEVICE_EXTENSION),
&uszDriverString,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&pDeviceObject);

And tried logging using DriverObject and pDeviceObject… Same result… No
log entries…

Anton S. Yemelyanov

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Girish Kumar
Sent: Tuesday, March 28, 2000 7:14 AM
To: File Systems Developers
Subject: [ntfsd] Re: Problems with error logging…

thats fine…

but I’m not aware of the fact that which method of
Logging Anton is using…
one by using event log dll the other by embedding
messages into binary data…The questions where put
to give hints in genral…and are not the steps…to
be followed…

Anton should respond…

Girish

— I?aki_Castillo wrote:
> Actually, to save only bynary data, it is not
> necessary to register as event
> log resource.
> The problem is that you will not be able to see
> strings.
>
>
> > -----Original Message-----
> > From: Girish Kumar
> > Sent: martes 28 de marzo de 2000 13:48
> > To: File Systems Developers
> > Subject: [ntfsd] Re: Problems with error
> logging…
> >
> > Hi Anton,
> >
> > I have some questions for you and those me give
> some
> > hints to you.
> >
> > 1) Have registered your driver as event logger in
> the
> > System registry ?
> > 2) Have you build your binary with event messages
> > emebeded into the binary code ?
> >
> > If you have any doubt ? reply
> >
> > Girish
> >
> >
> >
> > — “Anton S. Yemelyanov”
> wrote:
> > > Hello Everyone,
> > >
> > > I seem to be missing something when trying to
> log
> > > errors from the driver and
> > > was wondering if you might give me a hint. Code
> > > below illustrates my calls
> > > to the IoWriteErrorLogEntry(), however while
> > > everything seems to work fine,
> > > I am unable to see any entries in the Computer
> > > Management\System Tools\Event
> > > Viewer\System. Is this the place I should be
> looking
> > > at for logs?
> > >
> > > Thanks,
> > >
> > > Anton S. Yemelyanov
> > >
> > > —
> > >
> > > PIO_ERROR_LOG_PACKET errorLogEntry;
> > >
> > > errorLogEntry = (PIO_ERROR_LOG_PACKET)
> > >
> > > IoAllocateErrorLogEntry(
> > > DeviceObject,
> > >
> > > (UCHAR)(sizeof(IO_ERROR_LOG_PACKET)
> > > + sizeof(DEVICE_OBJECT))
> > > );
> > >
> > > if (errorLogEntry != NULL)
> > > {
> > > errorLogEntry->ErrorCode =
> STATUS_SUCESS;
> > > errorLogEntry->UniqueErrorValue = 0;
> > > errorLogEntry->FinalStatus =
> > > IO_ERR_INTERNAL_ERROR;
> > >
> > > RtlCopyMemory(
> > > &errorLogEntry->DumpData[0],
> > > &DeviceObject,
> > > sizeof(DEVICE_OBJECT));
> > >
> > > errorLogEntry->DumpDataSize =
> > > sizeof(DEVICE_OBJECT);
> > > IoWriteErrorLogEntry(errorLogEntry);
> > > }
> > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntfsd as:
> > > xxxxx@yahoo.com
> > > To unsubscribe send a blank email to
> > > $subst(‘Email.Unsub’)
> > >
> > >
> >
> >
> > Do You Yahoo!?
> > Talk to your friends online with Yahoo! Messenger.
> > http://im.yahoo.com
> >
> > —
> > You are currently subscribed to ntfsd as:
> xxxxx@pandasoftware.es
> > To unsubscribe send a blank email to
> $subst(‘Email.Unsub’)
>
> —
> You are currently subscribed to ntfsd as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
> $subst(‘Email.Unsub’)
>
>


Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com


You are currently subscribed to ntfsd as: xxxxx@GenesisFX.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

Hi Anton,

The NT event logging architecture is like this. You
log the event in the kernel mode the message is seen
in the User mode app. Event viewer. So there is
separation … meaning… your kernel thread logs
register the event with I/O manager and Os thread
picks that Event and puts onto event viewer.

Observe the logg packet…before you write the log you

specify the Error code…like this

errorLogEntry->ErrorCode = MY_DRIVER_DIED //Your Error
code from MyMessages.mc file you have created for your
driver spcific messages.

You send the information about the error code in log
packet and not the message to be shown in event
viewer…So when the system thread picks your log
packet and when it wants to put the log…it should
know the message for that MY_DRIVER_DIED error code.

How it will find that … It for this reason you need
to embed the messages into your driver binary.

I hope you know how to build
your…MyDriverMessages.mc file and create
MyDriverXXX.rc which you add in your Sources files as
RESOURCES = driver.rc /
MyDriverMessages.rc

This will add your messages into … driver binary…

Hope this helps

Girish Kumar.

Any doubts are welcomed.

— “Anton S. Yemelyanov” wrote:
> Hello again,
>
> Thanks for the fast feedback.
>
> I am not registering my driver as an event log
> resource… I am trying to
> output only the binary data for now. I have not
> build the binary with event
> messages embeded in the code… I guess this is
> something I will be trying
> this evening, however I am still curious why this
> code doesn’t work.
>
> Consider a simple driver with a dummy driver entry
> which contains only the
> code I have posted before… What might be
> missing?..
>
> As far as the device being a named object, I did the
> following:
>
> RtlInitUnicodeString(&uszDriverString,
> L"\Device\asytest");
>
> ntStatus = IoCreateDevice(DriverObject,
> sizeof(DEVICE_EXTENSION),
> &uszDriverString,
> FILE_DEVICE_UNKNOWN,
> 0,
> FALSE,
> &pDeviceObject);
>
> And tried logging using DriverObject and
> pDeviceObject… Same result… No
> log entries…
>
> Anton S. Yemelyanov
>
>
>
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of
> Girish Kumar
> Sent: Tuesday, March 28, 2000 7:14 AM
> To: File Systems Developers
> Subject: [ntfsd] Re: Problems with error logging…
>
>
> thats fine…
>
> but I’m not aware of the fact that which method of
> Logging Anton is using…
> one by using event log dll the other by embedding
> messages into binary data…The questions where put
> to give hints in genral…and are not the steps…to
> be followed…
>
> Anton should respond…
>
> Girish
>
>
> — Iñaki_Castillo
> wrote:
> > Actually, to save only bynary data, it is not
> > necessary to register as event
> > log resource.
> > The problem is that you will not be able to see
> > strings.
> >
> >
> > > -----Original Message-----
> > > From: Girish Kumar
> > > Sent: martes 28 de marzo de 2000 13:48
> > > To: File Systems Developers
> > > Subject: [ntfsd] Re: Problems with error
> > logging…
> > >
> > > Hi Anton,
> > >
> > > I have some questions for you and those me give
> > some
> > > hints to you.
> > >
> > > 1) Have registered your driver as event logger
> in
> > the
> > > System registry ?
> > > 2) Have you build your binary with event
> messages
> > > emebeded into the binary code ?
> > >
> > > If you have any doubt ? reply
> > >
> > > Girish
> > >
> > >
> > >
> > > — “Anton S. Yemelyanov”
> > wrote:
> > > > Hello Everyone,
> > > >
> > > > I seem to be missing something when trying to
> > log
> > > > errors from the driver and
> > > > was wondering if you might give me a hint.
> Code
> > > > below illustrates my calls
> > > > to the IoWriteErrorLogEntry(), however while
> > > > everything seems to work fine,
> > > > I am unable to see any entries in the Computer
> > > > Management\System Tools\Event
> > > > Viewer\System. Is this the place I should be
> > looking
> > > > at for logs?
> > > >
> > > > Thanks,
> > > >
> > > > Anton S. Yemelyanov
> > > >
> > > > —
> > > >
> > > > PIO_ERROR_LOG_PACKET errorLogEntry;
> > > >
> > > > errorLogEntry = (PIO_ERROR_LOG_PACKET)
> > > >
> > > > IoAllocateErrorLogEntry(
> > > > DeviceObject,
> > > >
> > > > (UCHAR)(sizeof(IO_ERROR_LOG_PACKET)
> > > > + sizeof(DEVICE_OBJECT))
> > > > );
> > > >
> > > > if (errorLogEntry != NULL)
> > > > {
> > > > errorLogEntry->ErrorCode =
> > STATUS_SUCESS;
> > > > errorLogEntry->UniqueErrorValue = 0;
> > > > errorLogEntry->FinalStatus =
> > > > IO_ERR_INTERNAL_ERROR;
> > > >
> > > > RtlCopyMemory(
> > > > &errorLogEntry->DumpData[0],
> > > > &DeviceObject,
> > > > sizeof(DEVICE_OBJECT));
> > > >
> > > > errorLogEntry->DumpDataSize =
> > > > sizeof(DEVICE_OBJECT);
> > > > IoWriteErrorLogEntry(errorLogEntry);
> > > > }
> > > >
> > > >
> > > >
> > > > —
> > > > You are currently subscribed to ntfsd as:
> > > > xxxxx@yahoo.com
> > > > To unsubscribe send a blank email to
> > > > $subst(‘Email.Unsub’)
> > > >
> > > >
> > >
> > >
>
> > > Do You Yahoo!?
> > > Talk to your friends online with Yahoo!
> Messenger.
> > > http://im.yahoo.com
> > >
> > > —
> > > You are currently subscribed to ntfsd as:
> > xxxxx@pandasoftware.es
> > > To unsubscribe send a blank email to
> > $subst(‘Email.Unsub’)
> >
> > —
> > You are currently subscribed to ntfsd as:
> > xxxxx@yahoo.com
> > To unsubscribe send a blank email to
> > $subst(‘Email.Unsub’)
> >
> >
>
>

> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com
>
> —
> You are currently subscribed to ntfsd as:
> xxxxx@GenesisFX.com
> To unsubscribe send a blank email to
> $subst(‘Email.Unsub’)
>
>
>
> —
> You are currently subscribed to ntfsd as:
> xxxxx@yahoo.com
>
=== message truncated ===

__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

Hmmm, just look at his source code.
He is saving only binary data.

Inaki.

-----Original Message-----
From: Girish Kumar
Sent: martes 28 de marzo de 2000 14:14
To: File Systems Developers
Subject: [ntfsd] Re: Problems with error logging…

thats fine…

but I’m not aware of the fact that which method of
Logging Anton is using…
one by using event log dll the other by embedding
messages into binary data…The questions where put
to give hints in genral…and are not the steps…to
be followed…

Anton should respond…

Girish

— I?aki_Castillo wrote:
> > Actually, to save only bynary data, it is not
> > necessary to register as event
> > log resource.
> > The problem is that you will not be able to see
> > strings.
> >
> >
> > > -----Original Message-----
> > > From: Girish Kumar
> > > Sent: martes 28 de marzo de 2000 13:48
> > > To: File Systems Developers
> > > Subject: [ntfsd] Re: Problems with error
> > logging…
> > >
> > > Hi Anton,
> > >
> > > I have some questions for you and those me give
> > some
> > > hints to you.
> > >
> > > 1) Have registered your driver as event logger in
> > the
> > > System registry ?
> > > 2) Have you build your binary with event messages
> > > emebeded into the binary code ?
> > >
> > > If you have any doubt ? reply
> > >
> > > Girish
> > >
> > >
> > >
> > > — “Anton S. Yemelyanov”
> > wrote:
> > > > Hello Everyone,
> > > >
> > > > I seem to be missing something when trying to
> > log
> > > > errors from the driver and
> > > > was wondering if you might give me a hint. Code
> > > > below illustrates my calls
> > > > to the IoWriteErrorLogEntry(), however while
> > > > everything seems to work fine,
> > > > I am unable to see any entries in the Computer
> > > > Management\System Tools\Event
> > > > Viewer\System. Is this the place I should be
> > looking
> > > > at for logs?
> > > >
> > > > Thanks,
> > > >
> > > > Anton S. Yemelyanov
> > > >
> > > > —
> > > >
> > > > PIO_ERROR_LOG_PACKET errorLogEntry;
> > > >
> > > > errorLogEntry = (PIO_ERROR_LOG_PACKET)
> > > >
> > > > IoAllocateErrorLogEntry(
> > > > DeviceObject,
> > > >
> > > > (UCHAR)(sizeof(IO_ERROR_LOG_PACKET)
> > > > + sizeof(DEVICE_OBJECT))
> > > > );
> > > >
> > > > if (errorLogEntry != NULL)
> > > > {
> > > > errorLogEntry->ErrorCode =
> > STATUS_SUCESS;
> > > > errorLogEntry->UniqueErrorValue = 0;
> > > > errorLogEntry->FinalStatus =
> > > > IO_ERR_INTERNAL_ERROR;
> > > >
> > > > RtlCopyMemory(
> > > > &errorLogEntry->DumpData[0],
> > > > &DeviceObject,
> > > > sizeof(DEVICE_OBJECT));
> > > >
> > > > errorLogEntry->DumpDataSize =
> > > > sizeof(DEVICE_OBJECT);
> > > > IoWriteErrorLogEntry(errorLogEntry);
> > > > }
> > > >
> > > >
> > > >
> > > > —
> > > > You are currently subscribed to ntfsd as:
> > > > xxxxx@yahoo.com
> > > > To unsubscribe send a blank email to
> > > > $subst(‘Email.Unsub’)
> > > >
> > > >
> > >
> > >
> > > Do You Yahoo!?
> > > Talk to your friends online with Yahoo! Messenger.
> > > http://im.yahoo.com
> > >
> > > —
> > > You are currently subscribed to ntfsd as:
> > xxxxx@pandasoftware.es
> > > To unsubscribe send a blank email to
> > $subst(‘Email.Unsub’)
> >
> > —
> > You are currently subscribed to ntfsd as:
> > xxxxx@yahoo.com
> > To unsubscribe send a blank email to
> > $subst(‘Email.Unsub’)
> >
> >
>
>

> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com
>
> —
> You are currently subscribed to ntfsd as: xxxxx@pandasoftware.es
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)

Follows a piece of actual code that do work, used from a driver:
(I hope this helps !)

MyEventLog( PDRIVER_OBJECT driverObject, int code, int status, PWSTR string
)
{
PIO_ERROR_LOG_PACKET errorLogEntry ;
UNICODE_STRING uniErrorString ;
PWCHAR insertionString ;
int i, result=-1;

RtlInitUnicodeString (&uniErrorString, string) ;

errorLogEntry = IoAllocateErrorLogEntry( driverObject, (UCHAR)(sizeof
(IO_ERROR_LOG_PACKET)+ uniErrorString.Length+sizeof (WCHAR))) ;

if (errorLogEntry)
{
errorLogEntry->ErrorCode = code;
errorLogEntry->SequenceNumber = 0;
errorLogEntry->MajorFunctionCode = 0 ;
errorLogEntry->RetryCount = 0;
errorLogEntry->UniqueErrorValue = 0;
errorLogEntry->FinalStatus = status;
errorLogEntry->DumpDataSize = 0;
errorLogEntry->StringOffset = sizeof
(IO_ERROR_LOG_PACKET) ;
errorLogEntry->NumberOfStrings = 1 ;

insertionString = (PWSTR)((PCHAR)(errorLogEntry) +
errorLogEntry->StringOffset) ;
RtlMoveMemory (insertionString, uniErrorString.Buffer,
uniErrorString.Length) ;
*(PWSTR)((PCHAR)insertionString + uniErrorString.Length) = L’\0’ ;

IoWriteErrorLogEntry (errorLogEntry) ;
result=0;
}

return result;
}

-----Original Message-----
From: Anton S. Yemelyanov
Sent: martes 28 de marzo de 2000 15:20
To: File Systems Developers
Subject: [ntfsd] Re: Problems with error logging…

Hello again,

Thanks for the fast feedback.

I am not registering my driver as an event log resource… I am trying to
output only the binary data for now. I have not build the binary with
event
messages embeded in the code… I guess this is something I will be
trying
this evening, however I am still curious why this code doesn’t work.

Consider a simple driver with a dummy driver entry which contains only the
code I have posted before… What might be missing?..

As far as the device being a named object, I did the following:

RtlInitUnicodeString(&uszDriverString, L"\Device\asytest");

ntStatus = IoCreateDevice(DriverObject,

sizeof(DEVICE_EXTENSION),

&uszDriverString,

FILE_DEVICE_UNKNOWN,
0,
FALSE,

&pDeviceObject);

And tried logging using DriverObject and pDeviceObject… Same result…
No
log entries…

Anton S. Yemelyanov

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Girish Kumar
Sent: Tuesday, March 28, 2000 7:14 AM
To: File Systems Developers
Subject: [ntfsd] Re: Problems with error logging…

thats fine…

but I’m not aware of the fact that which method of
Logging Anton is using…
one by using event log dll the other by embedding
messages into binary data…The questions where put
to give hints in genral…and are not the steps…to
be followed…

Anton should respond…

Girish

— I?aki_Castillo wrote:
> > Actually, to save only bynary data, it is not
> > necessary to register as event
> > log resource.
> > The problem is that you will not be able to see
> > strings.
> >
> >
> > > -----Original Message-----
> > > From: Girish Kumar
> > > Sent: martes 28 de marzo de 2000 13:48
> > > To: File Systems Developers
> > > Subject: [ntfsd] Re: Problems with error
> > logging…
> > >
> > > Hi Anton,
> > >
> > > I have some questions for you and those me give
> > some
> > > hints to you.
> > >
> > > 1) Have registered your driver as event logger in
> > the
> > > System registry ?
> > > 2) Have you build your binary with event messages
> > > emebeded into the binary code ?
> > >
> > > If you have any doubt ? reply
> > >
> > > Girish
> > >
> > >
> > >
> > > — “Anton S. Yemelyanov”
> > wrote:
> > > > Hello Everyone,
> > > >
> > > > I seem to be missing something when trying to
> > log
> > > > errors from the driver and
> > > > was wondering if you might give me a hint. Code
> > > > below illustrates my calls
> > > > to the IoWriteErrorLogEntry(), however while
> > > > everything seems to work fine,
> > > > I am unable to see any entries in the Computer
> > > > Management\System Tools\Event
> > > > Viewer\System. Is this the place I should be
> > looking
> > > > at for logs?
> > > >
> > > > Thanks,
> > > >
> > > > Anton S. Yemelyanov
> > > >
> > > > —
> > > >
> > > > PIO_ERROR_LOG_PACKET errorLogEntry;
> > > >
> > > > errorLogEntry = (PIO_ERROR_LOG_PACKET)
> > > >
> > > > IoAllocateErrorLogEntry(
> > > > DeviceObject,
> > > >
> > > > (UCHAR)(sizeof(IO_ERROR_LOG_PACKET)
> > > > + sizeof(DEVICE_OBJECT))
> > > > );
> > > >
> > > > if (errorLogEntry != NULL)
> > > > {
> > > > errorLogEntry->ErrorCode =
> > STATUS_SUCESS;
> > > > errorLogEntry->UniqueErrorValue = 0;
> > > > errorLogEntry->FinalStatus =
> > > > IO_ERR_INTERNAL_ERROR;
> > > >
> > > > RtlCopyMemory(
> > > > &errorLogEntry->DumpData[0],
> > > > &DeviceObject,
> > > > sizeof(DEVICE_OBJECT));
> > > >
> > > > errorLogEntry->DumpDataSize =
> > > > sizeof(DEVICE_OBJECT);
> > > > IoWriteErrorLogEntry(errorLogEntry);
> > > > }
> > > >
> > > >
> > > >
> > > > —
> > > > You are currently subscribed to ntfsd as:
> > > > xxxxx@yahoo.com
> > > > To unsubscribe send a blank email to
> > > > $subst(‘Email.Unsub’)
> > > >
> > > >
> > >
> > >
> > > Do You Yahoo!?
> > > Talk to your friends online with Yahoo! Messenger.
> > > http://im.yahoo.com
> > >
> > > —
> > > You are currently subscribed to ntfsd as:
> > xxxxx@pandasoftware.es
> > > To unsubscribe send a blank email to
> > $subst(‘Email.Unsub’)
> >
> > —
> > You are currently subscribed to ntfsd as:
> > xxxxx@yahoo.com
> > To unsubscribe send a blank email to
> > $subst(‘Email.Unsub’)
> >
> >
>
>

> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com
>
> —
> You are currently subscribed to ntfsd as: xxxxx@GenesisFX.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@pandasoftware.es
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)

Hello I?aki,

Thanks for posting the code from your loggin function. It certainly does
work fine. However any of my attempts to find the problem in my code failed
:frowning: My next step was to take your function and add a “data dump” to it. The
second I tried doing this, the function stopped working (just like my
original). It simply does nothing (no logs produced).

Below I am posting the modified code of your function that beside the string
tries to dump the driver object. If you have a second, please take a look at
it.

Thanks,

Anton

// —

MyNewEventLog( PDRIVER_OBJECT driverObject, int code, int status, PWSTR
string)
{
PIO_ERROR_LOG_PACKET errorLogEntry ;
UNICODE_STRING uniErrorString ;
PWCHAR insertionString ;
int i, result=-1;

RtlInitUnicodeString (&uniErrorString, string) ;

errorLogEntry = (PIO_ERROR_LOG_PACKET)
oAllocateErrorLogEntry( driverObject, (UCHAR)(sizeof(IO_ERROR_LOG_PACKET)+
sizeof(DRIVER_OBJECT)+uniErrorString.Length+sizeof (WCHAR))) ;

if (errorLogEntry)
{
errorLogEntry->ErrorCode = code;
errorLogEntry->SequenceNumber = 0;
errorLogEntry->MajorFunctionCode = 0 ;
errorLogEntry->RetryCount = 0;
errorLogEntry->UniqueErrorValue = 0;
errorLogEntry->FinalStatus = status;
errorLogEntry->DumpDataSize = sizeof(DRIVER_OBJECT);
errorLogEntry->StringOffset = sizeof
(IO_ERROR_LOG_PACKET) + sizeof(DRIVER_OBJECT) ;
errorLogEntry->NumberOfStrings = 1 ;

insertionString = (PWSTR)((PCHAR)(errorLogEntry) +
errorLogEntry->StringOffset) ;
RtlMoveMemory (insertionString, uniErrorString.Buffer,
uniErrorString.Length) ;
*(PWSTR)((PCHAR)insertionString + uniErrorString.Length) = L’\0’ ;

RtlCopyMemory(
&errorLogEntry->DumpData[0],
&driverObject,
sizeof(DRIVER_OBJECT));

IoWriteErrorLogEntry (errorLogEntry) ;
result=0;
}

return result;
}

// —

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of I?aki Castillo
Sent: Tuesday, March 28, 2000 9:30 AM
To: File Systems Developers
Subject: [ntfsd] Re: Problems with error logging…

Follows a piece of actual code that do work, used from a driver:
(I hope this helps !)

MyEventLog( PDRIVER_OBJECT driverObject, int code, int status, PWSTR string
)
{
PIO_ERROR_LOG_PACKET errorLogEntry ;
UNICODE_STRING uniErrorString ;
PWCHAR insertionString ;
int i, result=-1;

RtlInitUnicodeString (&uniErrorString, string) ;

errorLogEntry = IoAllocateErrorLogEntry( driverObject, (UCHAR)(sizeof
(IO_ERROR_LOG_PACKET)+ uniErrorString.Length+sizeof (WCHAR))) ;

if (errorLogEntry)
{
errorLogEntry->ErrorCode = code;
errorLogEntry->SequenceNumber = 0;
errorLogEntry->MajorFunctionCode = 0 ;
errorLogEntry->RetryCount = 0;
errorLogEntry->UniqueErrorValue = 0;
errorLogEntry->FinalStatus = status;
errorLogEntry->DumpDataSize = 0;
errorLogEntry->StringOffset = sizeof
(IO_ERROR_LOG_PACKET) ;
errorLogEntry->NumberOfStrings = 1 ;

insertionString = (PWSTR)((PCHAR)(errorLogEntry) +
errorLogEntry->StringOffset) ;
RtlMoveMemory (insertionString, uniErrorString.Buffer,
uniErrorString.Length) ;
*(PWSTR)((PCHAR)insertionString + uniErrorString.Length) = L’\0’ ;

IoWriteErrorLogEntry (errorLogEntry) ;
result=0;
}

return result;
}

-----Original Message-----
From: Anton S. Yemelyanov
Sent: martes 28 de marzo de 2000 15:20
To: File Systems Developers
Subject: [ntfsd] Re: Problems with error logging…

Hello again,

Thanks for the fast feedback.

I am not registering my driver as an event log resource… I am trying to
output only the binary data for now. I have not build the binary with
event
messages embeded in the code… I guess this is something I will be
trying
this evening, however I am still curious why this code doesn’t work.

Consider a simple driver with a dummy driver entry which contains only the
code I have posted before… What might be missing?..

As far as the device being a named object, I did the following:

RtlInitUnicodeString(&uszDriverString, L"\Device\asytest");

ntStatus = IoCreateDevice(DriverObject,

sizeof(DEVICE_EXTENSION),

&uszDriverString,

FILE_DEVICE_UNKNOWN,
0,
FALSE,

&pDeviceObject);

And tried logging using DriverObject and pDeviceObject… Same result…
No
log entries…

Anton S. Yemelyanov

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Girish Kumar
Sent: Tuesday, March 28, 2000 7:14 AM
To: File Systems Developers
Subject: [ntfsd] Re: Problems with error logging…

thats fine…

but I’m not aware of the fact that which method of
Logging Anton is using…
one by using event log dll the other by embedding
messages into binary data…The questions where put
to give hints in genral…and are not the steps…to
be followed…

Anton should respond…

Girish

— I?aki_Castillo wrote:
> > Actually, to save only bynary data, it is not
> > necessary to register as event
> > log resource.
> > The problem is that you will not be able to see
> > strings.
> >
> >
> > > -----Original Message-----
> > > From: Girish Kumar
> > > Sent: martes 28 de marzo de 2000 13:48
> > > To: File Systems Developers
> > > Subject: [ntfsd] Re: Problems with error
> > logging…
> > >
> > > Hi Anton,
> > >
> > > I have some questions for you and those me give
> > some
> > > hints to you.
> > >
> > > 1) Have registered your driver as event logger in
> > the
> > > System registry ?
> > > 2) Have you build your binary with event messages
> > > emebeded into the binary code ?
> > >
> > > If you have any doubt ? reply
> > >
> > > Girish
> > >
> > >
> > >
> > > — “Anton S. Yemelyanov”
> > wrote:
> > > > Hello Everyone,
> > > >
> > > > I seem to be missing something when trying to
> > log
> > > > errors from the driver and
> > > > was wondering if you might give me a hint. Code
> > > > below illustrates my calls
> > > > to the IoWriteErrorLogEntry(), however while
> > > > everything seems to work fine,
> > > > I am unable to see any entries in the Computer
> > > > Management\System Tools\Event
> > > > Viewer\System. Is this the place I should be
> > looking
> > > > at for logs?
> > > >
> > > > Thanks,
> > > >
> > > > Anton S. Yemelyanov
> > > >
> > > > —
> > > >
> > > > PIO_ERROR_LOG_PACKET errorLogEntry;
> > > >
> > > > errorLogEntry = (PIO_ERROR_LOG_PACKET)
> > > >
> > > > IoAllocateErrorLogEntry(
> > > > DeviceObject,
> > > >
> > > > (UCHAR)(sizeof(IO_ERROR_LOG_PACKET)
> > > > + sizeof(DEVICE_OBJECT))
> > > > );
> > > >
> > > > if (errorLogEntry != NULL)
> > > > {
> > > > errorLogEntry->ErrorCode =
> > STATUS_SUCESS;
> > > > errorLogEntry->UniqueErrorValue = 0;
> > > > errorLogEntry->FinalStatus =
> > > > IO_ERR_INTERNAL_ERROR;
> > > >
> > > > RtlCopyMemory(
> > > > &errorLogEntry->DumpData[0],
> > > > &DeviceObject,
> > > > sizeof(DEVICE_OBJECT));
> > > >
> > > > errorLogEntry->DumpDataSize =
> > > > sizeof(DEVICE_OBJECT);
> > > > IoWriteErrorLogEntry(errorLogEntry);
> > > > }
> > > >
> > > >
> > > >
> > > > —
> > > > You are currently subscribed to ntfsd as:
> > > > xxxxx@yahoo.com
> > > > To unsubscribe send a blank email to
> > > > $subst(‘Email.Unsub’)
> > > >
> > > >
> > >
> > >
> > > Do You Yahoo!?
> > > Talk to your friends online with Yahoo! Messenger.
> > > http://im.yahoo.com
> > >
> > > —
> > > You are currently subscribed to ntfsd as:
> > xxxxx@pandasoftware.es
> > > To unsubscribe send a blank email to
> > $subst(‘Email.Unsub’)
> >
> > —
> > You are currently subscribed to ntfsd as:
> > xxxxx@yahoo.com
> > To unsubscribe send a blank email to
> > $subst(‘Email.Unsub’)
> >
> >
>
>

> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com
>
> —
> You are currently subscribed to ntfsd as: xxxxx@GenesisFX.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@pandasoftware.es
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)


You are currently subscribed to ntfsd as: xxxxx@GenesisFX.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

Hi,

for starters the length of the packet is a UCHAR, wich means that it must
not be longer than 255.
However, actually this length must be even shorter.

According to DDK documentation total length must not be longer than
ERROR_LOG_MAXIMUM_SIZE:

This number is defined in the DDK as follows:

#define ERROR_LOG_MAXIMUM_SIZE (IO_ERROR_LOG_MESSAGE_LENGTH +
sizeof(IO_ERROR_LOG_PACKET) - \
sizeof(IO_ERROR_LOG_MESSAGE) - (sizeof(WCHAR) * 40))

This gives 262. However IoAllocateErrorLogEntry function does not allow
total length to be greater than 0x98.
On the other hand, this length must be at least 0x30, enough to hold the
event log structure.

That is, the data allocated in IoAllocateErrorLogEntry must be between:
0x30 <= DataLength <= 0x98.
If it is shorter or longer this functions gives an error,i.e, it gives NULL,
so it is not possible to register the event.
I have tried binary data within these limits and it works.

It seems that Event Log when used from a driver is accomplished using ports,
wich do not allow to pass data greater than 300 bytes.

Regards.
Inaki.

-----Original Message-----
From: Anton S. Yemelyanov
Sent: mi?rcoles 29 de marzo de 2000 6:33
To: File Systems Developers
Subject: [ntfsd] Re: Problems with error logging…

Hello I?aki,

Thanks for posting the code from your loggin function. It certainly does
work fine. However any of my attempts to find the problem in my code
failed
:frowning: My next step was to take your function and add a “data dump” to it.
The
second I tried doing this, the function stopped working (just like my
original). It simply does nothing (no logs produced).

Below I am posting the modified code of your function that beside the
string
tries to dump the driver object. If you have a second, please take a look
at
it.

Thanks,

Anton

// —

MyNewEventLog( PDRIVER_OBJECT driverObject, int code, int status, PWSTR
string)
{
PIO_ERROR_LOG_PACKET errorLogEntry ;
UNICODE_STRING uniErrorString ;
PWCHAR insertionString ;
int i, result=-1;

RtlInitUnicodeString (&uniErrorString, string) ;

errorLogEntry = (PIO_ERROR_LOG_PACKET)
oAllocateErrorLogEntry( driverObject, (UCHAR)(sizeof(IO_ERROR_LOG_PACKET)+
sizeof(DRIVER_OBJECT)+uniErrorString.Length+sizeof (WCHAR))) ;

if (errorLogEntry)
{
errorLogEntry->ErrorCode = code;
errorLogEntry->SequenceNumber = 0;
errorLogEntry->MajorFunctionCode = 0 ;
errorLogEntry->RetryCount = 0;
errorLogEntry->UniqueErrorValue = 0;
errorLogEntry->FinalStatus = status;
errorLogEntry->DumpDataSize = sizeof(DRIVER_OBJECT);
errorLogEntry->StringOffset = sizeof
(IO_ERROR_LOG_PACKET) + sizeof(DRIVER_OBJECT) ;
errorLogEntry->NumberOfStrings = 1 ;

insertionString = (PWSTR)((PCHAR)(errorLogEntry) +
errorLogEntry->StringOffset) ;
RtlMoveMemory (insertionString, uniErrorString.Buffer,
uniErrorString.Length) ;
*(PWSTR)((PCHAR)insertionString + uniErrorString.Length) = L’\0’ ;

RtlCopyMemory(
&errorLogEntry->DumpData[0],
&driverObject,
sizeof(DRIVER_OBJECT));

IoWriteErrorLogEntry (errorLogEntry) ;
result=0;
}

return result;
}

// —

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of I?aki Castillo
Sent: Tuesday, March 28, 2000 9:30 AM
To: File Systems Developers
Subject: [ntfsd] Re: Problems with error logging…

Follows a piece of actual code that do work, used from a driver:
(I hope this helps !)

MyEventLog( PDRIVER_OBJECT driverObject, int code, int status, PWSTR
string
)
{
PIO_ERROR_LOG_PACKET errorLogEntry ;
UNICODE_STRING uniErrorString ;
PWCHAR insertionString ;
int i, result=-1;

RtlInitUnicodeString (&uniErrorString, string) ;

errorLogEntry = IoAllocateErrorLogEntry( driverObject, (UCHAR)(sizeof
(IO_ERROR_LOG_PACKET)+ uniErrorString.Length+sizeof (WCHAR))) ;

if (errorLogEntry)
{
errorLogEntry->ErrorCode = code;
errorLogEntry->SequenceNumber = 0;
errorLogEntry->MajorFunctionCode = 0 ;
errorLogEntry->RetryCount = 0;
errorLogEntry->UniqueErrorValue = 0;
errorLogEntry->FinalStatus = status;
errorLogEntry->DumpDataSize = 0;
errorLogEntry->StringOffset = sizeof
(IO_ERROR_LOG_PACKET) ;
errorLogEntry->NumberOfStrings = 1 ;

insertionString = (PWSTR)((PCHAR)(errorLogEntry) +
errorLogEntry->StringOffset) ;
RtlMoveMemory (insertionString, uniErrorString.Buffer,
uniErrorString.Length) ;
*(PWSTR)((PCHAR)insertionString + uniErrorString.Length) = L’\0’ ;

IoWriteErrorLogEntry (errorLogEntry) ;
result=0;
}

return result;
}

> -----Original Message-----
> From: Anton S. Yemelyanov
> Sent: martes 28 de marzo de 2000 15:20
> To: File Systems Developers
> Subject: [ntfsd] Re: Problems with error logging…
>
> Hello again,
>
> Thanks for the fast feedback.
>
> I am not registering my driver as an event log resource… I am trying
to
> output only the binary data for now. I have not build the binary with
> event
> messages embeded in the code… I guess this is something I will be
> trying
> this evening, however I am still curious why this code doesn’t work.
>
> Consider a simple driver with a dummy driver entry which contains only
the
> code I have posted before… What might be missing?..
>
> As far as the device being a named object, I did the following:
>
> RtlInitUnicodeString(&uszDriverString, L"\Device\asytest");
>
> ntStatus = IoCreateDevice(DriverObject,
>
> sizeof(DEVICE_EXTENSION),
>
> &uszDriverString,
>
> FILE_DEVICE_UNKNOWN,
> 0,
> FALSE,
>
> &pDeviceObject);
>
> And tried logging using DriverObject and pDeviceObject… Same result…
> No
> log entries…
>
> Anton S. Yemelyanov
>
>
>
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of Girish Kumar
> Sent: Tuesday, March 28, 2000 7:14 AM
> To: File Systems Developers
> Subject: [ntfsd] Re: Problems with error logging…
>
>
> thats fine…
>
> but I’m not aware of the fact that which method of
> Logging Anton is using…
> one by using event log dll the other by embedding
> messages into binary data…The questions where put
> to give hints in genral…and are not the steps…to
> be followed…
>
> Anton should respond…
>
> Girish
>
>
> — I?aki_Castillo wrote:
> > > Actually, to save only bynary data, it is not
> > > necessary to register as event
> > > log resource.
> > > The problem is that you will not be able to see
> > > strings.
> > >
> > >
> > > > -----Original Message-----
> > > > From: Girish Kumar
> > > > Sent: martes 28 de marzo de 2000 13:48
> > > > To: File Systems Developers
> > > > Subject: [ntfsd] Re: Problems with error
> > > logging…
> > > >
> > > > Hi Anton,
> > > >
> > > > I have some questions for you and those me give
> > > some
> > > > hints to you.
> > > >
> > > > 1) Have registered your driver as event logger in
> > > the
> > > > System registry ?
> > > > 2) Have you build your binary with event messages
> > > > emebeded into the binary code ?
> > > >
> > > > If you have any doubt ? reply
> > > >
> > > > Girish
> > > >
> > > >
> > > >
> > > > — “Anton S. Yemelyanov”
> > > wrote:
> > > > > Hello Everyone,
> > > > >
> > > > > I seem to be missing something when trying to
> > > log
> > > > > errors from the driver and
> > > > > was wondering if you might give me a hint. Code
> > > > > below illustrates my calls
> > > > > to the IoWriteErrorLogEntry(), however while
> > > > > everything seems to work fine,
> > > > > I am unable to see any entries in the Computer
> > > > > Management\System Tools\Event
> > > > > Viewer\System. Is this the place I should be
> > > looking
> > > > > at for logs?
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Anton S. Yemelyanov
> > > > >
> > > > > —
> > > > >
> > > > > PIO_ERROR_LOG_PACKET errorLogEntry;
> > > > >
> > > > > errorLogEntry = (PIO_ERROR_LOG_PACKET)
> > > > >
> > > > > IoAllocateErrorLogEntry(
> > > > > DeviceObject,
> > > > >
> > > > > (UCHAR)(sizeof(IO_ERROR_LOG_PACKET)
> > > > > + sizeof(DEVICE_OBJECT))
> > > > > );
> > > > >
> > > > > if (errorLogEntry != NULL)
> > > > > {
> > > > > errorLogEntry->ErrorCode =
> > > STATUS_SUCESS;
> > > > > errorLogEntry->UniqueErrorValue = 0;
> > > > > errorLogEntry->FinalStatus =
> > > > > IO_ERR_INTERNAL_ERROR;
> > > > >
> > > > > RtlCopyMemory(
> > > > > &errorLogEntry->DumpData[0],
> > > > > &DeviceObject,
> > > > > sizeof(DEVICE_OBJECT));
> > > > >
> > > > > errorLogEntry->DumpDataSize =
> > > > > sizeof(DEVICE_OBJECT);
> > > > > IoWriteErrorLogEntry(errorLogEntry);
> > > > > }
> > > > >
> > > > >
> > > > >
> > > > > —
> > > > > You are currently subscribed to ntfsd as:
> > > > > xxxxx@yahoo.com
> > > > > To unsubscribe send a blank email to
> > > > > $subst(‘Email.Unsub’)
> > > > >
> > > > >
> > > >
> > > >
> > > > Do You Yahoo!?
> > > > Talk to your friends online with Yahoo! Messenger.
> > > > http://im.yahoo.com
> > > >
> > > > —
> > > > You are currently subscribed to ntfsd as:
> > > xxxxx@pandasoftware.es
> > > > To unsubscribe send a blank email to
> > > $subst(‘Email.Unsub’)
> > >
> > > —
> > > You are currently subscribed to ntfsd as:
> > > xxxxx@yahoo.com
> > > To unsubscribe send a blank email to
> > > $subst(‘Email.Unsub’)
> > >
> > >
> >
> >

> > Do You Yahoo!?
> > Talk to your friends online with Yahoo! Messenger.
> > http://im.yahoo.com
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@GenesisFX.com
> > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
> >
> >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@pandasoftware.es
> > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
> —
> You are currently subscribed to ntfsd as: xxxxx@GenesisFX.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@pandasoftware.es
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)

> viewer…So when the system thread picks your log

packet and when it wants to put the log…it should
know the message for that MY_DRIVER_DIED error code.

No. The logger thread does not do this - it just writes the code to the log.
It is the Event Viewer app (and, more detaily, event viewing code in
ADVAPI32.DLL) who searches for the message string table when the log is
being read.

Max