Thank you Peter for the info,
I have followed the same like below…
this is function for logging event log…!
VOID XXXXLogEvent(PVOID ioObject, NTSTATUS status, const CHAR * Msg)
{
PIO_ERROR_LOG_PACKET pErrLogDetails = NULL;
UNREFERENCED_PARAMETER(status);
UNREFERENCED_PARAMETER(Msg);
pErrLogDetails = IoAllocateErrorLogEntry(ioObject, sizeof(IO_ERROR_LOG_PACKET));
if (NULL != pErrLogDetails) {
RtlSecureZeroMemory(pErrLogDetails, sizeof(IO_ERROR_LOG_PACKET));
pErrLogDetails->ErrorCode = status;
}
IoWriteErrorLogEntry(pErrLogDetails);
return;
}
From Driver : for demo i removed rest code
…
…
.
status = ZwEnumerateValueKey(hRegKey, 0, KeyValuePartialInformation, pKeyValuelInfo, 256, &retSize);
SmartAVLogEvent(pDrvObj, status, L"This is test");
.
.
MC file:
MessageIdTypedef = NTSTATUS
SeverityNames = (
Success = 0x0:STATUS_SEVERITY_SUCCESS
Informational = 0x1:STATUS_SEVERITY_INFORMATIONAL
Warning = 0x2:STATUS_SEVERITY_WARNING
Error = 0x3:STATUS_SEVERITY_ERROR
)
FacilityNames = (
System = 0x0
RpcRuntime = 0x2:FACILITY_RPC_RUNTIME
RpcStubs = 0x3:FACILITY_RPC_STUBS
Io = 0x4:FACILITY_IO_ERROR_CODE
Driver = 0x7:FACILITY_DRIVER_ERROR_CODE
)
MessageId=0x0001
Facility=Driver
Severity=Informational
SymbolicName=MSG_LOGGING_ENABLED
Language=English
Event logging enabled for XXXXXX Driver.
.
MessageId=+1
Facility=Driver
Severity=Informational
SymbolicName=MSG_DRIVER_STARTING
Language=English
XXXX Driver has successfully initialized.
.
MessageId=+1
Facility=Driver
Severity=Informational
SymbolicName=MSG_DRIVER_STOPPING
Language=English
XXXXXX Driver has unloaded.
.
I was able to log Event in Evnt viewer which is not i wanted…!
The description for Event ID 0 from source xxxxx cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
the message resource is present but the message is not found in the string/message table