Ndis Error Logs

Robert_Graham · September 13, 2012, 6:11pm

I am confused on how to set up Ndis Error Logs. I am utilizing the function NdisWriteErrorLogEntry in my miniport driver. What else do I need, and where do the logs get written to? I can’t seem to find them in the Windows Event Viewer.

Pavel_A1 · September 13, 2012, 6:44pm

wrote in message news:xxxxx@ntdev…
> I am confused on how to set up Ndis Error Logs. I am utilizing the
> function NdisWriteErrorLogEntry in my miniport driver. What else do I
> need, and where do the logs get written to? I can’t seem to find them in
> the Windows Event Viewer.
>

Your event should show up in the System category (on NT6 it is in Windows
logs).

Also, you need to add a subkey named as your driver service
under HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System
Usually this subkey is added in the INF but for testing can be done after
install.

Please look in WDK examples and read MSDN documentation on the event log.
– pa

Robert_Graham · September 13, 2012, 7:04pm

What does this line in the INF file do?
HKR, , EventMessageFile, 0x00020000, “%%SystemRoot%%\System32\netevent.dll”

Pavel_A1 · September 13, 2012, 7:48pm

wrote in message news:xxxxx@ntdev…
> What does this line in the INF file do?
> HKR, , EventMessageFile, 0x00020000,
> “%%SystemRoot%%\System32\netevent.dll”
>

This says that some of your messages are defined in netevent.dll, which is a
built-in, always present Windows DLL.
It contains text resources for most (or even all) NDIS event codes defined
in netevent.h (EVENT_NDIS_xxx).

Only NDIS_STATUS_xxx values in ndis.h which have matching EVENT_NDIS_xxx in
netevent.h are in netevent.dll,
so IMHO it is cleaner just to use EVENT_NDIS codes instead of
NDIS_STATUS_xxx or even NDIS_ERROR_xxx as documented for NDIS6).

–pa

Robert_Graham · September 14, 2012, 12:52pm

So I’m still confused on what I should be doing for logging.

How do I create the registry key in the INF -> HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System
How do I utilize the text from netevent.h? Do I just include that file, and use they return codes, instead of things like NDIS_STATUS_SUCCESS? I’m working on creating company specific error codes, and those would probably just show up as values obviously, instead of text.

Pavel_A1 · September 14, 2012, 2:50pm

wrote in message news:xxxxx@ntdev…
> So I’m still confused on what I should be doing for logging.
>
> 1) How do I create the registry key in the INF ->
> HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System

Usually, by AddService directive in your INF. Or just create it manually
(using regedit or reg.exe or whatever else)

> 2) How do I utilize the text from netevent.h? Do I just include that file,
> and use they return codes, instead of things like NDIS_STATUS_SUCCESS? I’m
> working on creating company specific error codes, and those would probably
> just show up as values obviously, instead of text.
>

#include <netvent.h>
then use EVENT_NDIS_xxx values defined there for calling
NdisWriteErrorLogEntry

The netevent.dll (which you mentioned in the eventlog definition in your
INF) is not used by your driver.
When the event viewer decodes messages from your driver, it retrieves the
text from netevent.dll or other such DLLs.

If you want custom event log messages, create your own message resource DLL.
The fine MSDN explains how.

Now, the problem is that NdisWriteErrorLogEntry alows only a subset of
event log message format.
A general log entry can have several string parameters and a chunk of raw
binary data.
NdisWriteErrorLogEntry accepts only the binary blob, as array of 32-bit
values.
In order to use string parameters you’ll have to use the WDM or KMDF API,
which can make problems with logo certitification.

– pa</netvent.h>