Hello I?aki,
Thanks for posting the code from your loggin function. It certainly does
work fine. However any of my attempts to find the problem in my code failed
My next step was to take your function and add a “data dump” to it. The
second I tried doing this, the function stopped working (just like my
original). It simply does nothing (no logs produced).
Below I am posting the modified code of your function that beside the string
tries to dump the driver object. If you have a second, please take a look at
it.
Thanks,
Anton
// —
MyNewEventLog( PDRIVER_OBJECT driverObject, int code, int status, PWSTR
string)
{
PIO_ERROR_LOG_PACKET errorLogEntry ;
UNICODE_STRING uniErrorString ;
PWCHAR insertionString ;
int i, result=-1;
RtlInitUnicodeString (&uniErrorString, string) ;
errorLogEntry = (PIO_ERROR_LOG_PACKET)
oAllocateErrorLogEntry( driverObject, (UCHAR)(sizeof(IO_ERROR_LOG_PACKET)+
sizeof(DRIVER_OBJECT)+uniErrorString.Length+sizeof (WCHAR))) ;
if (errorLogEntry)
{
errorLogEntry->ErrorCode = code;
errorLogEntry->SequenceNumber = 0;
errorLogEntry->MajorFunctionCode = 0 ;
errorLogEntry->RetryCount = 0;
errorLogEntry->UniqueErrorValue = 0;
errorLogEntry->FinalStatus = status;
errorLogEntry->DumpDataSize = sizeof(DRIVER_OBJECT);
errorLogEntry->StringOffset = sizeof
(IO_ERROR_LOG_PACKET) + sizeof(DRIVER_OBJECT) ;
errorLogEntry->NumberOfStrings = 1 ;
insertionString = (PWSTR)((PCHAR)(errorLogEntry) +
errorLogEntry->StringOffset) ;
RtlMoveMemory (insertionString, uniErrorString.Buffer,
uniErrorString.Length) ;
*(PWSTR)((PCHAR)insertionString + uniErrorString.Length) = L’\0’ ;
RtlCopyMemory(
&errorLogEntry->DumpData[0],
&driverObject,
sizeof(DRIVER_OBJECT));
IoWriteErrorLogEntry (errorLogEntry) ;
result=0;
}
return result;
}
// —
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of I?aki Castillo
Sent: Tuesday, March 28, 2000 9:30 AM
To: File Systems Developers
Subject: [ntfsd] Re: Problems with error logging…
Follows a piece of actual code that do work, used from a driver:
(I hope this helps !)
MyEventLog( PDRIVER_OBJECT driverObject, int code, int status, PWSTR string
)
{
PIO_ERROR_LOG_PACKET errorLogEntry ;
UNICODE_STRING uniErrorString ;
PWCHAR insertionString ;
int i, result=-1;
RtlInitUnicodeString (&uniErrorString, string) ;
errorLogEntry = IoAllocateErrorLogEntry( driverObject, (UCHAR)(sizeof
(IO_ERROR_LOG_PACKET)+ uniErrorString.Length+sizeof (WCHAR))) ;
if (errorLogEntry)
{
errorLogEntry->ErrorCode = code;
errorLogEntry->SequenceNumber = 0;
errorLogEntry->MajorFunctionCode = 0 ;
errorLogEntry->RetryCount = 0;
errorLogEntry->UniqueErrorValue = 0;
errorLogEntry->FinalStatus = status;
errorLogEntry->DumpDataSize = 0;
errorLogEntry->StringOffset = sizeof
(IO_ERROR_LOG_PACKET) ;
errorLogEntry->NumberOfStrings = 1 ;
insertionString = (PWSTR)((PCHAR)(errorLogEntry) +
errorLogEntry->StringOffset) ;
RtlMoveMemory (insertionString, uniErrorString.Buffer,
uniErrorString.Length) ;
*(PWSTR)((PCHAR)insertionString + uniErrorString.Length) = L’\0’ ;
IoWriteErrorLogEntry (errorLogEntry) ;
result=0;
}
return result;
}
-----Original Message-----
From: Anton S. Yemelyanov
Sent: martes 28 de marzo de 2000 15:20
To: File Systems Developers
Subject: [ntfsd] Re: Problems with error logging…
Hello again,
Thanks for the fast feedback.
I am not registering my driver as an event log resource… I am trying to
output only the binary data for now. I have not build the binary with
event
messages embeded in the code… I guess this is something I will be
trying
this evening, however I am still curious why this code doesn’t work.
Consider a simple driver with a dummy driver entry which contains only the
code I have posted before… What might be missing?..
As far as the device being a named object, I did the following:
RtlInitUnicodeString(&uszDriverString, L"\Device\asytest");
ntStatus = IoCreateDevice(DriverObject,
sizeof(DEVICE_EXTENSION),
&uszDriverString,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&pDeviceObject);
And tried logging using DriverObject and pDeviceObject… Same result…
No
log entries…
Anton S. Yemelyanov
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Girish Kumar
Sent: Tuesday, March 28, 2000 7:14 AM
To: File Systems Developers
Subject: [ntfsd] Re: Problems with error logging…
thats fine…
but I’m not aware of the fact that which method of
Logging Anton is using…
one by using event log dll the other by embedding
messages into binary data…The questions where put
to give hints in genral…and are not the steps…to
be followed…
Anton should respond…
Girish
— I?aki_Castillo wrote:
> > Actually, to save only bynary data, it is not
> > necessary to register as event
> > log resource.
> > The problem is that you will not be able to see
> > strings.
> >
> >
> > > -----Original Message-----
> > > From: Girish Kumar
> > > Sent: martes 28 de marzo de 2000 13:48
> > > To: File Systems Developers
> > > Subject: [ntfsd] Re: Problems with error
> > logging…
> > >
> > > Hi Anton,
> > >
> > > I have some questions for you and those me give
> > some
> > > hints to you.
> > >
> > > 1) Have registered your driver as event logger in
> > the
> > > System registry ?
> > > 2) Have you build your binary with event messages
> > > emebeded into the binary code ?
> > >
> > > If you have any doubt ? reply
> > >
> > > Girish
> > >
> > >
> > >
> > > — “Anton S. Yemelyanov”
> > wrote:
> > > > Hello Everyone,
> > > >
> > > > I seem to be missing something when trying to
> > log
> > > > errors from the driver and
> > > > was wondering if you might give me a hint. Code
> > > > below illustrates my calls
> > > > to the IoWriteErrorLogEntry(), however while
> > > > everything seems to work fine,
> > > > I am unable to see any entries in the Computer
> > > > Management\System Tools\Event
> > > > Viewer\System. Is this the place I should be
> > looking
> > > > at for logs?
> > > >
> > > > Thanks,
> > > >
> > > > Anton S. Yemelyanov
> > > >
> > > > —
> > > >
> > > > PIO_ERROR_LOG_PACKET errorLogEntry;
> > > >
> > > > errorLogEntry = (PIO_ERROR_LOG_PACKET)
> > > >
> > > > IoAllocateErrorLogEntry(
> > > > DeviceObject,
> > > >
> > > > (UCHAR)(sizeof(IO_ERROR_LOG_PACKET)
> > > > + sizeof(DEVICE_OBJECT))
> > > > );
> > > >
> > > > if (errorLogEntry != NULL)
> > > > {
> > > > errorLogEntry->ErrorCode =
> > STATUS_SUCESS;
> > > > errorLogEntry->UniqueErrorValue = 0;
> > > > errorLogEntry->FinalStatus =
> > > > IO_ERR_INTERNAL_ERROR;
> > > >
> > > > RtlCopyMemory(
> > > > &errorLogEntry->DumpData[0],
> > > > &DeviceObject,
> > > > sizeof(DEVICE_OBJECT));
> > > >
> > > > errorLogEntry->DumpDataSize =
> > > > sizeof(DEVICE_OBJECT);
> > > > IoWriteErrorLogEntry(errorLogEntry);
> > > > }
> > > >
> > > >
> > > >
> > > > —
> > > > You are currently subscribed to ntfsd as:
> > > > xxxxx@yahoo.com
> > > > To unsubscribe send a blank email to
> > > > $subst(‘Email.Unsub’)
> > > >
> > > >
> > >
> > >
> > > Do You Yahoo!?
> > > Talk to your friends online with Yahoo! Messenger.
> > > http://im.yahoo.com
> > >
> > > —
> > > You are currently subscribed to ntfsd as:
> > xxxxx@pandasoftware.es
> > > To unsubscribe send a blank email to
> > $subst(‘Email.Unsub’)
> >
> > —
> > You are currently subscribed to ntfsd as:
> > xxxxx@yahoo.com
> > To unsubscribe send a blank email to
> > $subst(‘Email.Unsub’)
> >
> >
>
>
> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com
>
> —
> You are currently subscribed to ntfsd as: xxxxx@GenesisFX.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@pandasoftware.es
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
—
You are currently subscribed to ntfsd as: xxxxx@GenesisFX.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)