StartService(): How to suppress event log message

Hi,

When ever I do this

StartService (schService, 0, NULL );

I get a entry in the event log. I am using this call to load a driver dynamically. I was hoping (1) A option to the call StartService() which will prevent eventlog or (2) A hack in the registry to prevent eventlog. There is a hack to prevent all eventlog. However I dont want to do that. I just want to stop mine making it to the eventlog all other events should continue to work. Please help

thanks
SK

Why do you not want the event?

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Wednesday, April 22, 2009 3:55 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] StartService(): How to suppress event log message

Hi,

When ever I do this

StartService (schService, 0, NULL );

I get a entry in the event log. I am using this call to load a driver dynamically. I was hoping (1) A option to the call StartService() which will prevent eventlog or (2) A hack in the registry to prevent eventlog. There is a hack to prevent all eventlog. However I dont want to do that. I just want to stop mine making it to the eventlog all other events should continue to work. Please help

thanks
SK


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Sorry I did not get your question completely. Let me clarify. Here is the sample code from the DDK sample:

************************
BOOLEAN
StartDriver(
__in SC_HANDLE SchSCManager,
__in LPCTSTR DriverName
)
{
SC_HANDLE schService;
DWORD err;

//
// Open the handle to the existing service.
//

schService = OpenService(SchSCManager,
DriverName,
SERVICE_ALL_ACCESS
);

if (schService == NULL) {

printf(“OpenService failed! Error = %d \n”, GetLastError());

//
// Indicate failure.
//

return FALSE;
}

//
// Start the execution of the service (i.e. start the driver).
//

if (!StartService(schService, // service identifier
0, // number of arguments
NULL // pointer to arguments
)) {
**************
When I do the above call a message following message get logged in the eventlog–> System :

The MyDriver service was successfully sent a start control.

I want to prevent the above event log entry.

thanks for the prompt reply
SK

xxxxx@gmail.com wrote:

Sorry I did not get your question completely. Let me clarify. Here is the sample code from the DDK sample:

When I do the above call a message following message get logged in the eventlog–> System :

The MyDriver service was successfully sent a start control.

I want to prevent the above event log entry.

Well, we do NOT want you to prevent that entry. As a system
administrator, I WANT all those service start messages in my log.

Why do you want to prevent it? Unless you are a virus writer, I can
think of no legitimate reasons to do so.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Repeating Doron’s question: why do you want to not log the event?

It is not your job. Event log is there to allow user to see important
events as loading drivers and services. Only user/admin can decide to
log some events. Your request is suspicious; malware would need
something like this.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Thursday, April 23, 2009 1:21 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] StartService(): How to suppress event log message

Sorry I did not get your question completely. Let me clarify.
Here is the sample code from the DDK sample:

************************
BOOLEAN
StartDriver(
__in SC_HANDLE SchSCManager,
__in LPCTSTR DriverName
)
{
SC_HANDLE schService;
DWORD err;

//
// Open the handle to the existing service.
//

schService = OpenService(SchSCManager,
DriverName,
SERVICE_ALL_ACCESS
);

if (schService == NULL) {

printf(“OpenService failed! Error = %d \n”, GetLastError());

//
// Indicate failure.
//

return FALSE;
}

//
// Start the execution of the service (i.e. start the driver).
//

if (!StartService(schService, // service identifier
0, // number of arguments
NULL // pointer to arguments
)) {
**************
When I do the above call a message following message get
logged in the eventlog–> System :

The MyDriver service was successfully sent a start control.

I want to prevent the above event log entry.

thanks for the prompt reply
SK


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online
at http://www.osronline.com/page.cfm?name=ListServer

This driver dumps the PCI config space register and I poll the register at some interval. So everytime I do that I get an entry. Thus I flood the eventlog with my entries. I want to see only the genuine entries only. My entries clutters the log file.
thanks
SK

xxxxx@gmail.com wrote:

This driver dumps the PCI config space register and I poll the register at some interval.

What’s the point of that? PCI configuration space rarely changes during
normal operation.

So everytime I do that I get an entry. Thus I flood the eventlog with my entries. I want to see only the genuine entries only. My entries clutters the log file.

It’s not like those log file entries cost you anything. If you are
polling more often than once a minute, then perhaps you should change
your design so that you load the driver service and leave it running,
rather than starting and stopping each time.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

You should not be mucking with the PCI config space register period. Sorry,
but the PCI bus driver own that, and having seen what stupid drivers like
yours can do to a well running system, get rid of your driver. If you want
to colled that data create a bus filter for the PCI bus driver, buit what
you have is crap.


Don Burn (MVP, Windows DDK)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

wrote in message news:xxxxx@ntdev…
> This driver dumps the PCI config space register and I poll the register at
> some interval. So everytime I do that I get an entry. Thus I flood the
> eventlog with my entries. I want to see only the genuine entries only. My
> entries clutters the log file.
> thanks
> SK
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 4029 (20090422)

>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>

Information from ESET NOD32 Antivirus, version of virus signature database 4029 (20090422)

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

> The MyDriver service was successfully sent a start control.

I want to prevent the above event log entry.

Impossible.

This is written to the log by SC itself.


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

>Thus I flood the eventlog with my entries.

Not bad at all. Vista+ has interesting filtering features in Event Viewer, BTW.

Also, I would leave the driver loaded forever, it is tiny anyway.


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com