Hi,
I have a doubt in kernel Event logging mechanism. I have a driver, from which I am logging some events to the Windows event log. My MC file declaration is like this:
MessageId=0x000E Facility=MyDriver Severity=Error SymbolicName = DRV_INIT_ERR
Language=English
[%2]: MYDRIVER - MyInit Failed, Error Code = %3.
I want to put process Id in place of %2 and NTSTATUS at %3. For this purpose, I put them as string information and copied to the DumpData field of IO_ERROR_LOG_PACKET. Other than these string information, I have no binary data to be logged. So, the DumpDataSize is set to 0.
But, when I check the event log from my driver, the event viewer dialog box is showing some data in the lower part of the dialog box (ie the lower part where byte, word formats possible). It seems to be the message Id from the mc file and a dozen of zeros!!! But for some other events, logged by system components and virus scanners, that part is showing blank.
Is this behavior expected? I thought, that part is showing the DumpData, excluding the string data. But as far as I am not logging any binary data, that part must be blank. How can I make this area of the event blank? I have checked books including OSR and Walter Oney and other DDK docs and samples, but I couldn’t find this much detail. So I am not able to explain my customer the meaning of this binary data.
(OS: Win 2k, Win XP, Win 2003 Server)
Thanks and regards
Praveen
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.