Announcement

**Fred Oxenby** · 17 Oct 2001, 01:49 PM

stop
writing to nt-eventlog is rather straight forward.
this is some old vb4 code from msdn
I have never bothered to do it in PB.
Use my own eventlog......

Code:

      Declare Function RegisterEventSource Lib "advapi32.dll" Alias _
        "RegisterEventSourceA" ( ByVal lpUNCServerName As String, _
        ByVal lpSourceName As String) As Long
      Declare Function DeregisterEventSource Lib "advapi32.dll" ( _
        ByVal hEventLog As Long) As Long
      Declare Function ReportEvent Lib "advapi32.dll" Alias  _
      "ReportEventA" (
        ByVal hEventLog As Long, ByVal wType As Integer, _
        ByVal wCategory As Integer, ByVal dwEventID As Long, _
        ByVal lpUserSid As Any, ByVal wNumStrings As Integer, _
        ByVal dwDataSize As Long, plpStrings As Long, _
        lpRawData As Any) As Boolean
      Declare Function GetLastError Lib "kernel32" () As Long
      Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" ( _
        hpvDest As Any,hpvSource As Any, _
        ByVal cbCopy As Long)
      Declare Function GlobalAlloc Lib "kernel32" ( _
         ByVal wFlags As Long, _
         ByVal dwBytes As Long) As Long
      Declare Function GlobalFree Lib "kernel32" ( _
         ByVal hMem As Long) As Long

      Public Const EVENTLOG_SUCCESS = 0
      Public Const EVENTLOG_ERROR_TYPE = 1
      Public Const EVENTLOG_WARNING_TYPE = 2
      Public Const EVENTLOG_INFORMATION_TYPE = 4
      Public Const EVENTLOG_AUDIT_SUCCESS = 8
      Public Const EVENTLOG_AUDIT_FAILURE = 10

      Public Sub LogNTEvent(sString As String, iLogType As Integer, _
        iEventID As Long)
        Dim bRC As Boolean
        Dim iNumStrings As Integer
        Dim hEventLog As Long
        Dim hMsgs As Long
        Dim cbStringSize As Long
        hEventLog = RegisterEventSource("", App.Title)
        cbStringSize = Len(sString) + 1
        hMsgs = GlobalAlloc(&H40, cbStringSize)
        CopyMemory ByVal hMsgs, ByVal sString, cbStringSize
        iNumStrings = 1
        If ReportEvent(hEventLog, _
           iLogType, 0, _
           iEventID, 0&, _
           iNumStrings, cbStringSize, _
           hMsgs,hMsgs) = 0 Then
           MsgBox GetLastError()
        End If
        Call GlobalFree(hMsgs)
        DeregisterEventSource (hEventLog)
      End Sub

      Sub Main()
        Call LogNTEvent("Information from " & App.EXEName, _
          EVENTLOG_INFORMATION_TYPE, 1001)
        Call LogNTEvent("Warning from " & App.EXEName, _
          EVENTLOG_WARNING_TYPE, 1002)
        Call LogNTEvent("Error from " & App.EXEName, _
          EVENTLOG_ERROR_TYPE, 1003)
        Msgbox "Done"
      End Sub

------------------
Fred
mailto:[email protected][email protected]</A>
http://www.oxenby.se

**Guest** · 17 Oct 2001, 01:56 PM

Scott, you only need to pass the binary data (must be less than 8kb). There is no need for an EVENTLOGRECORD. make sure the 7th parameter indicates the length of the binary data.

You might want to copy all the strings for parameter #7 and the binary data for parameter #9 into byte arrays. Just ensure you have the null terminator between the strings for param #7.

**Scott Turchin** · 17 Oct 2001, 06:21 PM

Huh?

The byte array is the problem, that binary data gets messy at this point...
I have that VB code actually ported over, but it returns an error:

I am not very good with that movememory stuff, I know it sorta makes mashed potatoes out of something so that Windows can eat it...

Code:

The description for Event ID ( 1776 ) in Source ( Application ) cannot be found. 
The local computer may not have the necessary registry information or message DLL 
files to display messages from a remote computer. 
The following information is part of the event: PB/DLL Test.

0000: f8 7a 13 00 98 69 13 00   øz..˜i..
0008: 00 00 00 00 00            .....

------------------
Scott Turchin
MCSE, MCP+I
Computer Creations Software
http://www.tngbbs.com/ccs

**Scott Turchin** · 17 Oct 2001, 06:23 PM

This is the code to make above m entioned mashed potatoes:

Code:

'------------------------------------------------------------------------------------------
#Compile Exe
#Include "Win32api.inc"

Declare Function CopyMemoryPB(ByVal lpDest As Dword,ByVal lpSource As Dword,ByVal cbLength As Long) As Long
Declare Function WriteEvents(sString As String, _
                         iLogType As Integer, _
                         iEventID As Long, _
                         sApp As String) As Long

Function PbMain() As Long
Local EventID As Long
EventID = 1776
WriteEvents "PB/DLL Test",%EVENTLOG_INFORMATION_TYPE,EventId,"Application"
End Function
'------------------------------------------------------------------------------------------
Function WriteEvents(sString As String, _
                     iLogType As Integer, _
                     iEventID As Long, _
                     sApp As String) As Long
Local bRC As Integer
Local iNumStrings As Integer
Local hEventLog As Long
Local hMsgs As Long
Local cbStringSize As Long
'WriteEvents "PB/DLL Test",0,1,"Application"
sString = sString & Chr$(0)
hEventLog = RegisterEventSource("", ByVal StrPtr(sApp))
cbStringSize = Len(sString) + 1
hMsgs = GlobalAlloc(&H40, cbStringSize)
MoveMemory ByVal hMsgs, ByVal StrPtr(sString), cbStringSize
iNumStrings = Tally(sString,$CRLF)
If IsFalse iNumStrings Then iNumStrings = 1

If IsFalse ReportEvent(hEventLog, _
                       iLogType, _
                       1, _
                       iEventID, _
                       ByVal %NULL,_
                       iNumStrings, _
                       cbStringSize, _
                       hMsgs, _
                       hMsgs) Then
'   Function = GetLastError()
   Function = %FALSE
Else
   Function = %TRUE
End If
GlobalFree hMsgs
DeregisterEventSource hEventLog
End Function

------------------
Scott Turchin
MCSE, MCP+I
Computer Creations Software
http://www.tngbbs.com/ccs

**Guest** · 17 Oct 2001, 11:26 PM

Is that an error you get when reading the event with eventvwr? It looks like the event DLL does not have an entry under the eventlog service.

as far as the byte array goes, all the event log needs is a pointer to some data for the binary data (last parameter of ReportEvent). It doeesn't matter what type of data that buffer is. Asciiz strings work well for the string array( pointed to by parameter 8). I was just stating a byte array could work ok for that data as well.
Here's one of my eventlog DLL registry entries:

Code:

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\UComm]
"EventMessageFile"="%SystemRoot%\\System32\\UCommSvc.dll"
"TypesSupported"=dword:00000007
"CategoryMessageFile"="%SystemRoot%\\System32\\UCommSvc.dll"
"CategoryCount"=dword:00000002

**Guest** · 17 Oct 2001, 11:44 PM

Scott, both your example and the VB example Fred posted show parameters 8 and 9 use the same pointer. Parameter 8 should point to asciiz data while parameter 9 would normally be used to point at binary (different) data or should be NULL.

Here's some PB code for a simple eventlogger (no binary data).

Code:

Sub PrintEvent( zText As Asciiz Ptr, EventType As Long, ErrorClass As Long )
  Local hEvtSource  As Long
  Local lNumStrings As Long 
 
  hEvtSource = RegisterEventSource("", "MyAppName")
  lNumStrings = 1&
  If IsTrue(hEvtSource) Then
    ReportEvent ByVal hEvtSource, _
                ByVal EventType, _
                ByVal 0&, _
                ByVal ErrorClass, _
                ByVal 0&, _
                ByVal lNumStrings, _
                ByVal 0&, _
                VarPtr(@zText), _
                ByVal 0&
    DeregisterEventSource hEvtSource
  End If
End Sub

[This message has been edited by Ron Pierce (edited October 18, 2001).]

**Scott Turchin** · 18 Oct 2001, 08:33 AM

Hmmm, your code does the same thing my code did....
This is what is returned from it, see code below, SLIGHTLY modified..

The description for Event ID ( 1705 ) in Source ( MyAppName ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: This is a PowerBasic test..

'
'
'

Code:

Local EventText As Asciiz * 255
EventText = "This is a PowerBasic test."
WriteEvent ByVal VarPtr(EventText),%EVENTLOG_INFORMATION_TYPE,1705

End Function
'------------------------------------------------------------------------------------------------------------
Function WriteEvent( zText As Asciiz Ptr, EventType As Long, ErrorClass As Long ) As Long
  Local hEvtSource  As Long
  Local lNumStrings As Long

  hEvtSource = RegisterEventSource("", "MyAppName")
  lNumStrings = 1&
  If IsTrue(hEvtSource) Then
    ReportEvent ByVal hEvtSource, _
                ByVal EventType, _
                ByVal 0&, _
                ByVal ErrorClass, _
                ByVal 0&, _
                ByVal lNumStrings, _
                ByVal 0&, _
                VarPtr(@zText), _
                ByVal 0&
    DeregisterEventSource hEvtSource
  End If
End Function

------------------
Scott Turchin
MCSE, MCP+I
Computer Creations Software
http://www.tngbbs.com/ccs

**Per Fimmeland** · 18 Oct 2001, 10:11 AM

Scott,
It seems that Your WriteEvent Functions works OK, but to use
the eventlog with meaningful (error)messages it is neccesary to
supply a dll containing a MESSAGE recource, and refer to this dll
in the registry location mentioned in Ron's posting.

-p

------------------

**Scott Turchin** · 18 Oct 2001, 11:28 AM

Whoa...

OK I will go back to square 1 and take a look.
I will compile a DLL specifically with error messages to test, does the api use a LoadLibrary call to get to that stuff or do I have to do that and send the pointer to the string?

I think it's becoming more clear.

What fun!

Why could MS just not use a text file? IT would be so much easier..

------------------
Scott Turchin
MCSE, MCP+I
Computer Creations Software
http://www.tngbbs.com/ccs

**Fred Oxenby** · 18 Oct 2001, 12:13 PM

Scott, I sent u an article about read/write eventlog
from Visual C++ developer journal.
I am not sure I have your correct email-address.....

------------------
Fred
mailto:[email protected][email protected]</A>
http://www.oxenby.se

**Per Fimmeland** · 18 Oct 2001, 12:31 PM

Scott,

I tested the snippet You posted October 18, 2001 09:33 AM, and its
functioning OK. As stated before, You need a dll containing a MESSAGE recource

1. make a fielname.mc containing the messages you want to display in the event-log
2. Use the M$ MC compiler to compile the fielname.mc
3. Use the M$ RC compiler to compile the MSGxxxxxx.BIN produced by the MC
4. Make a .PBR
5. Include the .PBR in a DLL
6. Make registry entries referring to Your dll

?? clear as mud ?? )

-p

------------------

**Scott Turchin** · 18 Oct 2001, 12:47 PM

Yeah, why can't I just make a .RC file and put strings in it and then compile it to a PBR and do a LoadString?

Or maybe I don't even have to do a loadstring, but a .RC file should still work??

------------------
Scott Turchin
MCSE, MCP+I
Computer Creations Software
http://www.tngbbs.com/ccs

**Per Fimmeland** · 18 Oct 2001, 03:43 PM

You can't just put strings in the .RC cause the event-system expects the
strings as entries in a message-table.......

Se MSDN :

Code:

 Platform SDK
   Windows Base Services
      Debugging and Error Handling
         Event Logging
            About Event Logging
               Event Logging Elements
                  Message Files

-p

------------------

**Guest** · 18 Oct 2001, 06:34 PM

Scott, just emailed you a file (sinclair).
Ron

**Scott Turchin** · 18 Oct 2001, 07:23 PM

Thanks guys, got the files, Wayne I hope you are watching, this is going to take a few more days, got a busy weekend ahead!

Thanks guys!!

Scott

------------------
Scott Turchin
MCSE, MCP+I
Computer Creations Software
http://www.tngbbs.com/ccs

Announcement

Two Questions

Two Questions

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment