Chinaunix首页 | 论坛 | 博客
  • 博客访问: 744387
  • 博文数量: 128
  • 博客积分: 7079
  • 博客等级: 少将
  • 技术积分: 1326
  • 用 户 组: 普通用户
  • 注册时间: 2006-03-16 08:53
文章分类

全部博文(128)

文章存档

2011年(3)

2010年(12)

2009年(9)

2008年(23)

2007年(61)

2006年(20)

我的朋友

分类: WINDOWS

2007-09-19 17:10:09

                            Windows事件分析——生成事件
下面是MSDN中的描述:
Before you can log an event in an event log, you must first complete Steps from 1 through 5, as explained in the topic:
  1. Create a message file (.mc) that defines the events and their messages. For more information about message files, see . For this example, the message file, Sample.mc, contains the following text.
     ; // ***** sample.mc *****
    
    ; // This is the header.
    
    MessageIdTypedef=DWORD
    
    SeverityNames=(Success=0x0:STATUS_SEVERITY_SUCCESS
        Informational=0x1:STATUS_SEVERITY_INFORMATIONAL
        Warning=0x2:STATUS_SEVERITY_WARNING
        Error=0x3:STATUS_SEVERITY_ERROR
        )
    
    
    FacilityNames=(System=0x0:FACILITY_SYSTEM
        Runtime=0x2:FACILITY_RUNTIME
        Stubs=0x3:FACILITY_STUBS
        Io=0x4:FACILITY_IO_ERROR_CODE
    )
    
    LanguageNames=(English=0x409:MSG00409)
    
    ; // The following are message definitions.
    
    MessageId=0x1
    Severity=Error
    Facility=Runtime
    SymbolicName=MSG_BAD_COMMAND
    Language=English
    You have chosen an incorrect command: %1.
    
    
    

    The %1 is an insertion string placeholder. The %1 is replaced by the string in the szMsg variable passed to function.

  2. Compile the message file with the tool. The following command can be used to compile the Sample.mc file: mc -U sample.mc

    The message compiler generates the following files: Sample.h, Sample.rc, MSG00001.bin, and MSG00002.bin. Sample.h contains the message definitions. Sample.rc defines MSG00001.bin and MSG00002.bin as resources that contain messages in the two languages. The generated header file contains the following text.

     //
    // Define the facility codes.
    //
    #define FACILITY_SYSTEM                  0x0
    #define FACILITY_STUBS                   0x3
    #define FACILITY_RUNTIME                 0x2
    #define FACILITY_IO_ERROR_CODE           0x4
    
    
    //
    // Define the severity codes.
    //
    #define STATUS_SEVERITY_WARNING          0x2
    #define STATUS_SEVERITY_SUCCESS          0x0
    #define STATUS_SEVERITY_INFORMATIONAL    0x1
    #define STATUS_SEVERITY_ERROR            0x3
    
    
    //
    // MessageId: MSG_BAD_COMMAND
    //
    // MessageText:
    //
    //  You have chosen an incorrect command: %1.
    //
    #define MSG_BAD_COMMAND                  ((DWORD)0xC0020001L)
  3. Build the resource files with the tool. The following command builds the resource strings: rc -r sample.rc
  4. Link the resource file to a DLL. The DLL file will contain the event messages. The following command line links the sample.res file to the eventSource.dll file: link -dll -noentry -out:%SYSTEMROOT%\System32\eventSource.dllsample.res

    Note  The link command can be run from a Visual Studio Command Prompt tool.

  5. Add an event source name to the registry. For more information, see . When you add the event source to the registry, specify the location of the DLL file created in Step 4.

After you have added a source name to the registry, use the function to get a handle to the Application event log. The following code example obtains the handle and then adds an error event to the log using the ReportEvent function.

 
#include 
#include 

#include "sample.h"

void __cdecl wmain(int argc, LPWSTR *argv)
{
    wchar_t *logName = L"Application";               // The event log name.
    wchar_t *sourceName = L"SampleEventSourceName";  // The event source name.
    DWORD dwEventID = MSG_BAD_COMMAND;               // The event identifier.
    WORD cInserts = 1;                               // The count of insert strings.
    LPCWSTR szMsg = L"insertString";                 // The insert strings.

    HANDLE h; 

    // Get a handle to the event log.
    h = RegisterEventSource(NULL,  // Use local computer. 
            sourceName);           // Event source name. 
    if (h == NULL) 
    {
        printf("Cannot register the event source."); 
        return;
    }

    // Report the event.
 
    if (!ReportEvent(h,           // Event log handle. 
            EVENTLOG_ERROR_TYPE,  // Event type. 
            NULL,                 // Event category.  
            dwEventID,            // Event identifier. 
            NULL,                 // No user security identifier. 
            cInserts,             // Number of substitution strings. 
            0,                    // No data. 
            &szMsg,               // Pointer to strings. 
            NULL))                // No data. 
    {
        printf("Cannot report the event."); 
    }
 
    DeregisterEventSource(h); 
    return;
}
未完,待续...
阅读(1645) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~