1. Create a message file (.mc) that defines the events and their messages. For more information about message files, see . For this example, the message file, Sample.mc, contains the following text.

    ; // ***** sample.mc *****
   
   ; // This is the header.
   
   MessageIdTypedef=DWORD
   
   SeverityNames=(Success=0x0:STATUS_SEVERITY_SUCCESS
       Informational=0x1:STATUS_SEVERITY_INFORMATIONAL
       Warning=0x2:STATUS_SEVERITY_WARNING
       Error=0x3:STATUS_SEVERITY_ERROR
       )
   
   
   FacilityNames=(System=0x0:FACILITY_SYSTEM
       Runtime=0x2:FACILITY_RUNTIME
       Stubs=0x3:FACILITY_STUBS
       Io=0x4:FACILITY_IO_ERROR_CODE
   )
   
   LanguageNames=(English=0x409:MSG00409)
   
   ; // The following are message definitions.
   
   MessageId=0x1
   Severity=Error
   Facility=Runtime
   SymbolicName=MSG_BAD_COMMAND
   Language=English
   You have chosen an incorrect command: %1.
   
   
   

   The %1 is an insertion string placeholder. The %1 is replaced by the string in the szMsg variable passed to function.

2. Compile the message file with the tool. The following command can be used to compile the Sample.mc file: mc -U sample.mc

   The message compiler generates the following files: Sample.h, Sample.rc, MSG00001.bin, and MSG00002.bin. Sample.h contains the message definitions. Sample.rc defines MSG00001.bin and MSG00002.bin as resources that contain messages in the two languages. The generated header file contains the following text.

    //
   // Define the facility codes.
   //
   #define FACILITY_SYSTEM                  0x0
   #define FACILITY_STUBS                   0x3
   #define FACILITY_RUNTIME                 0x2
   #define FACILITY_IO_ERROR_CODE           0x4
   
   
   //
   // Define the severity codes.
   //
   #define STATUS_SEVERITY_WARNING          0x2
   #define STATUS_SEVERITY_SUCCESS          0x0
   #define STATUS_SEVERITY_INFORMATIONAL    0x1
   #define STATUS_SEVERITY_ERROR            0x3
   
   
   //
   // MessageId: MSG_BAD_COMMAND
   //
   // MessageText:
   //
   //  You have chosen an incorrect command: %1.
   //
   #define MSG_BAD_COMMAND                  ((DWORD)0xC0020001L)

3. Build the resource files with the tool. The following command builds the resource strings: rc -r sample.rc
4. Link the resource file to a DLL. The DLL file will contain the event messages. The following command line links the sample.res file to the eventSource.dll file: link -dll -noentry -out:%SYSTEMROOT%\System32\eventSource.dllsample.res

   Note  The link command can be run from a Visual Studio Command Prompt tool.

5. Add an event source name to the registry. For more information, see . When you add the event source to the registry, specify the location of the DLL file created in Step 4.

After you have added a source name to the registry, use the function to get a handle to the Application event log. The following code example obtains the handle and then adds an error event to the log using the ReportEvent function.

#include 
#include 

#include "sample.h"

void __cdecl wmain(int argc, LPWSTR *argv)
{
    wchar_t *logName = L"Application";               // The event log name.
    wchar_t *sourceName = L"SampleEventSourceName";  // The event source name.
    DWORD dwEventID = MSG_BAD_COMMAND;               // The event identifier.
    WORD cInserts = 1;                               // The count of insert strings.
    LPCWSTR szMsg = L"insertString";                 // The insert strings.

    HANDLE h; 

    // Get a handle to the event log.
    h = RegisterEventSource(NULL,  // Use local computer. 
            sourceName);           // Event source name. 
    if (h == NULL) 
    {
        printf("Cannot register the event source."); 
        return;
    }

    // Report the event.
 
    if (!ReportEvent(h,           // Event log handle. 
            EVENTLOG_ERROR_TYPE,  // Event type. 
            NULL,                 // Event category.  
            dwEventID,            // Event identifier. 
            NULL,                 // No user security identifier. 
            cInserts,             // Number of substitution strings. 
            0,                    // No data. 
            &szMsg,               // Pointer to strings. 
            NULL))                // No data. 
    {
        printf("Cannot report the event."); 
    }
 
    DeregisterEventSource(h); 
    return;
}

未完，待续...