The driver in question was built based on the tracedrv example:
WINDDK\6001.18001\src\general\tracedrv
But those events appear to end up in the Event Log (the tester did not
record any Trace Log). I agree with you, it would be nice if I had an
MC file. Life would be easier.
Unfortunately, I don't, and it isn't. :-(
So back to the question: Does anyone know how I can turn those Event
Viewer entries into readable text?
Thanks,
-- Steve G.
On Feb 12, 12:06*pm, "Doron Holan [MSFT]"
<doron.ho...@online.microsoft.com> wrote:
> unless wpp is doing something I am not aware of, you are mixing and matching
> two different things.
> 1 you need to use an MC file to create the desriptions
> 2 you need to compile the mc file as a resource in your driver
> 3 you need to add the right registry keys/values so that the event viewer
> knows where to find your actual sys file so it can extract the compiled MC
> resource in it and then find the right message string
>
> the simplest wdk sample is probably mouser, src\input\mouser
> a) sermlog.mc is included in the sources file, so is mouser.rc
> b) mouser.rc includes sermlog.rc *(which is autogenerated in $(O) when you
> build and contains the compiled MC resource)
> c) %windir%\inf\msmouse.inf contains the directives to add the values to the
> registry
>
> [Ser_Inst.Services]
> AddService = sermouse, 0x00000002, sermouse_Service_Inst,
> sermouse_EventLog_Inst ; Port Driver
>
> * * * * * * * * * * * * * * * * * * ^^^^^^
>
> [sermouse_EventLog_Inst]
> AddReg = sermouse_EventLog_AddReg
>
> [sermouse_EventLog_AddReg]
> HKR,,EventMessageFile,0x00020000,"%%SystemRoot%%\S ystem32\IoLogMsg.dll;%%SystemRoot%%\System32\drive rs\sermouse.sys"
> <-- you would put your driver name here
> HKR,,TypesSupported,0x00010001,7
>
> d
>
> --
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "GeodeLX" <Steve.Goodr...@gmail.com> wrote in message
>
> news:56aab722-8894-4c3b-b8be-...
>
> > I知 working on a Windows XP device driver which contains WPP event
> > tracing calls. *NOTE: I can move it to Windows Server 2003 if it would
> > make any difference.
>
> > In addition to source code, I also have:
> > * * * * * *Driver binary (driver.sys)
> > * * * * * *Driver debug symbols (driver.pdb)
> > * * * * * *Driver Trace Message Format file (driver.tmf)
> > * * * * * *The appropriate DDK (WINDDK 6001.18001) installed on my
> > development system.
>
> > I also have a System Event Log file (*.evt) suitable for viewing in
> > Event Viewer, and this file is supposed to contain events from my
> > driver.
>
> > I知 trying to view the event log so I can see what went wrong with the
> > driver. *Unfortunately, Event Viewer doesn稚 have details for the
> > events I知 most interested in. *When I view one of those events, the
> > Description of the event reads:
>
> > "The description for Event ID ( XX ) in Source ( YYYY ) cannot be
> > found. The local computer may not have the necessary registry
> > information or message DLL files to display messages from a remote
> > computer. You may be able to use the /AUXSOURCE= flag to retrieve this
> > description; see Help and Support for details. The following
> > information is part of the event: \Device\ZZZZZZZZ."
>
> > Does anyone know how I can turn those Event Viewer entries into
> > readable text? *My reading shows that I should be using tracelog (and
> > tracefmt, tracepdb, TraceView, etc.), but those appear to work only
> > with Trace Log (*.etl) files. *I知 not tied to using Event Viewer; I壇
> > be content to find any way to view these events in human-readable
> > form.
>
> > Again, I have *.tmf and *.mof files; I nave no *.mc file. *If I did, I
> > could build a resource DLL and have Event Viewer decode the entries
> > for me.
>
> > Does anyone have a suggestion/solution for this? *Anything at all?
>
> > Thanks for any help you can provide!
> > * *-- Steve G.
|
Similar Threads
Linear Mode
