Hi Joze,
Long back I did the same research (in NT 4.0).
FYI, I pasted my query below.
HTH…
Hi !
I’m logging events from my Kernel Mode Device Driver, for
that, i used IoAllocateErrorLogEntry() &
IoWriteErrorLogEntry() functions…
I’m not using any DumpInfo, but, using “Insertion String
1”…
Practically i can’t log more than 40 WIDE characters in
the Insertion String Field…
But, my theoritical calculation says that we can log even
more…
Can u tell me what is wrong in this ?
pl find below the function i used…
earlier, for the symbolic contant EVENTLOG_MSG_ARR_SIZE ,
i assigned a value 50…that wasn’t working…
/**********************************************************
*
* Function : SstReportEvent
*
* Description: Uses the input parameters to send a
message to the Event Log
* found in the Administrative Tools Section
of Windows NT.
*
*******************************************************/
LONG
SstReportEvent(
IN PVOID pIoObject,
IN NTSTATUS MsgCode,
IN CHAR *p_c_ArgString
)
{
PIO_ERROR_LOG_PACKET pPacket;
UCHAR uc_Size;
WCHAR arr_wd_EventLogMsg
[EVENTLOG_MSG_ARR_SIZE];
/* this EVENTLOG_MSG_ARR_SIZE equals 41 */
if (pIoObject == NULL ||
p_c_ArgString == NULL)
return -1;
if ( strlen(p_c_ArgString) <= 0 ||
strlen(p_c_ArgString) >=
EVENTLOG_MSG_ARR_SIZE )
return -2;
swprintf(
arr_wd_EventLogMsg,
L"%S",
p_c_ArgString
);
uc_Size =
sizeof(IO_ERROR_LOG_PACKET) +
((wcslen(arr_wd_EventLogMsg) + 1)
* sizeof(WCHAR));
if (uc_Size >= ERROR_LOG_MAXIMUM_SIZE)
return -3;
// Try to allocate the packet
pPacket = IoAllocateErrorLogEntry(
pIoObject,
uc_Size
);
if (pPacket == NULL)
return -4;
// Fill in standard parts of the packet
pPacket->MajorFunctionCode = 0;
pPacket->RetryCount = 0;
pPacket->DumpDataSize = 0;
pPacket->EventCategory = 0;
pPacket->ErrorCode = MsgCode;
pPacket->UniqueErrorValue = 0;
pPacket->FinalStatus =
STATUS_SUCCESS;
pPacket->SequenceNumber = 0;
pPacket->IoControlCode = 0;
pPacket->DeviceOffset.QuadPart = 0;
pPacket->NumberOfStrings = 1;
pPacket->StringOffset =
FIELD_OFFSET(IO_ERROR_LOG_PACKET, DumpData) ;
RtlCopyMemory(
(PWSTR) ( &pPacket->DumpData[0] ),
arr_wd_EventLogMsg,
uc_Size - sizeof(IO_ERROR_LOG_PACKET)
);
// Log the message
IoWriteErrorLogEntry(
pPacket
);
return 0;
} // Closing : “SstReportEvent(…)”
Thanks,
Sathya
===================================
Knowledge, Skill and desire will lead to SUCCESS.
-----Original Message-----
From: Joze Fabcic [mailto:xxxxx@hermes.si]
Sent: Monday, June 09, 2003 5:27 PM
Subject: IoWriteErrorLogEntry passes at most 52 characters?
Hi all,
I’d like to verify my understanding.
I’ve implemented writing to event log using IoAllocateErrorLogEntry and
IoWriteErrorLogEntry. I’d like to pass many characters from a driver to
the
log at a time. After I’d read DDK and some other docs, I arrived to the
following computation:
nWchars = ((ERROR_LOG_MAXIMUM_SIZE - sizeof(IO_ERROR_LOG_PACKET))
& ~3) / sizeof(WCHAR);
//< available bytes (ERROR_LOG_MAXIMUM_SIZE -
sizeof(IO_ERROR_LOG_PACKET))
//< rounded down to LONG boundary (& ~3),
//< converted to WCHARS (/ sizeof(WCHAR))
This gives a total of 52 wide characters (including terminating nulls)
that
can be passed as insertion strings. I’d prefer to have a higher limit.
Are
my computations correct?
Joze