rc -r resourceFileName.rc編譯完後會產生一個 .res 檔案。
四.連結resource file 至 DLL。
link -dll -noentry -out:%SYSTEMROOT%\System32\dllFileName.dll resourceFileName.rc編譯完後會在System32目錄下產生一個 .dll 檔案。
五.把這個event source名稱加到registry中。
#include <windows.h>
#include <iostream>
#include <string>
#include "stdafx.h"
using namespace std;
/**
* This AP is used for add a event source to the Windows System Registry
*/
int main() {
// event log file name in the registry
const char *logName = "Application";
// custom event source name
const char *sourceName = "CustomEvent";
// dll location that contains the custom event message (descriptions)
const char *dllName = "C:\\WINDOWS\\SYSTEM32\\LogMsg.dll";
// number of categories for the event source
DWORD dwCategoryNum = 1;
HKEY hk;
DWORD dwData, dwDisp;
// registry path
string registryPath = "SYSTEM\\CurrentControlSet\\Services\\EventLog\\";
registryPath.append(logName);
registryPath.append("\\");
registryPath.append(sourceName);
// create registry key
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE, registryPath.c_str(), 0, NULL,
REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hk, &dwDisp))
{
cout << "Could Not Create The Registry key." << endl;
return 0;
}
/* The final registried message file will locate as follows:
HKEY_LOCAL_MACHINE
SYSTEM
CurrentControlSet
Services
EventLog
Application
CustomEvent
*/
// set the name of the message file.
if(RegSetValueEx(hk, // subkey handle
"EventMessageFile", // value name
0, // must be zero
REG_EXPAND_SZ, // value type
(LPBYTE)dllName, // pointer to value data
(DWORD)(lstrlen(dllName) + 1) * sizeof(TCHAR) // data size
))
{
cout << "Could Not Set The Event Message File." << endl;
RegCloseKey(hk);
return 0;
}
// set the supported event types.
dwData = EVENTLOG_ERROR_TYPE | EVENTLOG_WARNING_TYPE |
EVENTLOG_INFORMATION_TYPE;
if(RegSetValueEx(hk, // subkey handle
"TypesSupported", // value name
0, // must be zero
REG_DWORD, // value type
(LPBYTE)&dwData, // pointer to value data
sizeof(DWORD) // length of value data
))
{
cout << "Could Not Set The Supported Types." << endl;
RegCloseKey(hk);
return 0;
}
// set the category message file and number of categories.
if(RegSetValueEx(hk, // subkey handle
"CategoryMessageFile", // valuse name
0, // must be zero
REG_EXPAND_SZ, // value type
(LPBYTE)dllName, // pointer to value data
(DWORD)(lstrlen(dllName) + 1) * sizeof(TCHAR) // data size
))
{
cout << "Could Not Set The Category Count." << endl;
RegCloseKey(hk);
return 0;
}
RegCloseKey(hk);
return 1;
}
六.使用ReportEvent function來新增一筆log訊息
在將event source新增至registry之後,就可以用ReportEvent這個function去新增一筆log訊息。
這裡要將步驟二產生出來的.h include進來。
#include <windows.h>
#include <iostream>
#include <string>
#include "stdafx.h"
#include "LogMsg.h"
using namespace std;
/** the event type */
WORD eventType;
/** the event source name */
const char *msgSourceName = "CustomEvent";
/** The event identifier */
DWORD eventID;
/** the count of insert strings. */
const WORD cInserts = 1;
/** the registry handle */
HANDLE h;
bool writeEvent(const WORD &eType, const DWORD &eID, const string &msg){
LPCSTR message = msg.c_str();
bool isSuccess = false;
if(ReportEvent(h, // Event log handle
eType, // Event type
0, // Event category
eID, // Event identifier
NULL, // No user security identifier
cInserts, // Number of sub-stitution strings
0, // No data
&message, // Pointer to the message string
NULL)) // No data.
{
isSuccess = true;
}
if(!isSuccess)
{
cout << "Cannot report the event." << endl;
return false;
}
else
{
return true;
}
}
void main(){
// Get a handle to the event log.
h = RegisterEventSource(NULL, // user local computer
msgSourceName // Event source name
);
if(h == NULL){
cout << "Cannot Register The Event Source." << endl;
return;
}
// Create an error event log
eventType = EVENTLOG_ERROR_TYPE;
eventID = MSG_ERROR;
bool isSuccess = writeEvent(eventType, eventID, msg);
if(isSuccess){
cout << "Succes to create an error event" << endl;
}
if(h != NULL)
DeregisterEventSource(h);
}
沒有留言:
張貼留言