Jump to content

Report Event not working

- - - - -
Started by Slider, Feb 07 2011 04:38 AM

  • Please log in to reply
3 replies to this topic

#1
Slider
Posted 07 February 2011 - 04:38 AM

Slider

    Learning Programmer

  • Members
  • PipPipPip
  • 33 posts
This is putting an event in the application log file, but
it also brings up Dr. Watson.

What have I left out?

Thanks.

; Report_Event.asm Append string to end of Application Event Log
;

INCLUDE    \masm32\include\masm32rt.inc
include    \masm32\include\advapi32.inc
includelib \masm32\lib\advapi32.lib   

.data

Provider_Name   db  "MyEventProvider",0 
Failed          db  "RegisterEventSource failed.",0
AppName         db  "SiegeWorks",0
string1         db  "An unhandled exception has occured.",0 
string2         db  " "
string3         db  " "

.DATA?

hEventLog       HWND  ?
dwEventDataSize dw    ?

.code

start:

stringpointers label dword
DWORD offset string1
DWORD offset string2
DWORD offset string3
    
    push 	offset Provider_Name
    push 	NULL
    Call 	RegisterEventSource
    mov         [hEventLog], eax ; Store handle 
    
.IF eax == NULL
   ;invoke GetLastError
   ;invoke wsprintf, addr OutputBuffer, addr Failed, eax
   invoke  MessageBox, NULL, addr Failed, addr AppName, MB_OK
.ENDIF

mov [dwEventDataSize], (sizeof stringpointers)

invoke ReportEvent,hEventLog,EVENTLOG_INFORMATION_TYPE,0,0,NULL,3,dwEventDataSize,addr stringpointers,NULL

invoke DeregisterEventSource,hEventLog

invoke ExitProcess, NULL

end start

#2
RhetoricalRuvim
Posted 07 February 2011 - 06:32 AM

RhetoricalRuvim

    JavaScript Programmer

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,251 posts
  • Location:C:\Countries\US

Quote

.IF eax == NULL

   ;invoke GetLastError

   ;invoke wsprintf, addr OutputBuffer, addr Failed, eax

   invoke  MessageBox, NULL, addr Failed, addr AppName, MB_OK

.ENDIF


mov [dwEventDataSize], (sizeof stringpointers)


invoke ReportEvent,hEventLog,EVENTLOG_INFORMATION_TYPE,0,0,NULL,3,dwEventDataSize,addr stringpointers,NULL


invoke DeregisterEventSource,hEventLog


invoke ExitProcess, NULL
Maybe it's not, but should it be like this?: 
.IF eax == NULL

   ;invoke GetLastError

   ;invoke wsprintf, addr OutputBuffer, addr Failed, eax

   invoke  MessageBox, NULL, addr Failed, addr AppName, MB_OK

.ELSE 


mov [dwEventDataSize], (sizeof stringpointers)


invoke ReportEvent,hEventLog,EVENTLOG_INFORMATION_TYPE,0,0,NULL,3,dwEventDataSize,addr stringpointers,NULL


invoke DeregisterEventSource,hEventLog


.ENDIF 


invoke ExitProcess, NULL
And sorry for the question, but what do you mean by "Dr. Watson?"

#3
Slider
Posted 07 February 2011 - 12:22 PM

Slider

    Learning Programmer

  • Members
  • PipPipPip
  • 33 posts
I found source and an example program in this file.
XEventLog_demo.zip

I am working with it to develop an MASM assembly equivalent.

Dr. Watson is the default XP debugger that is activated whenever there is a Major program error.

Andy

#4
dargueta
Posted 16 February 2011 - 07:12 PM

dargueta

    Writes binary right handed and hex left handed

  • Moderators
  • 4,705 posts
  • Programming Language:C, Java, C++, PHP, Python, Perl, Assembly, Bash, Others
  • Learning:JavaScript
I think you're going to have to change the OS settings to not bring up Dr. Watson.
sudo rm -rf /
Back to Assembly


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users



  1. CODECALL Programming Forum
  2. Software Development
  3. Assembly
IPB skins by Skinbox