Freigeben über


Raise Crimson Events from .NET Part 3 - The DLL

Last time we wrote the manifest. Now we need to turn this into a resource our application and the event viewer can use.

To enable us to build a DLL - we need some code, this is the contents of main.cpp:

 #include "windows.h"
BOOL APIENTRY DllMain(  HANDLE hModule,
                        DWORD ul_reason_for_call,
                        LPVOID pReserved)
{
   return TRUE;
}

Next we need to create the resource files from the manifest. To do this we need to use the message compiler (mc.exe). This should be on the path of any SDK path. Use the following to compile the message file:

 mc -W winmeta.xml EventSchema.man

Its worth noting that the winmeta.xml file needs to be copied or referenced from the Microsoft SDKs\Platform\Include folder. Its also worth having a look in winmeta.xml to see what is going on.

There should now be 4 files created. EventSchema.h, EventSchema.rc, EventSchemaTemp.bin and MSG00001.bin. Its the values in EventSchema.h that will interest us later as we will use the values defined in our code.

We need to complie the .rc file into a .res file - use the following command:

 rc EventSchema.rc

This will create the EventSchemas.res file.

Now we can build the DLL using the following commands:

 cl main.cpp /LD

link /DLL main.obj EventSchema.res /out:CrimsonNetSchema.dll

Fingers crossed we have a DLL! In the manifest, we referenced the location of the DLL in the provider tag:

 <provider name="Microsoft-Samples-CrimsonNetDemo" 
   guid="{9c878495-5572-474e-97b6-ae8072b18037}" 
   symbol="PROV_CRIMSONDEMO" 
   resourceFileName="d:\CrimsonNetDemo\CrimsonNetSchema.dll" 
   messageFileName="d:\CrimsonNetDemo\CrimsonNetSchema.dll">

we need to put the DLL in this location.

Finally we can register the manifest with the event service:

 wevtutil im EventSchema.man

Check in the Windows Event Viewer and you should see our log!

Next up, wrap the crimson API....

This posting is provided "AS IS" with no warranties, and confers no rights.