I am trying to use the ETW functions without success to read the file:
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
In order to capture boot time events.
I have tried various functions -
OpenTrace gives an error 161
EvtQuery gives an error 15000
Does anyone have a native code example of reading system trace files?
I got this working as follows -
LPWSTR pwsPath = L"Microsoft-Windows-Diagnostics-Performance/Operational";
LPWSTR pwsQuery = L"Event/System[EventID=100]";
hResults = EvtQuery(NULL, pwsPath, pwsQuery,
EvtQueryChannelPath | EvtQueryReverseDirection);
The channel name can be found by going to Properties on an eventlog and using it's Full Name.
The error 15000 was due to me trying to open the log file with the given flags rather than the channel name.
Related
I am facing issue while submitting below job, can someone please suggest?
Error:
IEF344I KA7LS2W2 INPUT STEP1 SYSUT2 - ALLOCATION FAILED DUE TO DATA FACILITY SYSTEM ERROR
IGD17501I ATTEMPT TO OPEN A UNIX FILE FAILED,
RETURN CODE IS (00000081) REASON CODE IS (0594003D)
FILENAME IS (/ka7a/KA7A.in)
JCL:
//KA7LS2W2 JOB (51,168),'$ACCEPT',CLASS=1,
// MSGCLASS=X,MSGLEVEL=(1,0),NOTIFY=&SYSUID,REGION=0M
// EXPORT SYMLIST=*
// JCLLIB ORDER=SYS2.CI55.SDFHINST
//STEP1 EXEC DFHLS2WS,
// JAVADIR='java/J7.0_64',PATHPREF='',TMPDIR='/ka7a',
// USSDIR='',TMPFILE=&QT.&SYSUID.&QT
//INPUT.SYSUT1 DD *
PDSLIB=//DJPN.KA7A.POC
LANG=COBOL
PGMINT=CHANNEL
PGMNAME=KZHFEN1C
REQMEM=PAYIN
RESPMEM=PAYOUT
MAPPING-LEVEL=2.2
LOGFILE=/home/websrvices/wsbind/payws.log `enter code here`
WSBIND=/home/webservices/wsbind/payws.wsbind
WSDL=/home/webservices/wsdl/payws.wsdl
/*
Based on the Return Code 81 / Reason Code 0594003D the pathname can't be resolved.
the message IGD17501I explains the error. You'll find more information looking up the Reason Code 0594003D.
You can use BPXMTEXT to lookup more detail on the Reason Code.
Executing this command in USS you'll see:
$ bpxmtext 0594003D
BPXFVLKP 05/14/20
JRDirNotFound: A directory in the pathname was not found
Action: One of the directories specified was not found. Verify that the name
specified is spelled correctly.
Per #phunsoft adding that the same command can be executed in TSO and is not case sensitive like USS.
I'd suspect that /ka7a doesn't exist. Is it a case issue? Or perhaps you meant /u/ka7a/ or `/home/ka7a' ?
I have an App with a Poco module for internet connection to support users with legacy XP and Vista OS connecting with TLS1.2. There is a connection problem that returns a Poco error code but I don't know what that means. Here is part of the logging output:
poco_connection::end_receiving_response_body entered
poco_connection::close entered
poco_session::destroy_connection entered
poco_connection::end_transaction entered (code 0x00280166, hresult 0x00000000, closing: FALSE)
--------- 043d7450 (Closing request)
poco_connection::transaction_notify entered (code 0x00280166, hresult 0x00000000): Status: 3
Poco Communication Failed: code 0x00280166, hresult 0x00000000
poco_connection::~poco_connection entered
A little research shows there is a class Poco::Error that includes a method
static std::string getMessage(
int errorCode
);
which returns a text string for errors. Unfortunately I don't have source for the Poco module and so I can't add that translation call.
Since Poco is an open source project, can anyone point me to a code location where I can look up the mapping of Poco errors? Specifically error code 0x00280166
Seems I got lucky with a bit of googling
https://github.com/pocoproject/poco/blob/develop/Foundation/src/Error.cpp
But I don't think you're in luck, the code just assumes the error code is a windows system error code. And when I google 0x00280166 this page is the only hit.
If you run the command-line version of unrar it logs out vital information when an archive fails to extract.
I'm trying to do the same thing with the unrar DLL.
I've already had to make some changes to the DLL source code to support registering my own callback to handle extraction progress properly.
Now I want to handle error reporting properly.
There is really no documentation on using unrar source.
So I have a working callback function that can be called
CommandData *Cmd
Cmd->ErrorCallback(ERAR_BAD_DATA, Arc.FileName, ArcFileName);
The function works great if I call it next to my progress DLL (so I know the callback works), but I just can't figure out where the errors are being handled.
Specifically I'm after handling the code ERAR_BAD_DATA which I found is handled in extract.cpp ... but that code just doesn't seem to get run.
I also found some calls to RarErrorToDll ... I put the callback there too, nothing.
Any help would be hugely appreciated.
for a bit of context, this is what I was previously doing to catch errors.
bool archiveCorrupt = false;
while((read_header_code = RARReadHeader(archive_data, &header_data)) == 0)
{
process_file_code = RARProcessFile(archive_data, RAR_EXTRACT, m_output_dir, NULL);
if(process_file_code)
{
qDebug() << "Error extracting volume!"
<< header_data.ArcName << " "
<< " with error: " << process_file_code;
archiveCorrupt = true;
break;
}
}
The reason this approach doesn't work is that the error code process_file_code tells you what went wrong, but the archive name in header_data.ArcName is the archive that the file started in, not necessarily where the corruption was. I'm dealing with multi-part archives where one large file will span multiple archives ... so I need to know which archive(s) is corrupt, not just the archive the file started in.
EDIT:
Here is a link to the unrar source code
So I've discovered a place in extract.cpp line 670 that I can place the callback and it does return an error code to my app.
ErrHandler.SetErrorCode(RARX_CRC);
#ifdef RARDLL
Cmd->ErrorCallback(RARX_CRC, Arc.FileName, ArcFileName);
However, this has the same issue as before, where it returns the error at the end of processing the file extracting, rather than at the place where the CRC fails.
If I run the unrar command-line app that you can download from the rarlabs site, it seems to handle it properly and returns the correct error. I can't find text for those errors anywhere in the unrar source, so I can only assume that the unrar source doesn't actually build the unrar app they publish on their site.
Extracting from SL - Cinematic Guitars.part02.rar
... SL - Cinematic Guitars/Cinematic Guitars/Samples/Cinematic Guitars_001.nkx 16%
SL - Cinematic Guitars/Cinematic Guitars/Samples/Cinematic Guitars_001.nkx : packed data CRC failed in volume SL - Cinematic Guitars.part02.rar
I eventually found the answer, after lots of trial and error.
My issue was, I was comparing an old command line version of unrar to the newer source code when looking for the error messages.
The error message has changed in the new source code and is now
packed data checksum error in volume
This is defined in loclang.hpp and called from uiconsole.cpp in the function uiMsgStore:Msg when the error code is UIERROR_CHECKSUMPACKED
This gets called from volume.cpp on line 25
I have added my callback here, and it catches the error perfectly.
I hope this helps someone else if they ever have the misfortune of having to hack unrar source code.
I have a problem with an old piece of software (early 2000) written in C++ that uses Excel for processing data. It worked fine in previous versions of Excel but since version 2013, I get a crash that I haven't seen before.
We have created our own COM add-in for Excel, this add-in is registered with regsvr32 and available in Excel 2013. The add-in refused to work at first but disabling Data Execution Prevention (DEP) got it working.
This add-in is accessed by creating an instance of Excel in code:
_Application.CreateDispatch ("Excel.Application");
After creating the instance of Excel we get the loaded add-ins from the instance and find our add-in by looping through the COM add-ins.
_Application.GetCOMAddIns();
Once we got our add-in we can send commands through the interface:
IExcelServer* server = excel.GetServerAddIn(); // Obtain the server COM-AddIn.
HRESULT result = server->Execute (&req, &rep, &retval);
One of the commands we can send here is requesting a value from Excel based on a given string label (the label will be in column A and this function returns the value in column B on the same row). Now the code crashes on the following line of code:
rng.Find (COleVariant (label), CovOptional, CovOptional, COleVariant (xlWhole), CovOptional, xlSearchNext, CovOptional, CovOptional, CovOptional);
The 'rng' object is of type Range and is from the correct sheet and the range goes from A1 to A17. When we get the value from 'rng' object (rng.GetValue2()) it gives us the following array (which contains the value that is specified in the label argument):
safearray of VARIANT = [1,17](Empty,Empty,BSTR = 0x160bc6bc "Web",Empty,Empty,Empty,Empty,BSTR = 0x0bbca5cc "Pre",BSTR = 0x15f499fc "WebStart",BSTR = 0x0bbca48c "WebMid",BSTR = 0x0bbca5a4 "WebEnd",BSTR = 0x160bc80c "Post",Empty,Empty,BSTR = 0x15f49a24 "SafeStartWeb",BSTR = 0x15f49a4c "SafeEndWeb",Empty)
We receive the following error while debugging:
"Unhandled Exception at 0x00ccbb4A in Excel.exe: 0xC0000005: Access violation reading location 0x00000000."
We also see the following message in the windows event viewer every time that Excel crashes:
"The description for Event ID 0 from source MSOIDSVC.EXE cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
InitializeSvcAPI failed with hr = 0x8004888d"
The code is made in VS2010 using C++ and running Windows7 x64. We have also tested the code on a Windows8 x64 machine but we got the same result.
Has someone seen this crash before or can advise how to fix it?
Thanks in advance.
I am working with the windows Task Scheduler 1.0 in win32 c++ & I am attempting to create & save a new task. Everything goes fine until I go to save the task by using the following function:
IPersistFile :: Save( NULL, TRUE );
The error that is returned is 0x8007052e
I have search & searched msdn but I cannot find a defintion for this error. Do you know that the HRESULT error with the value 0x8007052e means?
Some other info that might be important. I am using Windows 7, using a admin user & attempting to schedule a Daily task/trigger.
Using Visual Studios Error Lookup tool I find that it means "Logon failure: unknown user name or bad password. "
In fact, just Googling for that error code returns exactly the same information.
The HRESULT code 0x8007052e is very easy to decode. It consist from three parts
8xxxxxxx - means failure (error)
x007xxxx - means the facility 7
xxxx052e - meane the error code 0x52e=1326
If you open the WinError.h file you will easy find that FACILITY_WIN32 is 7.
So you have just a standard Win32 error with the code 0x52e=1326. If you search in WinError.h for 1326 you will find ERROR_LOGON_FAILURE with the description
Logon failure: unknown user name or
bad password.