I am trying to write my first Windows 2000 driver and like to use the EventViewer for debugging.
So I wrote something like this:
DriverEntry(DriverObject, SomeRegistryPathIDontCareAbout){
ntoskrnl.exe/IoAllocateErrorLogEntry(
IoObject = DriverObject,
EntrySize = 44
)
return 0;
}
ntoskrnl.exe/IoAllocateErrorLogEntry just returns 0 instead of an address. Does someone know why the function refuses to allocate some space for an event package?
Ok, I figured it out.
IoAllocateErrorLogEntry checks if the value of EntrySize is >= sizeof(IO_ERROR_LOG_PACKET) which is 48 bytes.
So my value of 44 bytes was simply too low.