GrepMsgTbl

Copyright © 1997-1999 Thomas Holz and Falk Schmal

Last Updated January 05, 1998, Version 1.0

Introduction

The Microsoft DevStudio Version 5 is not able to grep the message tables from a file. GrepMsgTbl reads this message tables and stores it into a file or to stdout.

This tool is freeware!

Installation

Just copy GrepMsgTbl onto your executable path, and type "grepmsgtbl".

GrepMsgTbl has been tested on NT 4.0.

Usage

usage: grepmsgtbl [Source File] > [Destination File]

The Source File is normaly the file stored the message table and the destination File is the Textfile.

How it works

Each event sources should register message files that contain description strings for each event identifier, event category, and parameter. These files are registered in the EventMessageFile, CategoryMessageFile, and ParameterMessageFile registry values for the event source.

Each logfile can contain subkeys called event sources. The event source is the name of the software that logs the event. It is often the name of the application, or the name of a subcomponent of the application, if the application is large. Applications and services should add their names to the Application logfile. Device drivers should add their names to the System logfile. The structure is as follows:

HKEY_LOCAL_MACHINE
    SYSTEM
     CurrentControlSet
       Services
         EventLog
          Application
              AppName
            Security
            System
              DriverName

The application provides its name when it opens the event log using the RegisterEventSource function.

Each event source contains information specific to the software that will be logging the events, such as the message files, as shown in the following table.

When an application uses the RegisterEventSource or OpenEventLog function to get a handle to an event log, the event-logging service searches for the specified event source in the registry.

Download GrepMsgTbl (21 KB)

Back to NT Tools