This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 91%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EY%3C/text%3E%3C/svg%3E)
I'm trying to create my own Windows service in C according to this tutorial. My event message definition file looks like this
EventLogMessages.mc:
MessageIdTypedef=DWORD
SeverityNames=(
Success=0x0:STATUS_SEVERITY_SUCCESS
Info=0x1:STATUS_SEVERITY_INFO
Warning=0x2:STATUS_SEVERITY_WARNING
Error=0x3:STATUS_SEVERITY_ERROR
)
FacilityNames=(
System=0x0:FACILITY_SYSTEM
Runtime=0x2:FACILITY_RUNTIME
Stubs=0x3:FACILITY_STUBS
Io=0x4:FACILITY_IO_ERROR_CODE
)
LanguageNames=(English=0x409:MSG00409)
; // The following are message definitions.
MessageId=0x1
Severity=Success
Facility=Runtime
SymbolicName=SVCEVENT_STATUS_REPORT
Language=English
Status report: %2.
.
MessageId=0x2
Severity=Error
Facility=System
SymbolicName=SVCEVENT_INIT_SYSCALL_ERROR
Language=English
Essential syscall failed when starting the service: %2.
.
MessageId=0x3
Severity=Error
Facility=Runtime
SymbolicName=SVCEVENT_CUSTOM_ERROR
Language=English
Service-specific error: %2.
.
; // A message file must end with a period on its own line
; // followed by a blank line.
It's almost a copy of the sample file from docs.
However whenever i compile this file, start the service and open the Event Viewer, i see all messages from my service as "Level: Error", even those that should have lower severity.
The event IDs and the messages are correct, but the severity is always wrong.
I opened the the generated header file EventLogMessages.h and here it seems alright as well.
#define SVCEVENT_STATUS_REPORT ((DWORD)0x00020001L)
The upper 2 bits (that indicate severity) are correctly set to 0 - STATUS_SEVERITY_SUCCESS. But regardless, the event is always displayed wrong.
Anyone has a clue why it's wrong and how to fix it?
Did you try Severity=Info and maybe FacilityNames=(…Runtime=0xFFF…)?
Yes, i tried both. It doesn't work. Everything is still Error.
I tried everything: I tried all possible severity codes, tried all available facility codes, i tried defining my own facility code with high number, i tried redefining the message ID to high number. The event log still shows the exact same info:
Level: Error
OpCode: Info
I start thinking the compiler has a bug, or the definition of the message format changed and the documentation was not updated.
Oh, oh. The message severity is controlled by the 2nd parameter of ReportEvent function. The severity from the 4th parameter dwEventID is COMPLETELY IGNORED!
What a trap from Microsoft.