As we know, windows event logs are different at below Vista (XP and below) and Vista and up, see here Windows Event Logs . On Vista, I am able to understand the API about how to retrieve all event logs.
On the windows XP, I am able to run this sample code. Two things we need to fill in there are:
#define PROVIDER_NAME L"MyEventProvider"
#define RESOURCE_DLL L"<path>\\Provider.dll"
However the question would be there where to get the provider name and its resource dll.
One way I could think of is to iterate through all the sub key under registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security
From those subkeys, we could get the provider name and its EventMessageFile (although I found out that some subkey doesn't have the EventMessageFile, rather it hasParameterMessageFile).
Is this the only way to do this? Or is there any other better approach?
If you are using WinAPI, than iterating through registry is the only way, as far as I know. And yes, some of providers don't have EventMessageFile, it's normal. Maybe they are just place their insert strings without any message into event log (I can't say exactly).
But, if you can use a .Net, that there is a good EventLog Class, that offers you a bunch of really good methods.