I have the feeling that this will only work for some sources, mostly from Microsoft. – harrymc – 2012-03-12T07:08:33.263

@harrymc, probably not. It looks like what it does is to access the EventMessageFile associated with the service and extracting the event strings and ids. This should work for any message file including non-Microsoft ones (after all, they are stored in standard way so that the service manager can invoke them). – Synetech – 2012-03-12T18:27:55.340

@Synetech: The MS interface surely requires declaring all function entry-points, but I am not too sure about error codes. – harrymc – 2012-03-12T18:52:26.043

@harrymc, take a look at the HKLM\SYSTEM\CCS\Services\Eventlog key; it contains the various services and drivers that are able to generate events. At a minimum, they include a EventMessageFile value that points to the source(s) of the events (e.g., C:\WINDOWS\System32\Ati2evxx.exe ⇐ non-Microsoft), and a TypesSupported value which defines what type of events it supports. Knowing the EventMessageFile should be enough to do brute-force detect all supported values. I suspect that the MPWizard program may be doing that since it does not know the specific codes that the file supports. – Synetech – 2012-03-12T19:07:31.203

(It’s like the global-hotkey list program I wrote a while back; there is no (practical) way for my program to determine what hotkeys are in use, so it just tries every combination and tests for success or failure.) – Synetech – 2012-03-12T19:07:47.210

@Synetech: Checked, and for many services EventMessageFile points to a dll. While normally containing a resource named MessageTable that has for some products ALL user-interface text-messages, error or non-error, while for others it is just a dummy. For about a dozen dlls picked at random, I haven't found any resource that looks like event ids. If MPWizard uses MessageTable, then it brings back lots of rubbish in addition to the possibly (few) good stuff. – harrymc – 2012-03-12T19:30:33.657

> For about a dozen dlls picked at random, I haven't found any resource that looks like event ids.   Hence the brute-force. – Synetech – 2012-03-12T19:32:56.333

@Synetech: Brute-force cannot squeeze info from stone, and I also have other doubts about non-service sources. I don't have any new info, so let's just wait for the poster's report. climenole: Please report your findings for a sample of both MS and non-MS sources. – harrymc – 2012-03-12T19:45:50.190

What stone? You call the logging function in the file, passing in the parameters (one of which is an ever-increasing ID), and see if it succeeds. I haven’t done any significant programming with Windows logging (at least not from the generation side), but I’m certainly interested in seeing how the API works now. If I can get it to work without having to install the whole whole magilla, I’ll test it with ATI, Adobe, and a few other event sources (not to mention all the non-Windows Microsoft ones). – Synetech – 2012-03-12T20:25:13.670

@Synetech: That would : (1) fill up the event log with rubbish, (2) provide no way to distinguish between rubbish and valid event codes. The only real solution I can think of would be to disassemble the dll to detect all event-code parameters in all calls to the function, which could possibly be done by MPWizard (but hard to believe in). – harrymc – 2012-03-13T08:31:45.460

> fill up the event log with rubbish   if you call it normally which I don’t imagine Microsoft would need to do since they have access to the low-level functions and can hook and redirect output.     > could possibly be done by MPWizard (but hard to believe in   Well the program exists and I doubt that they are lying about its abilities. – Synetech – 2012-03-13T19:06:43.097

1Plus, you can add your own event ids. – surfasb – 2012-03-08T14:44:53.230

> Plus, you can add your own event ids.   Yup; drivers, programs, etc. will used their own, so technically it is impossible to have a “complete” list. The best you can do is to get a list of known and/or standard one ones. It’s just like with error messages and codes. Yes, for example error #2 is usually “file not found”. There are programs that list standard error message text for known error codes, but what about program ReallyCoolButNonStandardApp that returns error 2 for “no arguments specified”? RCBNSA’s error codes are probably not going to be in any regular list. – Synetech – 2012-03-10T20:58:06.867

First thank you gentlemen for your answers. Both site MS and Eventid.net are well known search site for events but not a list. I finally found the program I was talking about. MPWizard.exe from the MOM 2005 Resource Tool kit... is it working on W7? I try it next week and give you some feed back. Thank you again :) – climenole – 2012-03-11T21:57:33.530