Event viewer Provider and channel problem

NTDEV
1

i want to Generate Log into Event viewer
when i install manifest file everything is good and i see my provider create in event viewer
but when i go to register event in filterDriver i get failed_but when i use SYSTEM channel everything works fine
this is manifest file content i used:
[tag]?xml version=‘1.0’ encoding=‘utf-8’ standalone=‘yes’?[tag]
[tag]instrumentationManifest
xmlns=“http://schemas.microsoft.com/win/2004/08/events
xmlns:win=“http://manifests.microsoft.com/win/2004/08/windows/events
xmlns:xs=“http://www.w3.org/2001/XMLSchema
xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance
xsi:schemaLocation=“http://schemas.microsoft.com/win/2004/08/events eventman.xsd”
[tag]
[tag]instrumentation[tag]
[tag]events[tag]
[tag]provider
guid=“{XXXXXXXXXXXXX}”
messageFileName=“%SystemDrive%\Filter.sys”
name=“ProcMon”
resourceFileName=“%SystemDrive%\Filter.sys”
symbol=“process_monitor”[tag]
[tag]channels[tag]
[tag]channel name=“ProcMon” chid=“c1” symbol=“process_monitor_Channel” type=“Operational” enabled=“true”[tag][tag]/channel[tag]
[tag]/channels[tag]
[tag]templates[tag]
[tag]template tid=“load_Unload”[tag]
[tag]data
inType=“win:UnicodeString”
name=“Devname”
outType=“xs:string”/[tag]
[tag]data
inType=“win:UnicodeString”
name=“Message”
outType=“xs:string”/[tag]
[tag]data
inType=“win:UInt32”
name=“Status”
outType=“xs:unsignedInt”/[tag]
[tag]/template[tag]
[tag]template tid=“Event_Process”[tag]
inType=“win:UInt32”
name=“Processid”
outType=“xs:unsignedInt”/[tag]
[tag]data
inType=“win:UnicodeString”
name=“ProcessName”
outType=“xs:string”/[tag]
[tag]data
inType=“win:UnicodeString”
name=“ProcessArg”
outType=“xs:string”/[tag]

				[tag]/template[tag]
			[tag]/templates[tag]
			[tag]events[tag]
				[tag]event
					channel="c1"
					level="win:Informational"
					message="$(string.EvtLoad.EventMessage)"
					opcode="win:Start"
					symbol="EvtLoad"
					template="load_Unload"
					value="1000"/[tag]
				[tag]event
					channel="c1"
					level="win:Informational"
					message="$(string.EvtProcessLog.EventMessage)"
					opcode="win:Info"
					symbol="EvtProcessLog"
					template="Event_Process"
					value="1001"/[tag]
				[tag]event
					channel="c1"
					level="win:Informational"
					message="$(string.EvtUnload.EventMessage)"
					opcode="win:Stop"
					symbol="EvtUnload"
					template="load_Unload"
					value="1009"/[tag]
			[tag]/events[tag]
		[tag]/provider[tag]
	[tag]/events[tag]
[tag]/instrumentation[tag]
[tag]localization xmlns="http://schemas.microsoft.com/win/2004/08/events"[tag]
	[tag]resources culture="en-US"[tag]
		[tag]stringTable[tag]
			[tag]string
				id="EvtLoad.EventMessage"
				value="Driver Loaded"/[tag]
			[tag]string
				id="EvtProcessLog.EventMessage"
				value="Process Created"/[tag]
			[tag]string
				id="EvtUnload.EventMessage"
				value="Driver Unloaded"/[tag]
		[tag]/stringTable[tag]
	[tag]/resources[tag]
[tag]/localization[tag]

[tag]/instrumentationManifest[tag]

i got error in
Error = MCGEN_EVENTREGISTER(ProviderId, EnableCallback, CallbackContext, RegHandle);
function

thank you