How do you install a manifest in a "universal inf?"

We currently install manifest items in the INF using AddReg directives, such as shown below:

HKLM,%EventLogProviderKey%,%FLG_ADDREG_TYPE_SZ%,“DPTF”
HKLM,%EventLogProviderKey%,“ResourceFileName”,%REG_EXPAND_SZ%,“%%SystemRoot%%\system32\xyz.dll”
HKLM,%EventLogProviderKey%,“MessageFileName”,%REG_EXPAND_SZ%,“%%SystemRoot%%\system32\xyz.dll”
HKLM,%EventLogProviderKey%,“Enabled”,%FLG_ADDREG_TYPE_DWORD%,1
HKLM,%EventLogProviderKey%“\ChannelReferences”,“Count”,%FLG_ADDREG_TYPE_DWORD%,1
HKLM,%EventLogProviderKey%“\ChannelReferences\0",%FLG_ADDREG_TYPE_SZ%,“Application”
HKLM,%EventLogProviderKey%”\ChannelReferences\0",“Flags”,%FLG_ADDREG_TYPE_DWORD%,1
HKLM,%EventLogProviderKey%"\ChannelReferences\0",“Id”,%FLG_ADDREG_TYPE_DWORD%,9
HKLM,%EventLogChannelKey%,“Enabled”,%FLG_ADDREG_TYPE_DWORD%,1
HKLM,%EventLogChannelKey%,“EnableLevel”,%FLG_ADDREG_TYPE_DWORD%,0
HKLM,%EventLogChannelKey%,“EnableProperty”,%FLG_ADDREG_TYPE_DWORD%,1
HKLM,%EventLogChannelKey%,“LoggerName”,%REG_EXPAND_SZ%,“EventLog-Application”
HKLM,%EventLogChannelKey%,“MatchAnyKeyword”,%FLG_ADDREG_TYPE_QWORD%,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x80
HKLM,%EventLogChannelKey%,“MatchAllKeyword”,%FLG_ADDREG_TYPE_QWORD%,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00

But in “universal” INFs, it says we can only use HKR relative paths in the registry. We cannot use wevtutil.exe within an INF, and they also don’t want co-installers.

So, how exactly are we supposed install manifests for ETW-based event logging or just ETW events as a standard provider? I see no documentation on this at all.

Because there’s currently no better way to do it, Universal INFs currently allow you to write out keys under both HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels and HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers. You can verify this via InfVerif with the /universal switch.

As a side note, the idea behind universal INFs is that they should only be the steps necessary to get the device up and functional. Things like coinstallers and exe’s shouldn’t ever be required to do that, and hence they’re not supported.

The keys we use also include autologger key (SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-Application). Are the keys under the autologger also allowed in a universal INF?

(I should have shown the path instead of the replacement token…)

Yes, this is also supported. I should note that you’re only allowed to AddReg any of these keys.