As I was saying manifest is needed for EventLog service integration. If you just want to collect your events without event log involvement (by just using ETW) it is quite possible. There is an FAQ at: http://social.msdn.microsoft.com/Forums/en/etw/thread/a1aa1350-41a0-4490-9ae3-9b4520aeb9d4 which should help answer most of your questions.
Thanks,
Alex
Date: Wed, 22 Jul 2009 21:27:43 +0530
Subject: Re: [ntdev] ETW manifest registration through registry enteries and a simple question to microsoft
From: xxxxx@gmail.com
To: xxxxx@lists.osr.com
Thanks Alex and Peter for your replies.
Based on the interpretation of replies :
My intention was that in case of failure of my driver or application on remote end user’s system, I should be able to collect ETW logs analyze them on my local system .
But, I think this is possible in present ETW infrastructure only if manifest is registerd on end user’s sytem, without which logs will not be generated.
Please confirm the understanding.
Thanks
Anshul Makkar
On Wed, Jul 22, 2009 at 8:59 PM, Alex Bendetov wrote:
Peter is correct. Manifest installation is required in order to associated your provider with the binary containing resources describing your provider and in order to set up Event-Log channels. So the resouce file contains more then just localized strings, it also contains layout information for your events. EventRegister call is used to register your provider guid with tracing subsystem in the kernel so that it can be dynamically enabled-disabled, but for event decoding/event log integration the manifest needs to be installed with “wevtutil.exe im YourManifestName” (currently there is no programatic way). Recomended time of doing this is during your application installation. Note that if you want to collect your events manually (without event log integration) the manifest is not required. You can do it with logman/tracelog tools if you refer to your provider by guid, not symbolic name.
Thanks,
Alex
From: xxxxx@microsoft.com
To: xxxxx@lists.osr.com
Subject: RE: [ntdev] ETW manifest registration through registry enteries and a simple question to microsoft
Date: Wed, 22 Jul 2009 15:03:51 +0000
To my knowledge the only supported option is to run wevtutil.exe to install the manifest. This will install the event descriptions & create any defined channels.
Your code can register as an event provider (which gets you a session handle from ETW) and log events even if your manifest isn?t installed. The logged events will be dropped until someone configures a channel for them to go into or sets up a trace session using the trace tools. So if someone needs to get your events they can whether or not the manifest is installed.
Sorry,
-p
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of anshul makkar
Sent: Wednesday, July 22, 2009 7:47 AM
To: Windows System Software Devs Interest List
Cc: anshul makkar
Subject: [ntdev] ETW manifest registration through registry enteries and a simple question to microsoft
Hi all,
In order to prevent dirty way of programming to register the ETW manifest file through “system(wevtutil im )”, I tried to replicate the operations of wevtutil by making enteries in the registry. But the number of enteries is large and I failed to do that. I am not sure whether that is the right way of doing that…
Another question I want to ask microsoft is that if manifest registration is a ‘necessary’ step, then what use will be to deliver drivers/applications to end customers with event tracing enabled in them without registering the manifest file in every end customer’s system. I have to make sure that manifest is registered in all the end user’s system in order to take advantage of ETW logging. This doesn’t sound too good.
Isn’t it possible to log the events to log file or channels without registering the manifest file in Windows Vista/Windows 7 OS ?
Thanks
Anshul Makkar
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Windows Live? Hotmail?: Search, add, and share the web?s latest sports videos. Check it out.
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
_________________________________________________________________
Windows Live? SkyDrive?: Store, access, and share your photos. See how.
http://windowslive.com/Online/SkyDrive?ocid=TXT_TAGLM_WL_CS_SD_photos_072009