I try to use manifested base event to log event for debugging and analyzing. But I have a problem: when I record with my provider registered, everything is fine, when open .etl file in WPA, I can view as much info as I can. But if I collect events without my provider registered, when I open .etl file in WPA, everything is not human friendly. So, must I register my provider before I start collect events? I hope not, because if so, I have to take the risk to leak my .man file, so others may use it to get the detail trace log as well. that's not acceptable!
I don't want my .man file packaged in install file, so I do not need to worry about leak it. and of course I can't register my provider as well.
Is there a way to view the .etl (collect without my provider registed first) as well as possible?
thanks in advance.
below are pictures that may make what i said more easy to understand.
image of record without my provider registered:
image of record with my provider registered:
Use EventSource package if you use .Net, which adds manifest into the ETL (
ProviderName/ManifestData).With this way, you don't need to have manifest installed on capture and decode system. The manifest is now part of the ETL.
Of course, If someone gets the ETL, he can use Perfview to dump the Manifest.