是否有工具可以 dump/show 提供者清单中定义的事件数据模板?

Is there a tool to dump/show event data templates defined in a provider's manifest?

> wevtutil.exe gp <provider-name> /ge /gm /f:xml

打印提供者的清单,除了它 data templates. Is there a tool I am missing that would display the templates defined in an installed provider's manifest? They must be out there in the binary WEVT_TEMPLATE resource, since the Tdh* functions 似乎知道他们。

Perfview 可以用这个命令来做到这一点:

PerfView userCommand DumpRegisteredManifest <provider-name>

这会将完整清单转储到 XML。

Resource Hacker 允许显示 WEVT_TEMPLATE 结构。