是否有工具可以 dump/show 提供者清单中定义的事件数据模板?
Is there a tool to dump/show event data templates defined in a provider's manifest?
> wevtutil.exe gp <provider-name> /ge /gm /f:xml
打印提供者的清单,除了它 data templates. Is there a tool I am missing that would display the templates defined in an installed provider's manifest? They must be out there in the binary WEVT_TEMPLATE resource, since the Tdh* functions 似乎知道他们。
Perfview 可以用这个命令来做到这一点:
PerfView userCommand DumpRegisteredManifest <provider-name>
这会将完整清单转储到 XML。
Resource Hacker 允许显示 WEVT_TEMPLATE 结构。
> wevtutil.exe gp <provider-name> /ge /gm /f:xml
打印提供者的清单,除了它 data templates. Is there a tool I am missing that would display the templates defined in an installed provider's manifest? They must be out there in the binary WEVT_TEMPLATE resource, since the Tdh* functions 似乎知道他们。
Perfview 可以用这个命令来做到这一点:
PerfView userCommand DumpRegisteredManifest <provider-name>
这会将完整清单转储到 XML。
Resource Hacker 允许显示 WEVT_TEMPLATE 结构。