Eventlog：EventWrite 未将数据写入 EventLog

我正在尝试使用“EventWrite”将EventData（类似C 结构）写入应用程序事件日志。 我没有看到任何日志写入EventLog（应用程序） 我正在使用下面的 sprovider.mc 文件

MessageIdTypedef=DWORD

SeverityNames=( 
    Success=0x0:STATUS_SEVERITY_SUCCESS
    Informational=0x1:STATUS_SEVERITY_INFORMATIONAL
    Warning=0x2:STATUS_SEVERITY_WARNING
    Error=0x3:STATUS_SEVERITY_ERROR
)

FacilityNames=( 
    System=0x0:FACILITY_SYSTEM
    Runtime=0x2:FACILITY_RUNTIME
)
    
MessageId=0x0002
Severity=Error
Facility=Runtime
SymbolicName=MSG_RUNTIME_ERROR
Language=English
This is a runtime error message
.

生成资源DLL

mc -U sprovider.mc
rc sprovider.rc
link -dll -noentry -out:sprovider.dll sprovider.res /MACHINE:X64

我的清单文件如下

    <instrumentationManifest
    xmlns="http://schemas.microsoft.com/win/2004/08/events"
    xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events"
    xmlns:xs="http://www.w3.org/2001/XMLSchema"
    >
    <instrumentation>
    <events>
      <provider name="evtlog" guid="{78A1B3DE-42A7-4111-85B2-8D199812EDDF}" symbol="MSG_RUNTIME_ERROR"
                 resourceFileName="c:\\windows\\system32\\evtlog.dll" 
                messageFileName="c:\\windows\\system32\\evtlog.dll">
        <events>
          <event symbol="MSG_RUNTIME_ERROR" value="2" version="0" level="win:Error" template="MyEventTemplate"/>
        </events>
        <templates>
          <template tid="MyEventTemplate">
            <data name="Message" inType="win:UnicodeString"/>
        <data name="UserName" inType="win:UnicodeString"/>
          </template>
        </templates>
      </provider>
    </events>
  </instrumentation>
</instrumentationManifest>

我跑步 wevtutil 是 evnt.man 警告：发布者提供商的资源文件不包含元数据资源。 确保将消息编译器生成的 .bin 文件链接到 指定的二进制文件。

资源文件名：c:\windows\system32\sprovider.dll

我使用如下的Win32代码来编写事件

#include <Windows.h>
#include <wchar.h>
#include <evntprov.h>
#include <iostream>
#include "evtlog.h"

using namespace std;


// Define the provider GUID
static const GUID MyProviderGuid =
{ 0x78a1b3de, 0x42a7, 0x4111, {  0x85, 0xb2, 0x8d, 0x19, 0x98, 0x12, 0xed, 0xdf } };

int wmain() {
    // Register the event provider
    REGHANDLE hProvider = NULL;
    if (EventRegister(&MyProviderGuid, NULL, NULL, &hProvider) != ERROR_SUCCESS) {
        // Handle the error
        std::cout << GetLastError();
        return 1;
    }

    // Sample structured data
    struct MyEventData {
        WCHAR Message[MAX_PATH];
        WCHAR UserName[MAX_PATH];
    };

    MyEventData eventData = { L"Sree", L"This is a test message" };

    // Event data descriptors
    EVENT_DATA_DESCRIPTOR dataDescriptors[2];
    EventDataDescCreate(&dataDescriptors[0], eventData.Message, (ULONG)(MAX_PATH));
    EventDataDescCreate(&dataDescriptors[1], eventData.UserName, (ULONG)(MAX_PATH));

    // Define the event descriptor
    EVENT_DESCRIPTOR eventDescriptor;

    EventDescCreate(&eventDescriptor, MSG_RUNTIME_ERROR, 0, FACILITY_RUNTIME,  STATUS_SEVERITY_ERROR, 0, 0, 0);

    BOOL bEnabled = EventEnabled(hProvider, &eventDescriptor);
    std::cout << std::endl << "Enabled:" << bEnabled;
    // Write the event
    if (EventWrite(hProvider, &eventDescriptor, 2, dataDescriptors) != ERROR_SUCCESS) {
        // Handle the error
        std::cout << GetLastError();
        return 1;

    }
    // Unregister the event provider
    EventUnregister(hProvider);

    return 0;
}

从 C 代码生成的可执行文件无法向 Log 写入任何内容。 请让我知道我在这里缺少什么。