I have manifest-based ETW providers written in C++ and C#. Both providers use same manifest (generated by Microsoft.Diagnostics.Tracing.TraceEvent package from C# code). Channel is Debug.
Event publishing is success (return value is 0) in both providers and I can see them in perfview.
If manifest isn't installed, C++ provider's events are shown in perfview with provider's GUID, event id, etc. There is no "stringed" property like provider name, event name.
But C# provider's events have those properties.
Why C# provider can do this? In EventSource.cs, there is SendManifest method and additional ManifestData event is logged only when I use C# provider. Is this a reason? If so, can C++ provider achieve this behavior?
Edit I know how to install manifest with wevtutil.exe or eventregister.exe. After some research, I found my necessary is implement "self-describing" event in C++.
The Windows 10 SDK includes support for a new ETW system that doesn't require a manifest at all. You can use the TraceLoggingProvider.h header to generate these events. This new system is also supported in .NET 4.6 or later in EventSource if you use the eventSource.Write method or if you set the manifest-free flag. (There is also an EventSource NuGet package if you want to use the new features but don't want to make .NET 4.6 a prerequisite for your program.)
Note that while the technology requires a new sdk, and you'll need new decoder tools to decide the new log file format, the technology works with programs running on Vista or later. In other words, you'll need to use the Windows 10 SDK to get the new TraceLoggingProvider.h header, but the resulting program will run ok on Vista or later as long as you set the WINVER macro to the right value for the OS you want to target.
The main benefit is that no manifest is needed. The main downside is that your log files will be a little bit larger (since each event needs to include a bit of information about how to decode itself).
The other answer is also correct and valid if you want to use manifest-based ETW. The only officially-supported system for manifest-based events is to register the manifest. The system that EventSource uses (where it throws a copy of the manifest into ETW) isn't well-documented, isn't supported by all of the ETW decoding tools, and I'm not sure that there's any support for you doing it yourself. If you're just interested in collecting and decoding log files, you only need to have the manifest registered on the machine where you'll be doing the decoding (the manifest is only used for merging and decoding -- it isn't needed when the log is being captured).