swannman
commented
3 years ago This is no longer needed. The source of this issue is another process which improperly opened a manifest-based ETW provider as a .NET EventSource provider, in which case the listener can send commands back to the provider by creating events on the same provider GUID which is wholly unexpected.
Ref section 5.5 in this EventSource design doc and EventCommand in EventSource.cs.
In some cases we receive events that should have been filtered by the provider-based filter (EnableFilterDesc) and whose schema cannot be found, leading to a could_not_find_schema exception.
This seems to occur when another trace session is registered on the same machine.
To avoid this, check against the list of provider-based filter event IDs and do not forward the event if it is not on the list.