Why Service Control Manager provider doesn't generate any event id?

[subvert0r]

I am trying to get events related to service creation, and so far I have tried these:

Microsoft-Windows-Services
Service Control Manager
Service Control Manager Trace

But strangely, non of the above providers produce events when a service is created or started.

Then I looked into it, and figured that Service Control Manager and Service Control Manager Trace don't generate any event id at all! At least the Microsoft-Windows-Services generates some events at some point.

Question: Why when I register with Service Control Manager and Service Control Manager Trace without any filter, I don't get any event at all, no matter how long I keep it running and do all sorts of service related activity? When their callback is called, the event id and opcode id is just 0, and there is no property. Their event header is basically junk.

[swannman]

Hi @subvert0r, we aren't able to provide general assistance with Windows ETW providers in this repo.

[subvert0r]

Hi @subvert0r, we aren't able to provide general assistance with Windows ETW providers in this repo.

Understood, I edited the question title to make it less generic.
My main question is:

Question: Why when I register with Service Control Manager and Service Control Manager Trace without any filter, I don't get any event at all, no matter how long I keep it running and do all sorts of service related activity? When their callback is called, the event id and opcode id is just 0, and there is no property. Their event header is basically junk.