Elastic Windows Event Explorer


Publisher - Microsoft-Windows-DotNETRuntimeRundown

Event ID 154 v2

Message:

ModuleID=%{ModuleID};
AssemblyID=%{AssemblyID};
ModuleFlags=%{ModuleFlags};
ModuleILPath=%{Reserved1};
ModuleNativePath=%{ModuleILPath};
ClrInstanceID=%{ModuleNativePath};
ManagedPdbSignature=%{ClrInstanceID};
ManagedPdbAge=%{ManagedPdbSignature};
ManagedPdbBuildPath=%{ManagedPdbAge};
NativePdbSignature=%{ManagedPdbBuildPath};
NativePdbAge=%{NativePdbSignature};
NativePdbBuildPath=%{NativePdbAge}

Event Data:

# Name In Type
Out Type
1 ModuleID win:UInt64 win:HexInt64
2 AssemblyID win:UInt64 win:HexInt64
3 ModuleFlags win:UInt32 xs:unsignedInt
4 Reserved1 win:UInt32 xs:unsignedInt
5 ModuleILPath win:UnicodeString xs:string
6 ModuleNativePath win:UnicodeString xs:string
7 ClrInstanceID win:UInt16 xs:unsignedShort
8 ManagedPdbSignature win:GUID xs:GUID
9 ManagedPdbAge win:UInt32 xs:unsignedInt
10 ManagedPdbBuildPath win:UnicodeString xs:string
11 NativePdbSignature win:GUID xs:GUID
12 NativePdbAge win:UInt32 xs:unsignedInt
13 NativePdbBuildPath win:UnicodeString xs:string

Observed Windows Versions:

Version: 2

Fingerprint: MCHDDWTGSEGVQ