I'm trying to monitor the change of registry, using the manifest-based ETW (written in C++, krabsetw library). I have seen this site (https://social.msdn.microsoft.com/Forums/windows/en-US/ff07fc25-31e3-4b6f-810e-7a1ee458084b/etw-registry-monitoring?forum=etw), but I can not find the KCB related event in Microsoft-Windows-Kernel-Registry provider, both in logman and this website (https://github.com/jdu2600/Windows10EtwEvents/blob/master/manifest/Microsoft-Windows-Kernel-Registry.tsv). So maybe I can not use the manifest-based ETW to trace the KCB event?
This blog (https://lowleveldesign.wordpress.com/2020/08/20/monitoring-registry-activity-with-etw/) also provides a way to monitor registry, it seems to use the manifest-base ETW, right? So maybe there are some hidden opcodes or events in Microsoft-Windows-Kernel-Registry ?
I will be very grateful if someone can answer me or the alternative method, TY.