Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.
.NET 7 Windows Event Tracing wrapper library
A platform-independent CLI tool for converting Windows ETL (Event Trace Log) files to JSON without any dependencies on Windows TDH.dll.
Event formats used in Event Tracing for Windows (ETW). Platform-independent Rust datatypes and parsers to interpret Windows native binary representations of ETW data without any dependencies on Windows TDH.dll.
Parser and Rust datatypes for Microsoft Windows instrumentation manifests.
A platform-independent CLI tool for converting XED2 (Extracted Event Data Version 2) files or event streams to JSON without any dependencies on Windows TDH.dll.
A plattform agnostic Rust library to parse Windows Event Trace Logs (ETL) without Windows dependencies.
Software and artifacts related to “ETW through VMI: Hypervisor‑Level Collection of Windows ETW Telemetry”
This DRAKVUF plugin enables VMI-based monitoring of emitted ETW events (Event Tracing for Windows).
Four small useless ETW providers to test ETW provider activation, event creation and signalling.
A platform of independent parsers and analysis tools for ETW event data. Enables the parsing of ETL and XED trace logs without relying on Windows libraries.
PyKD script for WinDBG/KD to monitor ETW events.
This repo contains shared C++ code that is used by some of my other ETW repos.
Simple ETW controller app to test ETW session creation and configuration.
Add a description, image, and links to the windows-event-tracing topic page so that developers can more easily learn about it.
To associate your repository with the windows-event-tracing topic, visit your repo's landing page and select "manage topics."