Command line tracing tool for Windows, based on ETW.
☆689Oct 15, 2025Updated 4 months ago
Alternatives and similar repositories for wtrace
Users that are interested in wtrace are comparing it to the libraries listed below
Sorting:
- Command-line tool for ETW tracing on files and real-time events☆148Feb 27, 2019Updated 7 years ago
- A command line tool that sends its input data to a running procmon instance.☆15Feb 24, 2017Updated 9 years ago
- KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.☆753Dec 15, 2025Updated 2 months ago
- A PowerShell front-end for the Windows debugger engine.☆693Apr 3, 2024Updated last year
- reverse engineering extension plugin for windbg☆121Sep 30, 2019Updated 6 years ago
- A branch-monitor-based solution for process monitoring.☆138Feb 9, 2020Updated 6 years ago
- Monitor activity of any driver☆353Nov 2, 2020Updated 5 years ago
- ☆30May 23, 2017Updated 8 years ago
- Ruxcon2016 POC Code☆141Nov 21, 2016Updated 9 years ago
- User interface for recording and managing ETW traces☆1,647May 28, 2025Updated 9 months ago
- An instruction trace visualisation tool for dynamic program analysis☆370Dec 8, 2022Updated 3 years ago
- Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+☆747Jun 26, 2017Updated 8 years ago
- Old mitigation-bounty code that was applicable to edge before it use webkit/chrome☆87Dec 19, 2016Updated 9 years ago
- Using WinDBG to tap into JavaScript and help with deobfuscation and browser exploit detection☆82Mar 22, 2017Updated 8 years ago
- Set of tools to analyze Windows sandboxes for exposed attack surface.☆2,267Nov 6, 2025Updated 3 months ago
- ATrace is a tool for tracing execution of binaries on Windows.☆240Nov 19, 2025Updated 3 months ago
- Write minidumps of .NET processes with full memory, only CLR heaps, or no memory at all☆222Mar 15, 2019Updated 6 years ago
- RpcView is a free tool to explore and decompile Microsoft RPC interfaces☆1,043Sep 24, 2023Updated 2 years ago
- Dump and analyze .Net applications memory ( a gui for WinDbg and ClrMd )☆710Jun 25, 2020Updated 5 years ago
- windows kernel vulnerability found by me☆90Aug 28, 2017Updated 8 years ago
- A dirty IDAPython script to dump windows system call number/name pairs as JSON☆36Feb 13, 2017Updated 9 years ago
- ETW Python Library☆292Aug 11, 2023Updated 2 years ago
- A binary static analysis tool that provides security and correctness results for Windows Portable Executable and *nix ELF binary formats☆840Feb 25, 2026Updated last week
- My notes on software troubleshooting, covering debugging and tracing techniques and tools. Available at wtrace.net.☆344Feb 26, 2026Updated last week
- WinDBG Anti-RootKit Extension☆645Jul 29, 2020Updated 5 years ago
- ☆825Jun 1, 2023Updated 2 years ago
- Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.☆22May 31, 2017Updated 8 years ago
- Adversary tradecraft detection, protection, and hunting☆2,431Feb 24, 2026Updated last week
- Viewing NTFS alternate streams in files☆33Jul 19, 2017Updated 8 years ago
- Translates WinDbg "dt" structure dump to a C structure☆133Oct 16, 2016Updated 9 years ago
- DC25 5A1F - Demystifying Windows Kernel Exploitation by Abusing GDI Objects☆148Jul 30, 2017Updated 8 years ago
- Papers, blogposts, tutorials etc for learning about Windows kernel exploitation, internals and (r|b)ootkits☆415Jan 2, 2020Updated 6 years ago
- Windows Object Explorer 64-bit☆1,888Updated this week
- Examples of leaking Kernel Mode information from User Mode on Windows☆634Jul 7, 2017Updated 8 years ago
- Kernel Address Space Layout Randomization (KASLR) Recovery Software☆98Nov 26, 2016Updated 9 years ago
- ☆111Jul 16, 2016Updated 9 years ago
- Porting Windows Dynamic Link Libraries to Linux☆4,480Apr 10, 2025Updated 10 months ago
- Portable Executable parsing library, used by PEExplorer. Also available as a nuget package☆36Jan 11, 2018Updated 8 years ago
- The goal of the tool is to monitor requests received by selected device objects or kernel drivers. The tool is quite similar to IrpTracke…☆408Dec 27, 2024Updated last year