repnz / etw-providers-docsLinks
Document ETW providers
☆251Updated 5 years ago
Alternatives and similar repositories for etw-providers-docs
Users that are interested in etw-providers-docs are comparing it to the libraries listed below
Sorting:
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆311Updated last year
- View ETW Provider manifest☆530Updated 11 months ago
- Sysmon-Like research tool for ETW☆364Updated 2 years ago
- KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.☆703Updated 6 months ago
- Some Code Samples for Windows based Inter-Process-Communication (IPC)☆200Updated last year
- Source code for File Test - Interactive File System Test Tool☆295Updated last month
- A collection of free miscellaneous Windows tools☆140Updated 2 months ago
- Run Processes as PPL with ELAM☆171Updated 3 years ago
- capemon: CAPE's monitor☆126Updated last week
- RPC Monitor tool based on Event Tracing for Windows☆372Updated last year
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆143Updated 6 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆290Updated 4 years ago
- This is a collection of interesting codes about Windows Process creation.☆239Updated last year
- Samples for the book Windows Kernel Programming, 2nd edition☆358Updated 2 months ago
- open source process monitor☆290Updated 5 months ago
- Process Monitor X v2☆633Updated last year
- Log ALPC activity☆84Updated 2 years ago
- ☆173Updated last year
- An example of a client and server using Windows' ALPC functions to send and receive data.☆105Updated 8 months ago
- Research on Windows Kernel Executive Callback Objects☆309Updated 5 years ago
- Useful scripts for WinDbg using the debugger data model☆421Updated last year
- APC Internals Research Code☆168Updated 5 years ago
- Authenticode Hash Calculator for PE32/PE32+ files☆114Updated 3 months ago
- Windows Filtering Platform Explorer☆295Updated last month
- ☆171Updated 5 years ago
- Hyper-V Research is trendy now☆186Updated last year
- This program can retrieve signature information from PE files which signed by one or more certificates on Windows. Supporting multi-signe…☆103Updated 3 years ago
- A DTrace on Windows Reimplementation☆358Updated 7 months ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆229Updated 5 years ago
- Asynchronous Procedure Calls☆236Updated 4 years ago