Document ETW providers
☆272Mar 28, 2020Updated 5 years ago
Alternatives and similar repositories for etw-providers-docs
Users that are interested in etw-providers-docs are comparing it to the libraries listed below
Sorting:
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆329May 2, 2024Updated last year
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆146Feb 23, 2019Updated 7 years ago
- View ETW Provider manifest☆575Nov 1, 2024Updated last year
- Event Tracing For Windows (ETW) Resources☆417Oct 30, 2025Updated 4 months ago
- KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.☆753Dec 15, 2025Updated 2 months ago
- Sysmon-Like research tool for ETW☆386Nov 15, 2022Updated 3 years ago
- Run Processes as PPL with ELAM☆177Mar 17, 2022Updated 3 years ago
- A collection of free miscellaneous Windows tools☆142Jul 22, 2025Updated 7 months ago
- Analyze Windows x64 Kernel Memory Layout☆129Nov 19, 2020Updated 5 years ago
- Process Monitor X v2☆648Jan 22, 2024Updated 2 years ago
- ☆824Jun 1, 2023Updated 2 years ago
- anti-ransomware file-system filter☆69Sep 3, 2024Updated last year
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆319Mar 20, 2024Updated last year
- Native API header files for the System Informer project.☆1,351May 25, 2025Updated 9 months ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- ☆29Nov 22, 2023Updated 2 years ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆169May 17, 2023Updated 2 years ago
- A POC for Windows Extension Host hooking☆24Jul 13, 2019Updated 6 years ago
- proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC☆1,272May 1, 2024Updated last year
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆301Apr 10, 2021Updated 4 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆240Nov 6, 2019Updated 6 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆197Dec 6, 2022Updated 3 years ago
- ☆181Apr 24, 2025Updated 10 months ago
- ☆261May 9, 2024Updated last year
- A kernel mode Windows rootkit in development.☆49Dec 31, 2021Updated 4 years ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆807Mar 16, 2024Updated last year
- Hyper-V Research is trendy now☆199May 6, 2024Updated last year
- APC Internals Research Code☆169Jun 28, 2020Updated 5 years ago
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆84Dec 21, 2022Updated 3 years ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆216Sep 17, 2019Updated 6 years ago
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆133May 17, 2023Updated 2 years ago
- ETW Python Library☆292Aug 11, 2023Updated 2 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆234Apr 2, 2022Updated 3 years ago
- Some Code Samples for Windows based Inter-Process-Communication (IPC)☆209Feb 29, 2024Updated 2 years ago
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)☆68Aug 11, 2023Updated 2 years ago
- Windows Registry Knowledge Base☆195Dec 23, 2025Updated 2 months ago
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆318Oct 13, 2024Updated last year
- Files for http://blog.deniable.org/posts/windows-callbacks/☆77Feb 26, 2022Updated 4 years ago
- InfinityHookPro Win7 -> Win11 latest☆551Feb 7, 2023Updated 3 years ago