Simple project that demonstrates how an ETW consumer can be created just by using NTDLL
☆148Feb 23, 2019Updated 7 years ago
Alternatives and similar repositories for EtwConsumerNT
Users that are interested in EtwConsumerNT are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- This is the P.O.C source for hooking the system calls on Windows 10 (1903) using it's dynamic trace feature weakness☆58Sep 12, 2019Updated 6 years ago
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆183Nov 30, 2017Updated 8 years ago
- Windows Console Monitor☆34Jun 11, 2019Updated 6 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆108Apr 24, 2020Updated 6 years ago
- c++ implementation of windows heavens gate☆70Feb 12, 2021Updated 5 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆332May 2, 2024Updated 2 years ago
- kernel-mode TDI client which can send and receive HTTP requests☆56Jun 9, 2018Updated 7 years ago
- Trace events in real time sessions☆47Aug 25, 2023Updated 2 years ago
- ☆39Oct 29, 2020Updated 5 years ago
- Debugger extension for the Debugging Tools for Windows (WinDbg, KD, CDB, NTSD).☆68Nov 14, 2016Updated 9 years ago
- VT-based PCI device monitor (SPI)☆157Oct 29, 2020Updated 5 years ago
- View ETW Provider manifest☆600Nov 1, 2024Updated last year
- Driver demonstrating how to register a DPC to asynchronously wait on an object☆51Jan 15, 2021Updated 5 years ago
- Kernel Pool Monitor☆128Mar 6, 2022Updated 4 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Use ci.dll API for validating Authenticode signature of files☆169Mar 28, 2022Updated 4 years ago
- win10 pgContext dynamic dump (btc version)☆112Jan 15, 2020Updated 6 years ago
- a frame of amd-v svm nest☆53Apr 7, 2020Updated 6 years ago
- C++ STL in the Windows Kernel with C++ Exception Support☆435Aug 16, 2023Updated 2 years ago
- ☆175Sep 9, 2020Updated 5 years ago
- C++ Exceptions in Windows Drivers☆220Dec 21, 2020Updated 5 years ago
- Crash Windows 10 up to RS2 from an unprivileged process☆42Dec 10, 2017Updated 8 years ago
- Simple Demo of using Windows Hypervisor Platform☆29Jul 14, 2025Updated 10 months ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆243Nov 6, 2019Updated 6 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK☆546Sep 2, 2022Updated 3 years ago
- Sysmon shenanigans☆66Oct 9, 2020Updated 5 years ago
- Some garbage drivers written for getting started☆64Dec 31, 2019Updated 6 years ago
- Example of real-time Windows ETW packet capture session☆55Jul 12, 2017Updated 8 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆298Apr 10, 2021Updated 5 years ago
- Process Monitor X v2☆657Jan 22, 2024Updated 2 years ago
- An example of a client and server using Windows' ALPC functions to send and receive data.☆121Jan 21, 2025Updated last year
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆243Jul 26, 2020Updated 5 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆244Jul 7, 2021Updated 4 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- This driver implements the Intel Processor Trace functionality in Intel Skylake architecture for Microsoft Windows☆481Apr 17, 2018Updated 8 years ago
- Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+☆749Jun 26, 2017Updated 8 years ago
- Document ETW providers☆299Mar 28, 2020Updated 6 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆268Nov 18, 2022Updated 3 years ago
- ☆10Apr 19, 2026Updated last month
- The program draws with win32k gdi functions in the kernel while NtGdiDdDDISubmitCommand is being hooked.☆348Apr 27, 2020Updated 6 years ago
- Helper utility for debugging windows PE/PE+ loader.☆53Mar 15, 2015Updated 11 years ago