Simple project that demonstrates how an ETW consumer can be created just by using NTDLL
☆147Feb 23, 2019Updated 7 years ago
Alternatives and similar repositories for EtwConsumerNT
Users that are interested in EtwConsumerNT are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- This is the P.O.C source for hooking the system calls on Windows 10 (1903) using it's dynamic trace feature weakness☆58Sep 12, 2019Updated 6 years ago
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆184Nov 30, 2017Updated 8 years ago
- Windows Console Monitor☆34Jun 11, 2019Updated 6 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆110Apr 24, 2020Updated 6 years ago
- c++ implementation of windows heavens gate☆71Feb 12, 2021Updated 5 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆333May 2, 2024Updated 2 years ago
- kernel-mode TDI client which can send and receive HTTP requests☆56Jun 9, 2018Updated 7 years ago
- Trace events in real time sessions☆47Aug 25, 2023Updated 2 years ago
- ☆39Oct 29, 2020Updated 5 years ago
- Debugger extension for the Debugging Tools for Windows (WinDbg, KD, CDB, NTSD).☆69Nov 14, 2016Updated 9 years ago
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- View ETW Provider manifest��☆596Nov 1, 2024Updated last year
- Driver demonstrating how to register a DPC to asynchronously wait on an object☆51Jan 15, 2021Updated 5 years ago
- Kernel Pool Monitor☆128Mar 6, 2022Updated 4 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Use ci.dll API for validating Authenticode signature of files☆168Mar 28, 2022Updated 4 years ago
- win10 pgContext dynamic dump (btc version)☆111Jan 15, 2020Updated 6 years ago
- a frame of amd-v svm nest☆54Apr 7, 2020Updated 6 years ago
- C++ STL in the Windows Kernel with C++ Exception Support☆437Aug 16, 2023Updated 2 years ago
- ☆175Sep 9, 2020Updated 5 years ago
- C++ Exceptions in Windows Drivers☆220Dec 21, 2020Updated 5 years ago
- Crash Windows 10 up to RS2 from an unprivileged process☆42Dec 10, 2017Updated 8 years ago
- Simple Demo of using Windows Hypervisor Platform☆29Jul 14, 2025Updated 9 months ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆242Nov 6, 2019Updated 6 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK☆544Sep 2, 2022Updated 3 years ago
- Sysmon shenanigans☆66Oct 9, 2020Updated 5 years ago
- Some garbage drivers written for getting started☆65Dec 31, 2019Updated 6 years ago
- Example of real-time Windows ETW packet capture session☆54Jul 12, 2017Updated 8 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆299Apr 10, 2021Updated 5 years ago
- Process Monitor X v2☆654Jan 22, 2024Updated 2 years ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M��…☆244Jul 26, 2020Updated 5 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆243Jul 7, 2021Updated 4 years ago
- This driver implements the Intel Processor Trace functionality in Intel Skylake architecture for Microsoft Windows☆476Apr 17, 2018Updated 8 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+☆749Jun 26, 2017Updated 8 years ago
- Document ETW providers☆296Mar 28, 2020Updated 6 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆268Nov 18, 2022Updated 3 years ago
- ☆10Apr 19, 2026Updated 2 weeks ago
- Helper utility for debugging windows PE/PE+ loader.☆53Mar 15, 2015Updated 11 years ago
- The history of Windows Internals via symbols.☆181Nov 4, 2021Updated 4 years ago
- Windows system repair tool☆18Jun 2, 2021Updated 4 years ago