wbenny / EtwConsumerNTView external linksLinks
Simple project that demonstrates how an ETW consumer can be created just by using NTDLL
☆146Feb 23, 2019Updated 6 years ago
Alternatives and similar repositories for EtwConsumerNT
Users that are interested in EtwConsumerNT are comparing it to the libraries listed below
Sorting:
- This is the P.O.C source for hooking the system calls on Windows 10 (1903) using it's dynamic trace feature weakness☆53Sep 12, 2019Updated 6 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆110Apr 24, 2020Updated 5 years ago
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆183Nov 30, 2017Updated 8 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆329May 2, 2024Updated last year
- c++ implementation of windows heavens gate☆70Feb 12, 2021Updated 5 years ago
- Kernel Pool Monitor☆127Mar 6, 2022Updated 3 years ago
- ☆39Oct 29, 2020Updated 5 years ago
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- kernel-mode TDI client which can send and receive HTTP requests☆56Jun 9, 2018Updated 7 years ago
- C++ Exceptions in Windows Drivers☆221Dec 21, 2020Updated 5 years ago
- Windows Console Monitor☆34Jun 11, 2019Updated 6 years ago
- Use ci.dll API for validating Authenticode signature of files☆166Mar 28, 2022Updated 3 years ago
- Debugger extension for the Debugging Tools for Windows (WinDbg, KD, CDB, NTSD).☆69Nov 14, 2016Updated 9 years ago
- Driver demonstrating how to register a DPC to asynchronously wait on an object☆50Jan 15, 2021Updated 5 years ago
- View ETW Provider manifest☆570Nov 1, 2024Updated last year
- C++ STL in the Windows Kernel with C++ Exception Support☆434Aug 16, 2023Updated 2 years ago
- win10 pgContext dynamic dump (btc version)☆110Jan 15, 2020Updated 6 years ago
- Trace events in real time sessions☆47Aug 25, 2023Updated 2 years ago
- a frame of amd-v svm nest☆53Apr 7, 2020Updated 5 years ago
- Helper utility for debugging windows PE/PE+ loader.☆52Mar 15, 2015Updated 10 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆242Jul 7, 2021Updated 4 years ago
- Some garbage drivers written for getting started☆66Dec 31, 2019Updated 6 years ago
- ☆174Sep 9, 2020Updated 5 years ago
- Simple Demo of using Windows Hypervisor Platform☆29Jul 14, 2025Updated 7 months ago
- Sysmon shenanigans☆66Oct 9, 2020Updated 5 years ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆232Jul 26, 2020Updated 5 years ago
- Document ETW providers☆267Mar 28, 2020Updated 5 years ago
- Monitor ETW events for Windows process mitigation policies, with stack traces☆31Oct 7, 2022Updated 3 years ago
- Analyze Windows x64 Kernel Memory Layout☆129Nov 19, 2020Updated 5 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆239Nov 6, 2019Updated 6 years ago
- This driver implements the Intel Processor Trace functionality in Intel Skylake architecture for Microsoft Windows☆463Apr 17, 2018Updated 7 years ago
- Code to make it easier to write an NDIS network driver on Windows☆92Oct 1, 2023Updated 2 years ago
- KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK☆541Sep 2, 2022Updated 3 years ago
- Example of real-time Windows ETW packet capture session☆54Jul 12, 2017Updated 8 years ago
- Process Monitor X v2☆648Jan 22, 2024Updated 2 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆145Sep 5, 2020Updated 5 years ago
- Crash Windows 10 up to RS2 from an unprivileged process☆42Dec 10, 2017Updated 8 years ago
- An example of a client and server using Windows' ALPC functions to send and receive data.☆115Jan 21, 2025Updated last year
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆66Apr 4, 2020Updated 5 years ago