wbenny/EtwConsumerNT external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

wbenny/EtwConsumerNT

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/wbenny/EtwConsumerNT)

Close

wbenny / EtwConsumerNTView on GitHubMore

• External links
• Readme badge

Simple project that demonstrates how an ETW consumer can be created just by using NTDLL

☆146Feb 23, 2019Updated 7 years ago

Alternatives and similar repositories for EtwConsumerNT

Users that are interested in EtwConsumerNT are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• 0ffffffffh / system_call_hook_win10_1903

  View on GitHub
  This is the P.O.C source for hooking the system calls on Windows 10 (1903) using it's dynamic trace feature weakness
  ☆58Sep 12, 2019Updated 6 years ago
• secrary / Hooking-via-InstrumentationCallback

  View on GitHub
  codes for my blog post: https://secrary.com/Random/InstrumentationCallback/
  ☆182Nov 30, 2017Updated 8 years ago
• MiroKaku / ConMon

  View on GitHub
  Windows Console Monitor
  ☆34Jun 11, 2019Updated 6 years ago
• yardenshafir / SymlinkCallback

  View on GitHub
  A driver that hooks C: volume using symbolic link callback to track all FS access to the volume
  ☆109Apr 24, 2020Updated 5 years ago
• bb107 / RtlWow64

  View on GitHub
  c++ implementation of windows heavens gate
  ☆71Feb 12, 2021Updated 5 years ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• jdu2600 / Windows10EtwEvents

  View on GitHub
  Events from all manifest-based and mof-based ETW providers across Windows 10 versions
  ☆332May 2, 2024Updated last year
• alexvogt91 / NetDriver

  View on GitHub
  kernel-mode TDI client which can send and receive HTTP requests
  ☆56Jun 9, 2018Updated 7 years ago
• Biswa96 / TraceEvent

  View on GitHub
  Trace events in real time sessions
  ☆47Aug 25, 2023Updated 2 years ago
• KelvinMsft / UsbMon

  View on GitHub
  ☆39Oct 29, 2020Updated 5 years ago
• AndreyBazhan / DbgExt

  View on GitHub
  Debugger extension for the Debugging Tools for Windows (WinDbg, KD, CDB, NTSD).
  ☆69Nov 14, 2016Updated 9 years ago
• KelvinMsft / DeviceMon

  View on GitHub
  VT-based PCI device monitor (SPI)
  ☆158Oct 29, 2020Updated 5 years ago
• zodiacon / EtwExplorer

  View on GitHub
  View ETW Provider manifest
  ☆577Nov 1, 2024Updated last year
• zodiacon / PoolMonXv2

  View on GitHub
  Kernel Pool Monitor
  ☆128Mar 6, 2022Updated 4 years ago
• yardenshafir / DpcWait

  View on GitHub
  Driver demonstrating how to register a DPC to asynchronously wait on an object
  ☆51Jan 15, 2021Updated 5 years ago
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• Ido-Moshe-Github / CiDllDemo

  View on GitHub
  Use ci.dll API for validating Authenticode signature of files
  ☆168Mar 28, 2022Updated 3 years ago
• zhuhuibeishadiao / PatchGuardResearch

  View on GitHub
  win10 pgContext dynamic dump (btc version)
  ☆110Jan 15, 2020Updated 6 years ago
• hrbust86 / SvmNest

  View on GitHub
  a frame of amd-v svm nest
  ☆53Apr 7, 2020Updated 5 years ago
• jxy-s / stlkrn

  View on GitHub
  C++ STL in the Windows Kernel with C++ Exception Support
  ☆434Aug 16, 2023Updated 2 years ago
• basketwill / Sysmon_reverse

  View on GitHub
  ☆174Sep 9, 2020Updated 5 years ago
• avakar / vcrtl

  View on GitHub
  C++ Exceptions in Windows Drivers
  ☆223Dec 21, 2020Updated 5 years ago
• Mattiwatti / BSOD10

  View on GitHub
  Crash Windows 10 up to RS2 from an unprivileged process
  ☆42Dec 10, 2017Updated 8 years ago
• 0xcpu / WinAltSyscallHandler

  View on GitHub
  Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999
  ☆241Nov 6, 2019Updated 6 years ago
• Zero-Tang / SimpleWhpDemo

  View on GitHub
  Simple Demo of using Windows Hypervisor Platform
  ☆29Jul 14, 2025Updated 8 months ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• wbenny / KSOCKET

  View on GitHub
  KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK
  ☆542Sep 2, 2022Updated 3 years ago
• NtRaiseHardError / Sysmon

  View on GitHub
  Sysmon shenanigans
  ☆66Oct 9, 2020Updated 5 years ago
• zhuhuibeishadiao / JunkDriveOpenSource

  View on GitHub
  Some garbage drivers written for getting started
  ☆65Dec 31, 2019Updated 6 years ago
• packetzero / etwrealtime

  View on GitHub
  Example of real-time Windows ETW packet capture session
  ☆55Jul 12, 2017Updated 8 years ago
• xuanxuan0 / TiEtwAgent

  View on GitHub
  PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
  ☆300Apr 10, 2021Updated 4 years ago
• zodiacon / ProcMonXv2

  View on GitHub
  Process Monitor X v2
  ☆652Jan 22, 2024Updated 2 years ago
• IgorKorkin / MemoryRanger

  View on GitHub
  MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…
  ☆233Jul 26, 2020Updated 5 years ago
• kkent030315 / PageTableInjection

  View on GitHub
  Code Injection, Inject malicious payload via pagetables pml4.
  ☆242Jul 7, 2021Updated 4 years ago
• intelpt / WindowsIntelPT

  View on GitHub
  This driver implements the Intel Processor Trace functionality in Intel Skylake architecture for Microsoft Windows
  ☆466Apr 17, 2018Updated 7 years ago
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• hzqst / Syscall-Monitor

  View on GitHub
  Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+
  ☆747Jun 26, 2017Updated 8 years ago
• paranoidninja / Process-Instrumentation-Syscall-Hook

  View on GitHub
  A simple program to hook the current process to identify the manual syscall executions on windows
  ☆266Nov 18, 2022Updated 3 years ago
• AndreyBazhan / SymStore

  View on GitHub
  The history of Windows Internals via symbols.
  ☆181Nov 4, 2021Updated 4 years ago
• rwfpl / rewolf-ldrdebug

  View on GitHub
  Helper utility for debugging windows PE/PE+ loader.
  ☆52Mar 15, 2015Updated 11 years ago
• NoMercy-ac / SystemHealthCheck

  View on GitHub
  Windows system repair tool
  ☆18Jun 2, 2021Updated 4 years ago
• repnz / etw-providers-docs

  View on GitHub
  Document ETW providers
  ☆277Mar 28, 2020Updated 5 years ago
• yjugl / mitimon

  View on GitHub
  Monitor ETW events for Windows process mitigation policies, with stack traces
  ☆31Oct 7, 2022Updated 3 years ago