etw

C/C++ Performance Profiler

Command line tracing tool for Windows, based on ETW.

KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.

A wireshark plugin to instrument ETW

My notes collected while debugging various problems in .NET and native applications.

ETW Python Library

系统监控开发套件（sysmon、promon、edr、终端安全、主机安全、零信任、上网行为管理）

Event Tracing For Windows (ETW) Resources

Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool

Document ETW providers

ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

Simple project that demonstrates how an ETW consumer can be created just by using NTDLL

.NET Logging adaptors

让Etwhook再次伟大! Make InfinityHook Great Again!

Capture and parse CDP and LLDP packets on local or remote computers

Collects network traces of .NET applications.

Tool and library to convert ETW logs to JSON files

An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.

Command line tool to analyze one/many ETW file/s with simple queries for common issues.

Logs key Windows process performance metrics. #nsacyber