GitHub topics: etw
theSecHunter/Hades-Windows
Hades HIDS/HIPS for Windows
Language: C++ - Size: 484 MB - Last synced at: about 2 hours ago - Pushed at: about 9 hours ago - Stars: 280 - Forks: 94
google/orbit 📦
C/C++ Performance Profiler
Language: C++ - Size: 149 MB - Last synced at: 1 day ago - Pushed at: 4 months ago - Stars: 4,285 - Forks: 353
nasbench/EVTX-ETW-Resources
Event Tracing For Windows (ETW) Resources
Language: Python - Size: 697 MB - Last synced at: 3 days ago - Pushed at: 8 months ago - Stars: 387 - Forks: 74
rabbitstack/fibratus
Adversary tradecraft detection, protection, and hunting
Language: Go - Size: 17.3 MB - Last synced at: 4 days ago - Pushed at: 5 days ago - Stars: 2,342 - Forks: 198
microsoft/profile-explorer
CPU profiling trace viewer
Language: C# - Size: 70.8 MB - Last synced at: 6 days ago - Pushed at: 3 months ago - Stars: 202 - Forks: 15
n4r1b/ferrisetw
Basically a KrabsETW rip-off written in Rust
Language: Rust - Size: 299 KB - Last synced at: 4 days ago - Pushed at: 10 months ago - Stars: 70 - Forks: 25
xoofx/ultra
An advanced profiler for .NET Applications on Windows
Language: C# - Size: 8.97 MB - Last synced at: 7 days ago - Pushed at: 5 months ago - Stars: 1,057 - Forks: 15
microsoft/krabsetw
KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
Language: C++ - Size: 2.28 MB - Last synced at: 10 days ago - Pushed at: 3 months ago - Stars: 662 - Forks: 157
Siemens-Healthineers/ETWAnalyzer
Command line tool to analyze one/many ETW file/s with simple queries for common issues.
Language: C# - Size: 36.6 MB - Last synced at: 14 days ago - Pushed at: 14 days ago - Stars: 116 - Forks: 14
microsoft/tracelogging
TraceLogging events and tracing
Language: Rust - Size: 363 KB - Last synced at: 6 days ago - Pushed at: 18 days ago - Stars: 53 - Forks: 25
lowleveldesign/debug-recipes
My notes on software troubleshooting, covering debugging and tracing techniques and tools. Available at wtrace.net.
Language: HTML - Size: 15.2 MB - Last synced at: 12 days ago - Pushed at: 28 days ago - Stars: 334 - Forks: 71
olafhartong/PockETWatcher
a tiny program to consume from ETW providers for research
Language: Go - Size: 8.79 KB - Last synced at: 4 days ago - Pushed at: 5 months ago - Stars: 48 - Forks: 5
fafalone/EventTrace
Event Tracing fo Windows (ETW) File Activity Monitor, VB6/twinBASIC x64 port
Language: Visual Basic 6.0 - Size: 627 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 23 - Forks: 4
joaopinto15/WinAPI_Tracker
Windows process monitoring tool using ETW and Frida. Detects suspicious activity (e.g., PPID spoofing), injects into target processes, and logs WinAPI calls. Designed for real-time detection and background execution as a service.
Language: JavaScript - Size: 4.88 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0
EvilBytecode/Lifetime-Amsi-EtwPatch
Two in one, patch lifetime powershell console, no more etw and amsi!
Language: Go - Size: 10.7 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 88 - Forks: 18
LegendaryB/ProcessMonitoring
Library to monitor process starts and stops on Windows powered by C#
Language: C# - Size: 25.4 KB - Last synced at: 7 days ago - Pushed at: over 1 year ago - Stars: 6 - Forks: 2
nettitude/ETWHash
C# POC to extract NetNTLMv1/v2 hashes from ETW provider
Language: C# - Size: 9.77 KB - Last synced at: 11 days ago - Pushed at: about 2 years ago - Stars: 256 - Forks: 29
mochabyte0x/DumbETW
A proof of concept ETW consumer that captures userland events in real time, displays them, and saves them into an .etl file
Language: C - Size: 31.3 KB - Last synced at: 13 days ago - Pushed at: 3 months ago - Stars: 2 - Forks: 0
microsoft/ETW2JSON
Tool and library to convert ETW logs to JSON files
Language: C# - Size: 88.9 KB - Last synced at: 6 days ago - Pushed at: over 2 years ago - Stars: 89 - Forks: 20
DamonMohammadbagher/ETWProcessMon2
ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Language: C# - Size: 35 MB - Last synced at: 16 days ago - Pushed at: about 1 year ago - Stars: 301 - Forks: 70
okieselbach/SyncMLViewer
A small real time SyncML protocol Viewer
Language: C# - Size: 35.4 MB - Last synced at: about 2 months ago - Pushed at: 4 months ago - Stars: 174 - Forks: 24
whokilleddb/ETWListicle
List the ETW provider(s) in the registration table of a process.
Language: C - Size: 387 KB - Last synced at: about 2 months ago - Pushed at: over 1 year ago - Stars: 58 - Forks: 9
lowleveldesign/wtrace
Command line tracing tool for Windows, based on ETW.
Language: C# - Size: 5.86 MB - Last synced at: 11 days ago - Pushed at: over 1 year ago - Stars: 679 - Forks: 52
0xflux/ETW-Bypass-Rust
Event Tracing for Windows EDR bypass in Rust (usermode)
Language: Rust - Size: 15.6 KB - Last synced at: about 2 months ago - Pushed at: 12 months ago - Stars: 19 - Forks: 2
DamonMohammadbagher/Meterpreter_Payload_Detection
Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool
Language: C# - Size: 2.37 MB - Last synced at: 27 days ago - Pushed at: almost 2 years ago - Stars: 162 - Forks: 63
ProcessusT/UnhookingDLL
This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing
Language: C++ - Size: 44.9 KB - Last synced at: about 2 months ago - Pushed at: over 1 year ago - Stars: 69 - Forks: 12
mannyfred/MentalTi
Mentally ill EtwTi parser
Language: C++ - Size: 223 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 35 - Forks: 2
EvilBytecode/ETW-Patch
code snippet provided demonstrates how to patch the EtwEventWrite function in the ntdll.dll library on Windows using CGO (C Go).
Language: Go - Size: 4.88 KB - Last synced at: about 2 months ago - Pushed at: 11 months ago - Stars: 8 - Forks: 1
JetBrains/etw-host-service-updater
This tool allows customers of ETW host service apply security updates on Windows x86/x64/ARM64
Language: C# - Size: 146 KB - Last synced at: 7 days ago - Pushed at: 5 months ago - Stars: 6 - Forks: 1
DamonMohammadbagher/damonmohammadbagher.github.io
Language: HTML - Size: 147 MB - Last synced at: 28 days ago - Pushed at: about 1 year ago - Stars: 9 - Forks: 3
kwaclaw/KdSoft.EtwListener
Forward ETW events for centralized collection and analysis.
Language: C# - Size: 21.7 MB - Last synced at: 3 months ago - Pushed at: about 1 year ago - Stars: 2 - Forks: 2
wecooperate/iMonitorSDK
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
Language: C++ - Size: 58.1 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 346 - Forks: 82
DamonMohammadbagher/ETWNetMonv3
ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Language: C# - Size: 1.39 MB - Last synced at: about 2 months ago - Pushed at: almost 2 years ago - Stars: 39 - Forks: 13
MGTEK/pyetw
Python logging via Event Tracing for Windows (ETW)
Language: Python - Size: 19.5 KB - Last synced at: 4 days ago - Pushed at: over 2 years ago - Stars: 8 - Forks: 0
Expecho/SemanticLogging.Database.Xml 📦
SemanticLogging.Database.Xml is a sink for the Semantic Logging Application Block that exposes Event Source events to an Sql Server database. The payload data is stored in an xml document instead of a Json document
Language: C# - Size: 35.2 KB - Last synced at: 16 days ago - Pushed at: over 7 years ago - Stars: 2 - Forks: 0
Expecho/SemanticLogging.EventHub 📦
SemanticLogging.EventHub is a collection of sinks for the Semantic Logging Application Block that exposes Event Source events to an Azure Event Hub.
Language: C# - Size: 71.3 KB - Last synced at: about 2 months ago - Pushed at: over 6 years ago - Stars: 6 - Forks: 4
FredrikGoransson/CodeEffect.Diagnostics.EventSourceGenerator
entSourceGenerator automatically generates ETW EventSources for C# .NET projects
Language: C# - Size: 1.83 MB - Last synced at: 24 days ago - Pushed at: almost 8 years ago - Stars: 1 - Forks: 0
wbenny/EtwConsumerNT
Simple project that demonstrates how an ETW consumer can be created just by using NTDLL
Language: C++ - Size: 32.2 KB - Last synced at: about 2 months ago - Pushed at: over 6 years ago - Stars: 139 - Forks: 36
wuanzhuan/system_monitor
Monitor windows kernel event, based on etw, development in rust. A replacement of procmon. more events and useful filter. Typically can check handle leak for a few weeks.
Language: Rust - Size: 1.04 MB - Last synced at: 6 months ago - Pushed at: 6 months ago - Stars: 17 - Forks: 3
btungut/SimpleTracer 📦
Simplest way to listen and collect events for .Net/.Net Core applications.
Language: C# - Size: 63.5 KB - Last synced at: 24 days ago - Pushed at: over 3 years ago - Stars: 4 - Forks: 1
exoosh/AmnesicDPAPI
This attempts to reproduce/trigger an issue with the (classic) DPAPI being in an amnesic state on Windows 10/11 (credhist never gets updated, but master keys get re-generated)
Language: C# - Size: 16.6 KB - Last synced at: about 2 months ago - Pushed at: 6 months ago - Stars: 2 - Forks: 0
SwissLife-OSS/thor-generator
An Event Tracing for Windows (ETW) EventSource generator built on .Net Core 2.0
Language: C# - Size: 3.75 MB - Last synced at: about 2 months ago - Pushed at: over 2 years ago - Stars: 11 - Forks: 1
H4NM/WhoYouCalling
Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.
Language: C# - Size: 19.1 MB - Last synced at: 8 months ago - Pushed at: 8 months ago - Stars: 200 - Forks: 11
Chainski/Lifetime-Amsi-EtwPatch
Loads a C# binary in memory within powershell profile, patching AMSI + ETW.
Language: Nim - Size: 24.4 KB - Last synced at: about 2 months ago - Pushed at: 11 months ago - Stars: 4 - Forks: 2
microsoft/ApplicationInsights-dotnet-logging 📦
.NET Logging adaptors
Language: C# - Size: 5.89 MB - Last synced at: 6 days ago - Pushed at: over 2 years ago - Stars: 106 - Forks: 49
fireeye/pywintrace
ETW Python Library
Language: Python - Size: 201 KB - Last synced at: 11 months ago - Pushed at: almost 2 years ago - Stars: 262 - Forks: 59
itoleck/WindowsPerformance
Various Windows Performance files, scripts, settings and documents
Language: PowerShell - Size: 7.92 MB - Last synced at: 12 months ago - Pushed at: 12 months ago - Stars: 29 - Forks: 8
NLog/NLog.Etw
NLog Target for Event Tracing for Windows (ETW)
Language: C# - Size: 1.13 MB - Last synced at: 18 days ago - Pushed at: about 1 year ago - Stars: 13 - Forks: 4
jcapellman/WET
.NET 7 Windows Event Tracing wrapper library
Language: C# - Size: 156 KB - Last synced at: 23 days ago - Pushed at: about 1 year ago - Stars: 4 - Forks: 3
MSDN-WhiteKnight/HidLogger
USB HID ETW Logger Example
Language: C# - Size: 40 KB - Last synced at: 8 months ago - Pushed at: about 7 years ago - Stars: 6 - Forks: 3
lowleveldesign/dotnet-netrace 📦
Collects network traces of .NET applications.
Language: C# - Size: 115 KB - Last synced at: about 1 year ago - Pushed at: almost 4 years ago - Stars: 92 - Forks: 6
Donpedro13/etwprof
Sampling profiler for native applications on Windows, based on ETW
Language: C++ - Size: 1.14 MB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 62 - Forks: 12
passion1337/syscallHook
system call hook on 21h2
Language: C - Size: 46.9 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 1 - Forks: 0
bi-zone/etw
Go library for ETW (Event Tracing for Windows) events processing
Language: Go - Size: 112 KB - Last synced at: 12 months ago - Pushed at: almost 3 years ago - Stars: 58 - Forks: 19
flowerinthenight/rusttrace
A simple manifest-based ETW wrapper library for Rust in Windows.
Language: C - Size: 471 KB - Last synced at: about 1 month ago - Pushed at: over 8 years ago - Stars: 5 - Forks: 2
aelij/EventSourceExtensions 📦
A library for generating EventSource classes from interfaces at run-time
Language: C# - Size: 19.5 KB - Last synced at: 9 months ago - Pushed at: over 4 years ago - Stars: 4 - Forks: 3
AviAvni/NativeLeakDetector
Win32 memory leak detector with ETW
Language: C# - Size: 21.5 KB - Last synced at: about 2 months ago - Pushed at: over 7 years ago - Stars: 41 - Forks: 9
ww898/in_proc_etw
The internal Windows structures hack to create the in-process private ETW session
Language: C++ - Size: 14.6 KB - Last synced at: 3 months ago - Pushed at: over 8 years ago - Stars: 13 - Forks: 6
repnz/etw-providers-docs
Document ETW providers
Language: C - Size: 4.19 MB - Last synced at: over 1 year ago - Pushed at: about 5 years ago - Stars: 166 - Forks: 40
airbus-cert/Winshark
A wireshark plugin to instrument ETW
Language: Lua - Size: 15.2 MB - Last synced at: over 1 year ago - Pushed at: over 3 years ago - Stars: 500 - Forks: 55
huoji120/MakeInfinityHookGreatAgain
让Etwhook再次伟大! Make InfinityHook Great Again!
Language: C++ - Size: 217 KB - Last synced at: over 1 year ago - Pushed at: almost 4 years ago - Stars: 112 - Forks: 41
takahiro-hanada/etw-collector-ms-extensions-logging
ETW Collector for Microsoft-Extensions-Logging
Language: C# - Size: 45.9 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0
lahell/PSDiscoveryProtocol
Capture and parse CDP and LLDP packets on local or remote computers
Language: PowerShell - Size: 62.5 KB - Last synced at: over 1 year ago - Pushed at: almost 2 years ago - Stars: 117 - Forks: 24
exoosh/BSI_SystemActivityMonitor
System Activity Monitor (SAM) is a research tool that enables detailed recording of system and application behavior and resource usage.
Language: C++ - Size: 25.4 KB - Last synced at: 2 months ago - Pushed at: over 2 years ago - Stars: 1 - Forks: 0
PhDuck/ETW-f
A realtime ETW monitoring CLI. Named after tail -f
Language: C# - Size: 28.3 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 0
gix/event-trace-kit
Visual Studio Extension and tools to ease development using Event Tracing for Windows (ETW).
Language: C# - Size: 2.51 MB - Last synced at: 8 days ago - Pushed at: over 4 years ago - Stars: 14 - Forks: 4
airbus-cert/PSTrace
Trace ScriptBlock execution for powershell v2
Language: C - Size: 55.7 KB - Last synced at: over 1 year ago - Pushed at: over 5 years ago - Stars: 39 - Forks: 8
airbus-cert/etwbreaker
An IDA plugin to deal with Event Tracing for Windows (ETW)
Language: Python - Size: 1.37 MB - Last synced at: almost 2 years ago - Pushed at: almost 3 years ago - Stars: 49 - Forks: 20
ScriptIdiot/BOF-patchit
An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.
Language: C - Size: 33.2 KB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 74 - Forks: 15
ScriptIdiot/sleepmask_PatchlessHook
Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW
Language: C - Size: 10.7 KB - Last synced at: about 2 years ago - Pushed at: about 2 years ago - Stars: 29 - Forks: 3
airbus-cert/Splunk-ETW
A Splunk Technology Add-on to forward filtered ETW events.
Language: C# - Size: 3.04 MB - Last synced at: almost 2 years ago - Pushed at: over 4 years ago - Stars: 28 - Forks: 3
D4rkCorp/Introduction-to-BOF
A demo of the relevant blog post: Introduction to Beacon Object Files
Language: C - Size: 4.88 KB - Last synced at: about 2 years ago - Pushed at: about 2 years ago - Stars: 0 - Forks: 0
exct/Argon
Per-application network and processor usage monitoring with automated rule-based blocking of network and processor usage. Built on Event Tracing for Windows.
Language: C# - Size: 42 MB - Last synced at: over 2 years ago - Pushed at: almost 4 years ago - Stars: 3 - Forks: 0
Hagrid29/RemotePatcher
Patch AMSI and ETW in remote process via direct syscall
Language: C - Size: 10.7 KB - Last synced at: about 2 years ago - Pushed at: about 3 years ago - Stars: 47 - Forks: 9
szmania/mach_armchair_general_mods
Machiavelli's armchair general mods collection for Empire Total War.
Language: Lua - Size: 2.73 MB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 1 - Forks: 0
vector-sec/TA_ETW
Splunk Technology Add-On (TA) for collecting ETW events from Windows systems
Language: C# - Size: 172 KB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 17 - Forks: 4
nsacyber/PRUNE
Logs key Windows process performance metrics. #nsacyber
Language: C# - Size: 170 KB - Last synced at: over 2 years ago - Pushed at: over 2 years ago - Stars: 60 - Forks: 14
Expecho/Service-Fabric-Concept-Demos
Repository demonstrating various Service Fabric concepts like actor events & reminders and listening to configuration changes.
Language: C# - Size: 235 KB - Last synced at: about 2 months ago - Pushed at: about 6 years ago - Stars: 3 - Forks: 3
asgarciap/etw-dns
A simple example application to collect DNS queries logs using etw-api
Language: C++ - Size: 113 KB - Last synced at: over 2 years ago - Pushed at: about 5 years ago - Stars: 10 - Forks: 4
bnbdr/tracelogging
Tracelogging Providers in Python
Language: Python - Size: 27.3 KB - Last synced at: 5 days ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 0
SwissLife-OSS/thor-client
An ETW EventSource Tracing Core build on .Net Standard 2.0
Language: C# - Size: 515 KB - Last synced at: 16 days ago - Pushed at: almost 3 years ago - Stars: 11 - Forks: 1
SwissLife-OSS/thor-analyzer
An ETW EventSource analyzer build on .Net Standard 2.0
Language: C# - Size: 229 KB - Last synced at: 25 days ago - Pushed at: over 3 years ago - Stars: 3 - Forks: 0
MatusKysel/Diagnosing-Memory-Leaks
Diagnosing Native Memory Leaks with ETW and WPA
Language: Batchfile - Size: 5.86 KB - Last synced at: about 2 years ago - Pushed at: about 8 years ago - Stars: 2 - Forks: 2
zacbrown/flatkrabsetw
flatkrabsetw is a flat-C wrapper around the krabsetw C++ library. It's primarily meant for FFI usage in other languages.
Language: C++ - Size: 17.6 KB - Last synced at: about 2 years ago - Pushed at: over 6 years ago - Stars: 11 - Forks: 2
flowerinthenight/20170914-tokyo-mastercloud-presentation
2017-09-14 Tokyo MasterCloud presentation files.
Language: Go - Size: 1.57 MB - Last synced at: 3 months ago - Pushed at: over 7 years ago - Stars: 0 - Forks: 1
flowerinthenight/win32-etw-manifest
Generic ETW manifest file with a "key: value" format for events.
Language: C - Size: 637 KB - Last synced at: 3 months ago - Pushed at: almost 9 years ago - Stars: 2 - Forks: 0
reflectsoftware/reflectinsight-extensions-semanticlogging
A ReflectInsight Extension that receives logged messages from Semantic Logging (ETW) framework
Language: C# - Size: 28.3 KB - Last synced at: 14 days ago - Pushed at: over 6 years ago - Stars: 2 - Forks: 0
frankshearar/etwas
ETWas makes working with ETW easy
Language: F# - Size: 258 KB - Last synced at: 2 months ago - Pushed at: over 7 years ago - Stars: 1 - Forks: 1
kirillkovalenko/mtmerge
Windows MESSAGETABLE resource merge tool
Language: C# - Size: 8.79 KB - Last synced at: almost 2 years ago - Pushed at: over 7 years ago - Stars: 0 - Forks: 0
jymcheong/PSalander Fork of matthastings/PSalander
Language: PowerShell - Size: 56 MB - Last synced at: about 2 years ago - Pushed at: over 7 years ago - Stars: 0 - Forks: 0
FabricatorsGuild/FG.AutoLogger
AutoLogger simplifies logging in .NET solutions without adding overhead to your code
Language: C# - Size: 45.3 MB - Last synced at: about 1 year ago - Pushed at: about 7 years ago - Stars: 1 - Forks: 1
