{{ message }}
C/C++ Performance Profiler
Command line tracing tool for Windows, based on ETW.
KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool
系统监控开发套件(sysmon、promon、edr、终端安全、主机安全、零信任、上网行为管理)
.NET Logging adaptors
Simple project that demonstrates how an ETW consumer can be created just by using NTDLL
Collects network traces of .NET applications.
ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Logs key Windows process performance metrics. #nsacyber
Trace ScriptBlock execution for powershell v2
Go library for ETW (Event Tracing for Windows) events processing
ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
A Splunk Technology Add-on to forward filtered ETW events.
Open Power Performance Analysis Tool
Command line tool to analyze one/many ETW file/s with simple queries for common issues.
Add a description, image, and links to the etw topic page so that developers can more easily learn about it.
To associate your repository with the etw topic, visit your repo's landing page and select "manage topics."
Currently, profiling can end because of two “triggers” (not considering errors):
Point 1.) is achieved with waiting on the target process’ HANDLE, and explicitly stopping the profiler, when the object gets signaled.
Point 2.) is dealt with using a Console Control Handler.
It would be useful to introduce another mechani