etw

C/C++ Performance Profiler

Adversary tradecraft detection, protection, and hunting

An advanced profiler for .NET Applications on Windows

KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.

Command line tracing tool for Windows, based on ETW.

A wireshark plugin to instrument ETW

Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.

Event Tracing For Windows (ETW) Resources

The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能， 而不用关心底层驱动的开发、维护和兼容性问题，让其可以专注于业务开发

My notes on software troubleshooting, covering debugging and tracing techniques and tools. Available at wtrace.net.

ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

ETW Python Library

Hades HIDS/HIPS for Windows

C# POC to extract NetNTLMv1/v2 hashes from ETW provider

Document ETW providers

CPU profiling trace viewer

A small real time SyncML protocol Viewer

Capture and parse CDP and LLDP packets on local or remote computers

Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool

Simple project that demonstrates how an ETW consumer can be created just by using NTDLL