-
There is currently no documentation on using ETW in your own applications for logging, besides some random blog posts and the limited samples in class documentations.
ETW is great but with no docum…
-
Hi, thanks for your job!
when i install dependencie, etw_pytorch_utils it not found. Bo you konw how to install it?
-
On Windows, when coreclr loads R2R-built jit assemblies are loaded, symbols from them can be resolved using PDB files and everything works fine. On macOS (and probably linux, since they share the same…
vvuk updated
4 months ago
-
eBPF for Windows should support ETW, syscall and kprobe style hooks
One of the strong points of BPF on Linux is the ability to execute BPF programs in response to kprobes and system calls. This pro…
-
Currently, the ETW input exposes the `match_any_keyword` option to filter events for a specific provider. It works for most use cases and is the filtering mechanism that most users are familiar with.
…
-
if we can extract the registry changes through ETW logs and map them to respective registry keys then it'll be good
-
# The problem
The Windows threat landscape is rapidly evolving, and the visibility provided by Osquery should be able to evolve as well. Modern threat detection engineering runs on OS visibility.
…
-
# Feature request
### What new feature do you want?
This feature request aims to capture the list of evented tables that could be implemented using Windows ETW. This information is going to be …
-
https://docs.microsoft.com/en-us/windows/win32/etw/about-event-tracing - not sure if that would be faster or slower than Kernel hooking. There's a chance it might be simpler though. See https://github…
-
I am using "Microsoft-Windows-Kernel-Audit-API-Calls to monitor usage of "SetThreadContext" API. It is working fine for 64 bit process. But when I use 32 bit process which call SetThreadContext() API.…