microsoft krabsetw issues

microsoft / krabsetw

KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.

Other

610 stars 149 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Only allocate one EventRecordMetadata^ and reuse it for RawProvider events

#250 mjeong92 closed 1 week ago
0
Strange TdhGetEventInformation failure for SampleProf events

#249 clemenswasser opened 1 week ago
0
what is object_manager_provider?

#248 Kwansy98 closed 3 weeks ago
2
How to access member of a class during inside callback function ?

#247 Tanuj22 opened 1 month ago
2
Question: can I use krabsetw for past events?

#246 LucioDonda opened 1 month ago
1
KERNEL_AUDIT_API_SETCONTEXTTHREAD not logs for syswow64 process .

#245 DefenderLab opened 2 months ago
1
Add or update NuGet.Config per Microsoft SFI requirements

#244 amarshroff closed 1 week ago
0
Update nuspec versions.

#243 kylereedmsft closed 2 months ago
0
Add support for parsing and caching TraceLogging events.

#242 kylereedmsft closed 2 months ago
0
Correctly handle kernel addresses in an x86 stack trace

#241 mihai12p closed 3 months ago
7
GetTraceDataProviders in provider.hpp has high CPU usage and takes 2-3 second to return?

#240 rjadidi920 opened 4 months ago
0
Align assembly version with package version.

#239 HydrophobicMinghao closed 5 months ago
0
Could not load Microsoft.O365.Security.Native.ETW in C# .NET 6.0

#238 gleen-code closed 5 months ago
2
Getting PMC data

#237 SpencerTSmith closed 5 months ago
1
Update package versions and release notes.

#236 HydrophobicMinghao closed 5 months ago
1
Missing events when event burst happen even after setting the EVENT_TRACE_PROPERTIES to large number of buffers?

#235 subvert0r opened 5 months ago
3
Add Windows ARM64 port for managed wrappers.

#234 HydrophobicMinghao closed 5 months ago
3
NuGet feeds are not compliant with NuGet feed security requirements

#233 matt-vanderkolk closed 7 months ago
1
Couldn't installed KrabsETW nuget package via Visual Studio 2022

#232 KnightChaser opened 8 months ago
0
Fix errors in clang

#231 gmh5225 closed 8 months ago
1
both Windows XP and Windows 2008 support ETW. Why not support these two systems?

#230 zhuxiujia opened 9 months ago
1
Does krabs etw handle trace closure in case of program crash? Can it cause a problem in enabling and starting the same session again?

#229 subvert0r closed 9 months ago
2
Can't query providers infomation using logman when setup a kernel trace using krabs::kernel::virtual_alloc_provider provider.

#228 Cishanduwang closed 9 months ago
1
Create testfile.md

#227 x86phil closed 10 months ago
0
Stability fixes in native code

#226 starix opened 10 months ago
0
Why Service Control Manager provider doesn't generate any event id?

#225 subvert0r opened 10 months ago
2
Possible ways to protect ETW trace sessions from getting stopped?

#224 subvert0r closed 10 months ago
1
Does krabs c++ library support c++11? What about v120 platform toolset?

#223 subvert0r closed 10 months ago
1
Expose ExtendedData

#222 ps1337 opened 11 months ago
1
Ability to control EVENT_FILTER_DESCRIPTOR

#221 ps1337 opened 11 months ago
1
Benefits and drawbacks of using a kernel_trace vs a user_trace for consuming an event which is in both?

#220 subvert0r closed 10 months ago
5
Correct way for copying every info related to a given event in my event callback and passing it to another thread?

#219 subvert0r closed 11 months ago
1
No proper explanation for kernel_trace vs user_trace?

#218 subvert0r closed 11 months ago
3
Errors in file code

#217 S-p-y-C opened 1 year ago
0
need support vs2022

#216 WangHHY19931001 opened 1 year ago
0
#214

#215 kaaleksandr closed 1 year ago
3
Add out type for the property (_TDH_OUT_TYPE)

#214 kaaleksandr closed 1 year ago
1
[Help] i use c++ 11 and i create a payload filter then failed , status = ERROR_NOT_FOUND

#213 ShiverZm opened 1 year ago
0
The object_manager_provider does not support DuplicateHandle events

#212 jstarink opened 1 year ago
1
Parsing .NET EventSource

#211 bobsira opened 1 year ago
1
Add a trace interface to enable ignoring MOF events

#210 acyr opened 1 year ago
2
Add a method to return the provider GUID from a given schema

#209 acyr closed 1 year ago
0
How to get the user mode call stack

#208 slayercat opened 1 year ago
0
Add trace parsing from a file instead of realtime

#206 acyr closed 1 year ago
2
Expose ExtendedData in a more general way.

#205 kylereedmsft opened 1 year ago
0
add call stack enrichment to the C# example

#204 jdu2600 closed 2 years ago
0
heap alloc etw don't work

#203 chena1982 opened 2 years ago
1
Use krabsetw to detect .Net memory loading

#202 findream opened 2 years ago
0
"no_trace_sessions_remaining" exception

#201 findream closed 2 years ago
1
Possible race condition

#200 daladim opened 2 years ago
1