swannman
commented
5 years ago It would be very cool to have an ETW-like API for Linux. However I would recommend starting that in a new repo rather than here in krabsetw.
Closed issaharnoam closed 5 years ago
swannman
commented
5 years ago It would be very cool to have an ETW-like API for Linux. However I would recommend starting that in a new repo rather than here in krabsetw.
issaharnoam
commented
5 years ago Thanks.
Last half year I am working on Linux programming and using Netlink api. I think there is an potion to create krabs provider running on Linux. It is not a simple project. Netlink is the socket which can be opened by application running as administrator (root) to kernel and it gets messages about what is happening, e.g. process start stop, ip routing etc... there are additional apis that can be used to leasten for filesystem, etc... The code can be easily organized as VS project and compiled using Linux add in in Visual studio 2015 and later.
The question is the krabs authors are interested in such an addition. (and in future - may be adding Mac). I would like to know your opinions about that. Thanks.