issues
search
microsoft
/
krabsetw
KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
Other
588
stars
147
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
schema_key::operator== is inconsistent with std::hash<schema_key> specialisation
#139
davemcincork
closed
3 years ago
4
How to use kernel rundown provider with krabsetw
#138
DavidXanatos
closed
3 years ago
12
How to retrieve ComputerName and EventRecordId parameters
#137
ali63yavari
closed
3 years ago
9
Error Not Found when trying to parse events from SCM provider
#136
bclin717
closed
3 years ago
0
added a WPP trace example (#66)
#135
jdu2600
closed
4 years ago
3
Remove krabs.cpp reference and add missing header
#134
pravic
closed
4 years ago
3
krabsetw.targets still uses krabs.cpp
#133
pravic
closed
4 years ago
0
Enable parsing TDH_IN_POINTER types
#132
pathtofile
closed
4 years ago
6
fixed schema event_name parsing
#131
pathtofile
closed
4 years ago
0
Bring back process api for trace
#130
jrave
closed
4 years ago
3
exposed activityId into schema
#129
pathtofile
closed
4 years ago
0
added krabs::sid to parse TDH_INTYPE_SID and TDH_INTYPE_WBEMSID types
#128
pathtofile
closed
4 years ago
0
Fix compiler errors when winternl.h is included before krabs.hpp.
#127
dravenson
closed
4 years ago
2
Remove Boost Dependency
#126
turingcompl33t
closed
4 years ago
6
Read container ID from event extended data
#125
andrewgu
closed
4 years ago
1
Feature/vector predicates
#124
pathtofile
closed
4 years ago
3
Feature/and or vectors
#123
pathtofile
closed
4 years ago
1
ANDing/ORing predicates could be better
#122
pathtofile
closed
4 years ago
4
[WIP] And/Or/Not Vector predicates
#121
pathtofile
closed
4 years ago
1
Adds TraceFlags property to RawProvider for parity with Provider.
#120
andrewgu
closed
4 years ago
0
Update schema to support TraceLogging events
#119
pskhodad
closed
4 years ago
1
Add getter for property Provider.TraceFlags
#118
andrewgu
closed
4 years ago
1
Update nuspec
#117
swannman
closed
4 years ago
0
Widen trace_flags_ to ULONG to match ENABLE_TRACE_PARAMETERS.EnableProperty
#116
andrewgu
closed
4 years ago
1
Suppress wchar_t to char narrowing when constructing error messages
#115
swannman
closed
4 years ago
0
Compiler warning-as-error for implicit narrowing of wchar_t to char in VS2019
#114
andrewgu
closed
4 years ago
0
Fixed Windows 7 support (#110)
#113
jdu2600
closed
4 years ago
5
Create github action ci flow
#112
jrave
closed
4 years ago
0
Fix record builder for TDH_INTYPE_SID
#111
jrave
closed
4 years ago
0
Fix for Windows 7 compatibility of group mask feature
#110
jrave
closed
4 years ago
5
Latest changes break compatibility with Windows 7
#109
jrave
closed
4 years ago
2
added PERFINFO_GROUPMASK typedefs and macros
#108
jdu2600
closed
4 years ago
1
added support for additional kernel trace types (#106)
#107
jdu2600
closed
4 years ago
0
supported extended flags for Kernel traces
#106
jdu2600
closed
4 years ago
2
Wininet parsing
#105
jrave
closed
4 years ago
0
fixed bug introduced in thread-safe schema_locator bugfix (#103)
#104
jdu2600
closed
4 years ago
0
Fail to use `not_filter` and `and_filter` predicates
#103
pathtofile
closed
4 years ago
2
PreBuildEvent that was looking for 35MSSharedLib1024.snk in wrong folder
#102
pathtofile
closed
4 years ago
2
Failure to Build Microsoft.O365.Security.Native.ETW from external Solution
#101
pathtofile
closed
4 years ago
2
Added krabs to Native AdditionalIneludeDirectories
#100
pathtofile
closed
4 years ago
0
Remove Boost library dependency
#99
davemcincork
closed
4 years ago
6
Remove references to the retired Microsoft Message Analyzer in the documentation
#98
jdu2600
opened
4 years ago
1
Update Nuget versions to 3.0.0
#97
swannman
closed
4 years ago
0
[bugfix] thread-safe schema_locator (#61)
#96
jdu2600
closed
4 years ago
14
deprecate process()
#95
jdu2600
closed
4 years ago
0
add missing kernel convenience providers
#94
jdu2600
closed
4 years ago
0
tracing Microsoft-Windows-Security-Auditing (#5)
#93
jdu2600
closed
4 years ago
0
Add ability to specify trace (performance) properties (#80) [C++ only]
#92
jdu2600
closed
4 years ago
1
updated exception to reflect decoupling of open() and process()
#91
jdu2600
closed
4 years ago
0
.stop() should always call ControlTrace(STOP) - even if .open()/.start() has not been called
#90
jdu2600
closed
4 years ago
2
Previous
Next