search

n4r1b / ferrisetw

Basically a KrabsETW rip-off written in Rust
Other
65 stars 24 forks source link

ETL file support #92

Closed daladim closed 1 year ago

daladim commented 1 year ago

Closes #7

This PR makes it possible to dump a real-time session into a .etl file, or to start a trace that processes events from a .etl file.

As discussed in #7, I still feel there is too much coupling between our ferrisetw::Provider and their callbacks. That makes it not so trivial to add callbacks for a file trace (that has no "providers" in the ETW sense). I finally turned CallbackData into an enum. This solution isn't perfect, but that is not-so-hacky, so I think this will do.

If you agree to merge this, you may also want to release a 1.1 version with this new feature.

n4r1b commented 1 year ago

Once this is merged I'll release version 1.1 with this change! Thanks @daladim :)