This crate provides safe Rust abstractions over the ETW consumer APIs.
It started as a KrabsETW rip-off written in Rust (hence the name Ferris 🦀).
All credits go to the team at Microsoft who develop KrabsEtw, without it, this project probably wouldn't be a thing.
Since version 1.0, the API and internal architecture of this crate is slightly diverging from krabsetw, so that it is more Rust-idiomatic.
You can find a examples within the crate documentation on doc.rs, as well as the examples and the tests folders.
If you are familiar with KrabsETW you'll see that is very similar. In case you've never used KrabsETW before, the examples are very straight forward and should be easy to follow. If you have any issues don't hesitate in asking.
This crate is documented at docs.rs.
The project is still WIP. Feel free to report bugs, issues, feature requests, etc. Of course, contributing will be happily accepted!
The types available for parsing are those that implement the trait TryParse for Parser, basic types are already implemented. In the near future I'll add more :)
I tried to keep dependencies as minimal as possible, also you'll see I went with the new windows-rs instead of using the winapi. This is a personal decision mainly because I believe the Windows bindings is going to be the "standard" to interact with the Windows API in the near future.