ETW Notes

Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.

An advanced profiler for .NET Applications on Windows

CPU profiling trace viewer

Command line tracing tool for Windows, based on ETW.

Command line tool to analyze one/many ETW file/s with simple queries for common issues.

NLog Target for Event Tracing for Windows (ETW)

See Through Your Network

TraceSpy is a pure .NET, 100% free and open source, alternative to the very popular SysInternals DebugView tool.

A small real time SyncML protocol Viewer

CSV parser for ETW events traces

This tool allows customers of ETW host service apply security updates on Windows x86/x64/ARM64

This attempts to reproduce/trigger an issue with the (classic) DPAPI being in an amnesic state on Windows 10/11 (credhist never gets updated, but master keys get re-generated)

Forward ETW events for centralized collection and analysis.

.NET 7 Windows Event Tracing wrapper library

ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

Library to monitor process starts and stops on Windows powered by C#

Auditing tool that uses ETW to try and keep bad actors out

ETW Collector for Microsoft-Extensions-Logging

A realtime ETW monitoring CLI. Named after tail -f