Introduction to ETW

preview_player
Показать описание

  1. Pavel Yosifovich
Рекомендации по теме
Introduction to ETW 0:23:11

Introduction to ETW

Introduction to ETW 0:01:01

Introduction to ETW

C# : How 0:01:07

C# : How do you view ETW events created by EventSource using Windows Performance Analyzer?

Build 2017 Production 0:30:56

Build 2017 Production tracing with Event Tracing for Windows ETW

14. Grzegorz Tworek 0:42:35

14. Grzegorz Tworek - The Good, the Bad and the ETW

Hijacking ETW sessions 0:04:54

Hijacking ETW sessions for Process Monitor

Attack on Windows 0:02:48

Attack on Windows Defender ETW sessions

Windows : WIndows 0:01:33

Windows : WIndows - manifest based ETW provider issue

ETW - Monitor 0:57:30

ETW - Monitor Anything, Anytime, Anywhere - Dina Goldshtein

ETW — Monitor 0:48:31

ETW — Monitor Anything, Anytime, Anywhere — Dina Goldshtein

Windows : Sending 0:01:20

Windows : Sending ETW Events to Global 'Application' Log

C++ : C++ 0:01:30

C++ : C++ Event Tracing for Windows (ETW) wrapper

Pavel Yosifovich — 1:00:09

Pavel Yosifovich — Building your own profiling and diagnosis tools with Event Tracing for Windows

Windows Forensics: Event 0:29:24

Windows Forensics: Event Trace Logs - SANS DFIR Summit 2018

Windows : ETW 0:01:19

Windows : ETW Tracing in a Driver -- post-procedure

Windows : How 0:01:08

Windows : How to correlate RPC calls in ETW traces?

Introduction Video | 0:00:06

Introduction Video | ETW - Essential Tech World

Kernel ETW Demo 0:00:50

Kernel ETW Demo 1: Gadget based EtwTi search

Etw introduction 0:01:03

Etw introduction

John Holland Rail 0:01:26

John Holland Rail - ETW App Summary Explainer

Windows 10 : 0:01:36

Windows 10 : How to Start or Stop Internet Explorer ETW Collector Service

ETW Custom Events 0:03:05

ETW Custom Events and Idle-Thread Analysis Sneak Peek by

Zac Brown, Hidden 0:21:37

Zac Brown, Hidden Treasure: Detecting Intrusions with ETW, Ops Track

Windows : How 0:01:05

Windows : How do I register as a real-time ETW consumer for NT Kernel Events?

Комментарии
Автор

Thanks Pavel, I’ve been missing your videos! 😊

ek
Автор

Great video, I was trying to learn what ETW is and couldn't really understand it without examples but this video helped me a lot! Thank you :)

rayansec
Автор

Hey Pavel, nice video as always :)

Can I ask you a question about Windows HANDLEs, I am having a bit of trouble with this one :(.
Basically, I want to make a simple handle monitoring application, where I want to have some special functions, like determining an object type from it's HANDLE value.
I am aware that I can use NtQuerySystemInformation with SystemHandleInformation, which gives me a snapshot of all HANDLEs in the system, but it usually takes up several seconds to filter out that list for a specific object just to query a HANDLE's type.
I am basically asking if there is a basic "int getObjectType(HANDLE)" usermode function that I could use for this purpose?

Thanks for your answer in advance, unfortunately I couldn't find anything by myself yet.

itf_phrx
Автор

Μr Pavel, I would like to ask you a question regarding Windows Performance Analyzer. When I select the DPC/ISR Tab to analyze drivers, I can't seem to identify a clear driver related to devices like the keyboard or mouse. Therefore, I'm unable to study the results I've collected for my peripherals. Could you please advise me on what I might be doing wrong or what steps I should take to address this issue?

Alchemytweaks
Автор

One more question related with your document about thread priorities . Is it possible to change the thread priority of a driver ( for instance the ndis.sys ) via registry parameterization or not ?

Alchemytweaks
Автор

is there a way to differentiate between file upload initiated by user instead of file upload one internally by a browser ?
since most of the file upload stuff is done using IFileopenDialog, is it possible to use ETW to check it information?

imnirajan
Автор

Is it possible to query the ETW for the Event fields with logman instead than using ETW explorer?

Misheeification