Event Tracing for Windows (ETW) is a logging facility built into the Windows OS. Modern providers register a manifest that describes all the events they support, with their properties. Classic providers register a MOF instead. ETW Explorer attempts to show these events with a simple GUI. View ETW Provider manifest.

Use ETWExplorer for a deep provider inspection, and see what events and more importantly data it can provide. Below shows Microsoft-Windows-Kernel-Process being inspected with ETWExplorer with some information, which looks like something Sysmon and other similar security monitoring oriented tools could use:

Event Tracing for Windows (ETW) provides a mechanism to trace and log events that are raised by user-mode applications and kernel-mode drivers. ETW is implemented in the Windows operating system and provides developers a versatile set of event tracing features.

2024年8月19日 · EtwExplorer 是一个用于查看ETW（Event Tracing for Windows）提供程序清单的强大工具。 由GitHub上的zodiacon维护( GitHub链接 )，它帮助开发者和系统管理员深入理解系统内部的工作原理，优化性能监控策略。

EtwViewer was created to enable the display of live events from a set of ETW providers. The viewer was created as an experiment to combine libraries from: TraceEvent C# TraceEvent for listening to the ETW tracing; CEFSharp CefSharp for using browser UI components on a desktop application; ag-Grid Ag-Grid for displaying the traces in a datagrid

Event Tracing for Windows (ETW) is a high speed tracing facility built into Windows. Using a buffering and logging mechanism implemented in the operating system kernel, ETW provides an infrastructure for events raised by both user mode (apps) and kernel mode components (drivers).

This project contains various tools and samples for using ETW (Event Tracing for Windows). They can be used as a reference for solving similar problems in your own code, or used wholesale by your project.

2016年9月14日 · ETW是Event Tracing for Windows的简称，它是Windows提供的原生的事件跟踪日志系统。 由于采用内核（Kernel）层面的缓冲和日志记录机制，所以ETW提供了一种非常高效的事件跟踪日志解决方案。

2020年10月22日 · 一、Windows ETW基础知识. 1.下面是微软的文档对于ETW可以分为三部分Controller、Provider、Consumer，Provider是事件的提供者，Controller创建一会会话打开相关的ETW，Consumer使用Controller的会话，并解析ETW数据。 Using Event Tracing . 二.Controller. 2.1 配置打开Manifest-based或者Classic的ETW

2017年10月25日 · 在计算机科学领域，Event Tracing for Windows (ETW) 是一个强大的工具，用于分析游戏性能。 它是一种内核级别的 日志 记录 机制，能够捕获并 记录 系统中的各种事件，这些事件由称为提供者的系统组件生成，提供了非常细致...