Skip to content

ETWTools/ETWDeserializer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits

CustomParsers

CustomParsers

 
 

.gitignore

.gitignore

 
 

Deserializer.cs

Deserializer.cs

 
 

ETWDeserializer.csproj

ETWDeserializer.csproj

 
 

ETWDeserializer.sln

ETWDeserializer.sln

 
 

Etw.cs

Etw.cs

 
 

EventMan.cs

EventMan.cs

 
 

EventMetadata.cs

EventMetadata.cs

 
 

EventRecordReader.cs

EventRecordReader.cs

 
 

EventSourceManifest.cs

EventSourceManifest.cs

 
 

EventTraceOperand.cs

EventTraceOperand.cs

 
 

EventTraceOperandBuilder.cs

EventTraceOperandBuilder.cs

 
 

EventTraceOperandExpressionBuilder.cs

EventTraceOperandExpressionBuilder.cs

 
 

EventTracePropertyOperand.cs

EventTracePropertyOperand.cs

 
 

Extensions.cs

Extensions.cs

 
 

GlobalSuppressions.cs

GlobalSuppressions.cs

 
 

IEtwWriter.cs

IEtwWriter.cs

 
 

IEventTraceOperand.cs

IEventTraceOperand.cs

 
 

IEventTracePropertyOperand.cs

IEventTracePropertyOperand.cs

 
 

LICENSE

LICENSE

 
 

MapInformation.cs

MapInformation.cs

 
 

PropertyMetadata.cs

PropertyMetadata.cs

 
 

README.md

README.md

 
 

RuntimeEventMetadata.cs

RuntimeEventMetadata.cs

 
 

Tdh.cs

Tdh.cs

 
 

TraceEventKey.cs

TraceEventKey.cs

 
 

packages.config

packages.config

 
 

Repository files navigation

ETWDeserializer

ETWDeserializer is a general-purpose Windows ETW event deserialization library. It can decode events from almost all sources of Windows including the Kernel (MOF Classes), Manifest events (those available beyond Windows Vista), XPERF performance profiling events, and .NET EventSource-style events.

NOTE: This is a support library, i.e. the user of this library must setup the boiler-plate code involved in setting up an ETW Session or reading an ETW log file (.ETL). ETW2JSON and ETW2SQLite are two such applications.

Usage

Implement the IEtwWriter interface exposed by the library and add boiler plate code to set up an ETW event session or reading from an ETW log file (.ETL)

ETW2JSON and ETW2SQLite each implement their own IEtwWriter and also the code involved in reading an ETW log file from disk.

Nuget package

This library is available on Nuget -- https://www.nuget.org/packages/ETWDeserializer/1.2.0

Building ETWDeserializer

Since this is a Windows-specific library, I'm assuming you're also building on Windows and have MSBuild Tools installed, in which case:

msbuild ETWDeserializer.csproj

is all you need to do.

About

General purpose Windows ETW event deserializer library

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

7 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages