Joshua Boelter jboelter
mattifestation
/ NiftyETWProviders.json
Created
December 21, 2018 19:27
ETW providers you never knew existed...
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "ProviderGUID": "72d164bf-fd64-4b2b-87a0-62dbcec9ae2a", | |
| "ProviderName": "AccEventTool", | |
| "ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba", | |
| "AssociatedFilenames": [ | |
| "accevent.exe", | |
| "inspect.exe", | |
| "narrator.exe", | |
| "srh.dll" |
mattifestation
/ TLGMetadataParser.psm1
Last active
January 18, 2024 17:21
Retrieves TraceLogging metadata from a file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requires -version 5 | |
| <# | |
| The things you find on Google searching for specific GUIDs... | |
| Known Keyword friendly names: | |
| "UTC:::CATEGORYDEFINITION.MS.CRITICALDATA":"140737488355328" | |
| "UTC:::CATEGORYDEFINITION.MS.MEASURES":"70368744177664" | |
| "UTC:::CATEGORYDEFINITION.MS.TELEMETRY":"35184372088832" | |
| "UTC:::CATEGORYDEFINITION.MSWLAN.CRITICALDATA":"2147483648" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # source:http://geocities.com/SiliconValley/heights/7052/opcode.txt | |
| From: mark@omnifest.uwm.edu (Mark Hopkins) | |
| Newsgroups: alt.lang.asm | |
| Subject: A Summary of the 80486 Opcodes and Instructions | |
| (1) The 80x86 is an Octal Machine | |
| This is a follow-up and revision of an article posted in alt.lang.asm on | |
| 7-5-92 concerning the 80x86 instruction encoding. | |
| The only proper way to understand 80x86 coding is to realize that ALL 80x86 |
guitarrapc
/ Get-EtwTraceProvider.ps1
Last active
June 16, 2024 15:05
ETW (Event Tracing for Windows) Providers and their GUIDs for Windows 10 x64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -RunAsAdministrator | |
| #Requires -Version 5.0 | |
| # requires Windows 10 | |
| Get-EtwTraceProvider | Select-Object SessionName, Guid | sort SessionName | |
| # as Markdown | |
| <# | |
| #Requires -RunAsAdministrator | |
| $result = Get-EtwTraceProvider | sort SessionName | |
| $result | %{"|Name|GUID|";"|----|----|";}{"|$($_.SessionName)|$($_.Guid)|"} | |
| #> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| /* | |
| Ping vs Pong: A Gladiatorial Match | |
| Two goroutines enter, only one leaves... | |
| */ | |
| /* | |
| #cgo LDFLAGS: -lprobes -L/usr/local/lib | |
| #include "probes.h" |