John U jdu2600
jdu2600
/ Microsoft-Windows-DNSServer.man
Created
September 6, 2023 02:49
Microsoft-Windows-DNSServer manifest - Server 2019
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <instrumentationManifest xmlns="http://schemas.microsoft.com/win/2004/08/events"> | |
| <instrumentation xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events"> | |
| <events> | |
| <provider name="Microsoft-Windows-DNSServer" guid="{eb79061a-a566-4698-9119-3ed2807060e7}" resourceFileName="Microsoft-Windows-DNSServer" messageFileName="Microsoft-Windows-DNSServer" symbol="MicrosoftWindowsDNSServer" source="Xml"> | |
| <keywords> | |
| <keyword name="QUERY_RECEIVED" message="$(string.keyword_QUERY_RECEIVED)" mask="0x1" /> | |
| <keyword name="RESPONSE_SUCCESS" message="$(string.keyword_RESPONSE_SUCCESS)" mask="0x2" /> | |
| <keyword name="RESPONSE_FAILURE" message="$(string.keyword_RESPONSE_FAILURE)" mask="0x4" /> | |
| <keyword name="IGNORED_QUERY" message="$(string.keyword_IGNORED_QUERY)" mask="0x8" /> | |
| <keyword name="RECURSE_QUERY_OUT" message="$(string.keyword_RECURSE_QUERY_O |
jdu2600
/ Microsoft-Windows-DotNETRuntime.man
Created
November 12, 2020 20:52
Microsoft-Windows-DotNETRuntime manifest - .NET 4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <instrumentationManifest xmlns="http://schemas.microsoft.com/win/2004/08/events"> | |
| <instrumentation xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events"> | |
| <events> | |
| <provider name="Microsoft-Windows-DotNETRuntime" guid="{e13c0d23-ccbc-4e12-931b-d9cc2eee27e4}" resourceFileName="Microsoft-Windows-DotNETRuntime" messageFileName="Microsoft-Windows-DotNETRuntime" symbol="MicrosoftWindowsDotNETRuntime" source="Xml"> | |
| <keywords> | |
| <keyword name="GCKeyword" message="$(string.keyword_GCKeyword)" mask="0x1" /> | |
| <keyword name="GCHandleKeyword" message="$(string.keyword_GCHandleKeyword)" mask="0x2" /> | |
| <keyword name="FusionKeyword" message="$(string.keyword_FusionKeyword)" mask="0x4" /> | |
| <keyword name="LoaderKeyword" message="$(string.keyword_LoaderKeyword)" mask="0x8" /> | |
| <keyword name="JitKeyword" message="$(string.keyword_JitKeyword)" mask="0x10" |
jdu2600
/ dotNETCommonLanguageRuntime.mof
Created
November 10, 2020 21:02
.NET Common Language Runtime MOF - .NET 3.5 SP1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [dynamic: ToInstance, Description(".NET Common Language Runtime"), Guid("{e13c0d23-ccbc-4e12-931b-d9cc2eee27e4}"), locale("MS\0x409")] | |
| class CLRTrace : EventTrace | |
| { | |
| }; | |
| [dynamic: ToInstance, Description("CLR StrongNameVerification"), Guid("{15447A14-B523-46ae-B75B-023F900B4393}"), DisplayName("CLR StrongNameVerification"), locale("MS\0x409")] | |
| class CLRStrongNameVerification : CLRTrace | |
| { | |
| }; |
jdu2600
/ WindowsKernelTrace.mof
Created
March 8, 2020 10:36
Windows Kernel Trace MOF - Windows 10 1909 (Build 18363.657)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class MSNT_SystemTrace : EventTrace | |
| { | |
| [DefineValues{"EVENT_TRACE_FLAG_PROCESS", "EVENT_TRACE_FLAG_THREAD", "EVENT_TRACE_FLAG_IMAGE_LOAD", "EVENT_TRACE_FLAG_PROCESS_COUNTERS", "EVENT_TRACE_FLAG_CSWITCH", "EVENT_TRACE_FLAG_DPC", "EVENT_TRACE_FLAG_INTERRUPT", "EVENT_TRACE_FLAG_SYSTEMCALL", "EVENT_TRACE_FLAG_DISK_IO", "EVENT_TRACE_FLAG_DISK_FILE_IO", "EVENT_TRACE_FLAG_DISK_IO_INIT", "EVENT_TRACE_FLAG_DISPATCHER", "EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS", "EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS", "EVENT_TRACE_FLAG_VIRTUAL_ALLOC", "EVENT_TRACE_FLAG_NETWORK_TCPIP", "EVENT_TRACE_FLAG_REGISTRY", "EVENT_TRACE_FLAG_ALPC", "EVENT_TRACE_FLAG_SPLIT_IO", "EVENT_TRACE_FLAG_DRIVER", "EVENT_TRACE_FLAG_PROFILE", "EVENT_TRACE_FLAG_FILE_IO", "EVENT_TRACE_FLAG_FILE_IO_INIT"}, | |
| Values{"process", "thread", "img", "proccntr", "cswitch", "dpc", "isr", "syscall", "disk", "file", "diskinit", "dispatcher", "pf", "hf", "virtalloc", "net", "registry", "alpc", "splitio", "driver", "profile", "fileiocompletion", "fileio"}, | |
| ValueMap{"0x00000001 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using Microsoft.Diagnostics.Tracing.Session; | |
| using Microsoft.Diagnostics.Tracing.Parsers.Kernel; | |
| using Microsoft.Diagnostics.Tracing.Parsers; | |
| namespace SysCallAddress | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) |