{"id":13833658,"url":"https://github.com/microsoft/krabsetw","last_synced_at":"2025-05-11T09:10:32.684Z","repository":{"id":37251455,"uuid":"71814770","full_name":"microsoft/krabsetw","owner":"microsoft","description":"KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.","archived":false,"fork":false,"pushed_at":"2025-03-10T21:16:59.000Z","size":2386,"stargazers_count":652,"open_issues_count":42,"forks_count":157,"subscribers_count":41,"default_branch":"master","last_synced_at":"2025-05-07T23:46:59.403Z","etag":null,"topics":["etw","krabs","nuget-packages","wrapper"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/microsoft.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-10-24T17:38:49.000Z","updated_at":"2025-05-02T06:38:55.000Z","dependencies_parsed_at":"2022-08-03T04:15:39.793Z","dependency_job_id":"2152c4cb-9ace-4ce0-9e1e-77ab632761bc","html_url":"https://github.com/microsoft/krabsetw","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fkrabsetw","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fkrabsetw/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fkrabsetw/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fkrabsetw/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/microsoft","download_url":"https://codeload.github.com/microsoft/krabsetw/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253540834,"owners_count":21924537,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["etw","krabs","nuget-packages","wrapper"],"created_at":"2024-08-04T13:00:20.375Z","updated_at":"2025-05-11T09:10:32.638Z","avatar_url":"https://github.com/microsoft.png","language":"C++","funding_links":[],"categories":["Uncategorized","\u003ca id=\"ac43a3ce5a889d8b18cf22acb6c31a72\"\u003e\u003c/a\u003eETW"],"sub_categories":["Uncategorized","\u003ca id=\"0af4bd8ca0fd27c9381a2d1fa8b71a1f\"\u003e\u003c/a\u003e工具"],"readme":"\nOverview\n========\n\n**krabsetw** is a C++ library that simplifies interacting with ETW. It allows for any number of traces and providers to be enabled and for client code to register for event notifications from these traces.\n\n**krabsetw** also provides code to simplify parsing generic event data into strongly typed data types.\n\n**Microsoft.O365.Security.Native.ETW** is a C++ CLI (.NET) wrapper around **krabsetw**. It provides the same functionality as **krabsetw** to .NET applications and is used in production by the Office 365 Security team. It's affectionately referred to as **Lobsters**.\n\nExamples \u0026 Documentation\n========\n\n* An [ETW Primer](docs/EtwPrimer.md).\n* Simple examples can be found in the `examples` folder.\n* Please refer to [KrabsExample.md](docs/KrabsExample.md) and [LobstersExample.md](docs/LobstersExample.md) for detailed examples.\n* SampleKrabsCSharpExe is a non-trivial example demonstrating how to manage the trace objects.\n* [Using Message Analyzer to find new ETW event sources.](docs/UsingMessageAnalyzerToFindETWSources.md)\n\nImportant Notes\n==============\n* `krabsetw` and `Microsoft.O365.Security.Native.ETW` only support x64 and ARM64. No effort has been made to support x86.\n* `krabsetw` and `Microsoft.O365.Security.Native.ETW` are only supported on Windows 7 or Windows 2008R2 machines and above.\n* Throwing exceptions in the event handler callback or krabsetw or Microsoft.O365.Security.Native.ETW will cause the trace to stop processing events.\n* The call to \"start\" on the trace object is blocking so thread management may be necessary.\n* The Visual Studio solution is krabs\\krabs.sln.\n* When building a native code binary using the `krabsetw` package, please refer to the [compilation readme](krabs/README.md) for notes about the `TYPEASSERT` and `NDEBUG` compilation flags.\n\nNuGet Packages\n==============\nNuGet packages are available both for the krabsetw C++ headers and the Microsoft.O365.Security.Native.ETW .NET library:\n* https://www.nuget.org/packages/Microsoft.O365.Security.Native.ETW/\n* https://www.nuget.org/packages/Microsoft.O365.Security.Native.ETW.Debug/ (for development - provides type asserts)\n* https://www.nuget.org/packages/Microsoft.O365.Security.Krabsetw/\n\nFor verifying the .NET binaries, you can use the following command:\n`sn -T Microsoft.O365.Security.Native.ETW.dll`\n\nThe expected output is:\n```\nMicrosoft (R) .NET Framework Strong Name Utility  Version 4.0.30319.0\nCopyright (c) Microsoft Corporation.  All rights reserved.\n\nPublic key token is 31bf3856ad364e35\n```\n\nCommunity \u0026 Contact\n==============\nPlease feel free to file issues through GitHub for bugs and feature requests and we'll respond to them as quickly as we're able.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmicrosoft%2Fkrabsetw","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmicrosoft%2Fkrabsetw","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmicrosoft%2Fkrabsetw/lists"}