Matt Swann
Matt Swann
Good catch Mark, that would be useful. If you’d be willing to submit a pull request that adds these, we’ll review and merge.
@pathtofile thank you! Merged #129.
Nice find @daladim! I think you are correct that `opcode` and `level` don't need to be part of the schema cache key, at least for manifest-based providers. I wonder whether...
@Gabriele91 nice find! #148 added support for boolean including an appropriate `assert_valid_assignment` specialization, but it's possible that we missed something. Would you be willing to share a minimal repro that...
I made changes in #174 and #175 to address a case that sounds like what you are describing. Also sharing a translation of @kasandrk's helpful comment to make it accessible...
Hi Matt, would it be possible to provide a minimal repro so we can investigate? Thanks!
Hi @zhuxiujia, both Windows XP and Server 2008 are out of support. We are not able to test and verify functionality on those platforms.
Hi @ps1337, it seems reasonable to add getters for the ExtendedAttributes that are missing. If you submit a PR I'd be happy to review!
Hi @ps1337, would you be able to share an example of using the undocumented functionality in EVENT_FILTER_DESCRIPTOR? Rather than exposing the pointer directly, I'm curious whether we can expose this...
Hi @bobsira, krabsetw should be able to subscribe to [`EventSource`](https://learn.microsoft.com/en-us/dotnet/core/diagnostics/eventsource) providers from both C# and C++: - First, translate your `EventSource` provider name to an ETW provider ID: [here's an...