ETW Overview
Introduction This document takes a look at Event Tracing for Windows (ETW), it’s purpose and the resulting ecosystem that is available to interact with it. What Is it Event Tracing for Windows (ETW) is an efficient kernel-level tracing facility that lets you log kernel or application-defined events to a log file. You can consume the events in real time or from a log file As seen in the above diagram, ETW is broken into four main components:...