Can you please elaborate how to use ETW to profile system calls? | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		markus_zhang on July 14, 2023 \| parent \| context \| favorite \| on: Microsoft Can Fix Ransomware Tomorrow Can you please elaborate how to use ETW to profile system calls?

EvanAnderson on July 14, 2023 [–]

Yeah— that’s what I can’t do. I know Process Monitor can do it, so the API is there, but it’s not an API I’ve ever used.

That’s the research I’ve been putting off for 5+ years.

markus_zhang on July 14, 2023 | [–]

Thanks, I'm going to take a look of the ETW doc.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact