Consume ETW events with C++ (Part 2)
Raw ETW events give you a timestamp and a process ID. That's not enough. This video shows you how to get to the actual data inside the event. In Part 2 of consuming ETW events with C++, Pavel Yosifovich walks through decoding ETW events with the TDH API: Use TdhGetEventInformation to read event structure at runtime Extract event name, keywords, opcode, task, and level from TRACE_EVENT_INFO Enumerate event properties using TopLevelPropertyCount and EVENT_PROPERTY_INFO Format property values to readable strings with TdhFormatProperty Handle the 32-bit vs 64-bit pointer size flag correctly Full write-up with code on the TrainSec free knowledge library: https://trainsec.net/library/windows-...
▶︎
Capture ETW events with C++ (Part 1)
▶︎
What are Logon sessions? How are they relate to tokens?
▶︎
DLL Injection with Application Verifier
▶︎
Türkei – USA Highlights | Gruppe D, FIFA WM 2026 | sportstudio
▶︎
What Nobody Tells You About Being a Quant
▶︎
Android 17 sucks. So I put Linux on a phone.
▶︎
COM interception with CoRegisterActivationFilter
▶︎
Keynote: After the AI Hype – What’s Real, and What’s Next - Richard Campbell - 2026
▶︎
Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
▶︎
Japan – Schweden Highlights | Gruppe F, FIFA WM 2026 | sportstudio
▶︎
Modern C++: Unique Ptrs and Vectors
▶︎
The Hotmail Problem Microsoft Didn't Expect
▶︎
How Rockstar fit an entire city into PlayStation 2 memory
▶︎
Creating COM objects with the Class Moniker
▶︎
We've Been Using The Wrong Science In Court For 50 years
▶︎
Co-Creator of Haskell: Functional Programming, Thinking in Types, Useless Languages | Simon Jones
▶︎
Building the PERFECT Linux PC with Linus Torvalds
▶︎
The Theoretical Limit of Image Compression
▶︎
But what is the Fourier Transform? A visual introduction.
▶︎