Capture ETW events with C++ (Part 1)
ETW is the backbone of Windows telemetry and most developers never touch it directly. Here's how to consume real-time ETW events in C++, from zero. In this video I walk through the full pipeline: creating a trace session, enabling a provider, setting up a real-time consumer, and receiving event callbacks all in plain Win32 C++. What you'll learn: • How to structure and allocate EVENT_TRACE_PROPERTIES correctly • How to call StartTrace, EnableTraceEx2, OpenTrace, and ProcessTrace • How to implement an event record callback and extract header data (PID, TID, timestamp) • How to handle the "session already exists" error gracefully • Why admin privileges are required and when they're not Full write-up with code on the TrainSec free knowledge library: https://trainsec.net/library/windows-...
Consume ETW events with C++ (Part 2)
Introduction to Time Travel Debugging
Loading and Displaying Images: ImageIcon class
Creating COM objects with the Class Moniker
NTFS Transactions and Process Doppelganging
io_uring Looks Illegal
In 54 Minutes, Understand the whole C and C++ compilation process
Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
Linus Torvalds: AI Is Changing Linux Fast
Linux Full Course for Beginners | Learn Linux System Administration
Google & AWS Veteran: What Top Tier Software Architects Do Differently
Linked lists in the Windows kernel and NtDll
How do you work with Shell shortcuts?
DLL Injection with Application Verifier
Introduction to ETW
Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker
The Story of C++: The World's Most Consequential Programming Language | The Official Story
How Process Explorer Hides a Driver Inside Itself, Custom Resources in Windows PE Files
Software architecture, human judgment, and AI's limits with Grady Booch
