/etw

Go library for ETW (Event Tracing for Windows) events processing

Primary LanguageGoMIT LicenseMIT

etw

GoDev Go Report Card Lint & Test Go code

etw is a Go-package that allows you to receive Event Tracing for Windows (ETW) events in go code.

etw allows you to process events from new TraceLogging providers as well as from classic (aka EventLog) providers, so you could actually listen to anything you can see in Event Viewer window.

ETW API expects you to pass stdcall callback to process events, so etw requires CGO to be used. To use etw you need to have mingw-w64 installed and pass some environment to the Go compiler (take a look at build/vars.sh and examples/tracer/Makefile).

Docs

Package reference is available at https://pkg.go.dev/github.com/gaelmuller/etw

You can look at user_trace_test.go and kernel_trace_test.go to see examples.