GithubHelp home page GithubHelp logo

etw2json's People

Contributors

abhinav2004 avatar jomorri avatar microsoft-github-policy-service[bot] avatar mjsabby avatar steffenzeidler avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

blinds52 steffenzeidler abhinav2004 amccool flonier cclee627 bhaskers-blu-org2 taffywrinkle claudiusgonzo xengpro thenson81 linuxsuren nefarius marmikreal hihigash palaniyappanbala valir plioy-mwb

etw2json's Issues

ETW2JSON fails on GPUView traces

Running ETW2JSON on https://drive.google.com/file/d/1Qy6sa5dmeAefaVD7pailxde-uCRUL5V3/view?usp=sharing
gives:

Unhandled exception. System.Reflection.AmbiguousMatchException: Ambiguous match found.
   at System.DefaultBinder.SelectMethod(BindingFlags bindingAttr, MethodBase[] match, Type[] types, ParameterModifier[] modifiers)
   at System.RuntimeType.GetMethodImplCommon(String name, Int32 genericParameterCount, BindingFlags bindingAttr, Binder binder, CallingConventions callConv, Type[] types, ParameterModifier[] modifiers)
   at System.RuntimeType.GetMethodImpl(String name, BindingFlags bindingAttr, Binder binder, CallingConventions callConv, Type[] types, ParameterModifier[] modifiers)
   at ETWDeserializer.Extensions.GetMethodInfo(Type type, String name, Type[] parameterType) in C:\Users\mozilla\src\ETW2JSON\Deserializer\Extensions.cs:line 369
   at ETWDeserializer.Extensions.ReadMethodInfo(TDH_IN_TYPE tdhType, Type type, Type[] parameterType) in C:\Users\mozilla\src\ETW2JSON\Deserializer\Extensions.cs:line 252
   at ETWDeserializer.EventTraceOperandExpressionBuilderImpl.ExpressionGenerator.CodeGenerate(IEnumerable`1 operands) in C:\Users\mozilla\src\ETW2JSON\Deserializer\EventTraceOperandExpressionBuilder.cs:line 104
   at ETWDeserializer.EventTraceOperandExpressionBuilderImpl.Build(IEventTraceOperand operand, ParameterExpression eventRecordReader, ParameterExpression eventRecordWriter, ParameterExpression eventMetadataTable, ParameterExpression runtimeMetadata) in C:\Users\mozilla\src\ETW2JSON\Deserializer\EventTraceOperandExpressionBuilder.cs:line 43
   at ETWDeserializer.EventTraceOperandExpressionBuilder.Build(IEventTraceOperand operand, ParameterExpression eventRecordReader, ParameterExpression eventRecordWriter, ParameterExpression eventMetadataTable, ParameterExpression runtimeMetadata) in C:\Users\mozilla\src\ETW2JSON\Deserializer\EventTraceOperandExpressionBuilder.cs:line 18
   at ETWDeserializer.Deserializer`1.SlowLookup(EVENT_RECORD* eventRecord, EventRecordReader eventRecordReader, RuntimeEventMetadata runtimeMetadata, TraceEventKey& key) in C:\Users\mozilla\src\ETW2JSON\Deserializer\Deserializer.cs:line 251
   at ETWDeserializer.Deserializer`1.Deserialize(EVENT_RECORD* eventRecord) in C:\Users\mozilla\src\ETW2JSON\Deserializer\Deserializer.cs:line 71
   at ETW2JSON.Etw.ProcessTrace(UInt64[] HandleArray, UInt32 HandleCount, IntPtr StartTime, IntPtr EndTime)
   at ETW2JSON.Program.ConvertToJson(Utf8JsonWriter jsonWriter, IEnumerable`1 inputFiles, Action`1 reportError) in C:\Users\mozilla\src\ETW2JSON\Program.cs:line 74
   at ETW2JSON.Program.Main(String[] args) in C:\Users\mozilla\src\ETW2JSON\Program.cs:line 117

Dump payload data too

This is sort of a comment, observation, type question that doesn't leave out the possibility that I'm "doing it wrong".
I wanted to use this tool as a helper for a poorman's network monitor. Programmatically it would allow me to analyze packets in Python via the .json file output.

It looks to me that ETW2JSON completely skips payload data.
From a

"Windows Kernel Trace" (net)

or a

Microsoft-Windows-TCPIP

provider traces the actual packet data appears to be absent.

Wrong tool for the job?, or would you add a command line switch so payload data would be included?

Edit:
Update: I loaded the .etl traces in binary looking for strings and see that packet data is not even in them (not Microsoft-Windows-TCPIP nor kernel "net"). And is apparently a loaded issue getting ETW packet data in general.
But would still like to know if an ETW payload would be exported by ETW2JSON.
Thank you,

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.