{
	"id": "0f9407af-c37b-4bfe-b58f-898ce9c743f4",
	"created_at": "2026-04-06T02:12:51.761228Z",
	"updated_at": "2026-04-10T03:20:33.008745Z",
	"deleted_at": null,
	"sha1_hash": "fd5eabc834026060fb5970d2a8d22991cca5b376",
	"title": "Event Tracing - Win32 apps",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 32130,
	"plain_text": "Event Tracing - Win32 apps\r\nBy Karl-Bridge-Microsoft\r\nArchived: 2026-04-06 01:33:38 UTC\r\nEvent Tracing for Windows (ETW) provides application programmers the ability to start and stop event tracing\r\nsessions, instrument an application to provide trace events, and consume trace events. Trace events contain an\r\nevent header and provider-defined data that describes the current state of an application or operation. You can use\r\nthe events to debug an application and perform capacity and performance analysis.\r\nThis documentation is for user-mode applications that want to use ETW. For information about instrumenting\r\ndevice drivers that run in kernel mode, see WPP Software Tracing and Adding Event Tracing to Kernel-Mode\r\nDrivers in the Windows Driver Kit (WDK).\r\nUse ETW when you want to instrument your application, log user or kernel events to a log file, and consume\r\nevents from a log file or in real time.\r\nETW is designed for C and C++ developers who write user-mode applications.\r\nETW is included in Microsoft Windows 2000 and later. For information about which operating systems are\r\nrequired to use a particular function, see the Requirements section of the documentation for the function.\r\nYou can use the .NET TraceProcessing API to analyze ETW traces for your applications and other software\r\ncomponents. This API is used internally at Microsoft to analyze ETW data produced the Windows engineering\r\nsystem, and it is also used to power several tables in Windows Performance Analyzer. This API is available as a\r\nNuGet package.\r\nFor more information, see this article.\r\nTopic Description\r\nWhat's New in Event Tracing New features that were added to Event Tracing in each release.\r\nAbout Event Tracing General information about Event Tracing.\r\nUsing Event Tracing Task-related topics that describe how to use the ETW API.\r\nEvent Tracing Reference Detailed descriptions of ETW functions and other programming elements.\r\nSource: https://docs.microsoft.com/windows/desktop/etw/event-tracing-portal\r\nhttps://docs.microsoft.com/windows/desktop/etw/event-tracing-portal\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://docs.microsoft.com/windows/desktop/etw/event-tracing-portal"
	],
	"report_names": [
		"event-tracing-portal"
	],
	"threat_actors": [],
	"ts_created_at": 1775441571,
	"ts_updated_at": 1775791233,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/fd5eabc834026060fb5970d2a8d22991cca5b376.pdf",
		"text": "https://archive.orkl.eu/fd5eabc834026060fb5970d2a8d22991cca5b376.txt",
		"img": "https://archive.orkl.eu/fd5eabc834026060fb5970d2a8d22991cca5b376.jpg"
	}
}