Skip to content

Commit

Permalink
Modify project
Browse files Browse the repository at this point in the history
  • Loading branch information
@Biswa96
Biswa96 committed Dec 10, 2018
1 parent c615378 commit 2fc5097
Show file tree
Hide file tree
Showing 22 changed files with 1,903 additions and 364 deletions.
113 changes: 59 additions & 54 deletions Event_Providers.md
View file
Original file line number Diff line number Diff line change
@@ -1,59 +1,64 @@
* List of Event Providers and associated GUID:

| Provider Name | Provider GUID | File Name |
|:--------------------------------------------------:|:--------------------------------------:|:-----------------:|
| MicrosoftWindowsFileExplorer | {8E12DCD2-FE15-5AF4-2A6A-E707D9DC7DE5} | Explorer.exe |
| Microsoft.Notepad (old) | {30D0A2A5-808D-567B-18FE-2AE44C127BDC} | Notepad.exe |
| Microsoft.Notepad (new) | {E29EB67A-714D-4D58-A598-46DEE87E620B} | Notepad.exe |
| MICROSOFT_TWINAPI_PUBLISHER | {5F0E257F-C224-43E5-9555-2ADCB8540A58} | Explorer.exe |
| Microsoft.Web.Platform | {FF32ADA1-5A4B-583C-889E-A3C027B201F5} | UrlMon.dll |
| Microsoft.Windows.AppLifeCycle.UI | {EE97CDC4-B095-5C70-6E37-A541EB74C2B5} | Explorer.exe |
| Microsoft.Windows.Base.Win32.Job | {58E1853A-3C4E-4BBA-9FF8-E1CD088D25A5} | Kernel32.dll |
| Microsoft.Windows.CleanupMgr | {CE790967-FF23-464C-A976-1389674E3972} | CleanMgr.exe |
| Microsoft.Windows.Console.Host | {FE1FF234-1F09-50A8-D38D-C44FAB43E818} | ConHost.exe |
| Microsoft.Windows.Console.Launcher | {770AA552-671A-5E97-579B-151709EC0DBD} | ConHost.exe |
| Microsoft.Windows.Console.Render.VtEngine | {C9BA2A95-D3CA-5E19-2BD6-776A0910CB9D} | ConHost.exe |
| Microsoft.Windows.Console.VirtualTerminal.Parser | {C9BA2A84-D3CA-5E19-2BD6-776A0910CB9D} | ConHost.exe |
| Microsoft.Windows.ContentDeliveryManager | {8CBA0F81-8AD7-5395-2125-5703822C822A} | Explorer.exe |
| Microsoft.Windows.Desktop.Shell.ImmersiveIcons | {A51097AD-C000-5EA3-BBD4-863ADDAEDD23} | Explorer.exe |
| Microsoft.Windows.Desktop.Shell.NotificationArea | {653FE5BD-E1D2-5D40-D93C-A551A97CD49A} | Explorer.exe |
| Microsoft.Windows.Desktop.Shell.OOBEHealth | {397B9505-A6BA-5951-46EE-84B08FB14812} | Explorer.exe |
| Microsoft.Windows.Desktop.Shell.SoftLanding | {9954158F-EAA7-5AFE-B990-DF3CCE23483A} | Explorer.exe |
| Microsoft.Windows.Dwm.DwmApi | {504665A2-31F7-4B2F-BF1B-9635312E8088} | DwmApi.dll |
| Microsoft_Windows_Dwm_Dwm_Provider | {D29D56EA-4867-4221-B02E-CFD998834075} | Dwm.exe |
| Microsoft_Windows_Dwm_Udwm_Provider | {A2D1C713-093B-43A7-B445-D09370EC9F47} | Dwm.exe |
| Microsoft.Windows.Licensing.IUI | {753436F5-735D-41FA-B4B7-D68579AC5582} | Explorer.exe |
| Microsoft.Windows.Lxss.Manager | {B99CDB5A-039C-5046-E672-1A0DE0A40211} | LxssManager.dll |
| Microsoft.Windows.MobilityExperience | {5AFB7971-45E5-4D49-AAEB-1B04D39872CF} | Explorer.exe |
| Microsoft.Windows.NTVDM | {70CAA5B8-A8F0-408A-8B53-563BFF7FF2FF} | Kernel32.dll |
| Microsoft.Windows.PerfLib | {BC44FFCD-964B-5B85-8662-0BA87EDAF07A} | AdvApi32.dll |
| Microsoft.Windows.Shell.CoCreateInstanceAsSystem | {FFE467F7-4F51-4061-82BE-C2ED8946A961} | Explorer.exe |
| Microsoft.Windows.Shell.ControlCenter | {2C00A440-76DE-4FE3-856F-00557535BE83} | Explorer.exe |
| Microsoft.Windows.Shell.Desktop.LogonFramework | {04D28E21-00AA-5228-CFD0-D70863AA5CE9} | Explorer.exe |
| Microsoft.Windows.Shell.Explorer | {5F1E1B94-A9FE-57D8-ABE7-D29A6DF9E967} | Explorer.exe |
| Microsoft.Windows.Shell.NotificationCenter | {4BFE0FDE-99D6-5630-8A47-DA7BFAEFD876} | Explorer.exe |
| Microsoft.Windows.Shell.PrivacyConsentLogging | {58B09B7D-FD44-5A27-101D-5D2472A7BB42} | Explorer.exe |
| Microsoft.Windows.Shell.ScalingCompat | {2DBD0B99-C886-5C44-9FC2-7220DDF5AAF6} | DwmApi.dll |
| Microsoft.Windows.Shell.StateCapture | {82A0F3C6-C4DC-54FB-F358-354C5026DC61} | Explorer.exe |
| Microsoft.Windows.Shell.Taskbar | {DF8DAB3F-B1C9-58D3-2EA1-4C08592BB71B} | Explorer.exe |
| Microsoft.Windows.Shell.TileBadgeProvider | {34D3FCA3-41F2-4498-B7A0-58708572B583} | Explorer.exe |
| Microsoft.Windows.ShellExperienceDispatcher | {273C19B2-6643-5A58-6288-C336D3688B8D} | Explorer.exe |
| Microsoft.Windows.ShellPlacements | {7CA6A4DD-DAE5-5FB7-EC8E-4A6C648FADF9} | Explorer.exe |
| Microsoft_Windows_Shell_Core_Provider | {30336ED4-E327-447C-9DE0-51B652C86108} | Explorer.exe |
| Microsoft-Windows-Shell-CortanaProactive | {0E6F34B3-0637-55AB-F0BB-8B8FA83EDA04} | Explorer.exe |
| Microsoft-Windows-Shell-Launcher | {3D6120A6-0986-51C4-213A-E2975903051D} | Explorer.exe |
| Microsoft.Windows.Security.IsolationApi | {B6FD710B-F783-4B1C-AB9C-C68099DCC0C7} | SecHost.dll |
| Microsoft.Windows.Security.MitigationPolicy | {CA967C75-04BF-40B5-9A16-98B5F9332A92} | SecHost.dll |
| Microsoft.Windows.Subsystem.Adss | {754E4536-6735-4194-BE81-1374BD2E9B0D} | LxCore.sys |
| Microsoft.Windows.Subsystem.LxCore | {0CD1C309-0878-4515-83DB-749843B3F5C9} | LxCore.sys |
| Microsoft.Windows.Subsystem.Lxss | {D90B9468-67F0-5B3B-42CC-82AC81FFD960} | WslHost.exe |
| Microsoft.Windows.Taskmgr | {2E635D8E-1107-4555-9319-32EEB895AAAE} | TaskMgr.exe |
| Microsoft-Windows-UAC | {E7558269-3FA5-46ED-9F4D-3C6E282DDE55} | Kernel32.dll |
| Microsoft.Windows.Wil.FeatureLogging | {DCEF5411-1F98-5EE7-238B-5ABD0E078E97} | Explorer.exe |
| MSNT_SystemTrace | {9E814AAD-3204-11D2-9A82-006008A86939} | |
| TelemetryAssert | {6D1B249D-131B-468A-899B-FB0AD9551772} | Explorer.exe |
| TelemetryAssertDiagTrack | {E0B47CF8-E776-4EA7-9EC0-93A85B9A7A2B} | Explorer.exe |
| WERSVC_TRIGGER_PROVIDER_GUID | {E46EEAD8-0C54-4489-9898-8FA79D059E0E} | Dwm.exe |
| Provider Name | Provider GUID | File Name |
|:--------------------------------------------------:|:--------------------------------------:|:-------------------:|
| MicrosoftWindowsFileExplorer | {8E12DCD2-FE15-5AF4-2A6A-E707D9DC7DE5} | Explorer.exe |
| Microsoft.Notepad (old) | {30D0A2A5-808D-567B-18FE-2AE44C127BDC} | Notepad.exe |
| Microsoft.Notepad (new) | {E29EB67A-714D-4D58-A598-46DEE87E620B} | Notepad.exe |
| MICROSOFT_TWINAPI_PUBLISHER | {5F0E257F-C224-43E5-9555-2ADCB8540A58} | Explorer.exe |
| Microsoft.Web.Platform | {FF32ADA1-5A4B-583C-889E-A3C027B201F5} | UrlMon.dll |
| Microsoft.Windows.AppLifeCycle.UI | {EE97CDC4-B095-5C70-6E37-A541EB74C2B5} | Explorer.exe |
| Microsoft.Windows.Base.Win32.Job | {58E1853A-3C4E-4BBA-9FF8-E1CD088D25A5} | Kernel32.dll |
| Microsoft.Windows.CleanupMgr | {CE790967-FF23-464C-A976-1389674E3972} | CleanMgr.exe |
| Microsoft.Windows.Console.Host | {FE1FF234-1F09-50A8-D38D-C44FAB43E818} | ConHost.exe |
| Microsoft.Windows.Console.Launcher | {770AA552-671A-5E97-579B-151709EC0DBD} | ConHost.exe |
| Microsoft.Windows.Console.Render.VtEngine | {C9BA2A95-D3CA-5E19-2BD6-776A0910CB9D} | ConHost.exe |
| Microsoft.Windows.Console.VirtualTerminal.Parser | {C9BA2A84-D3CA-5E19-2BD6-776A0910CB9D} | ConHost.exe |
| Microsoft.Windows.ContentDeliveryManager | {8CBA0F81-8AD7-5395-2125-5703822C822A} | Explorer.exe |
| Microsoft.Windows.Desktop.Shell.ImmersiveIcons | {A51097AD-C000-5EA3-BBD4-863ADDAEDD23} | Explorer.exe |
| Microsoft.Windows.Desktop.Shell.NotificationArea | {653FE5BD-E1D2-5D40-D93C-A551A97CD49A} | Explorer.exe |
| Microsoft.Windows.Desktop.Shell.OOBEHealth | {397B9505-A6BA-5951-46EE-84B08FB14812} | Explorer.exe |
| Microsoft.Windows.Desktop.Shell.SoftLanding | {9954158F-EAA7-5AFE-B990-DF3CCE23483A} | Explorer.exe |
| Microsoft.Windows.Dwm.DwmApi | {504665A2-31F7-4B2F-BF1B-9635312E8088} | DwmApi.dll |
| Microsoft_Windows_Dwm_Dwm_Provider | {D29D56EA-4867-4221-B02E-CFD998834075} | Dwm.exe |
| Microsoft_Windows_Dwm_Udwm_Provider | {A2D1C713-093B-43A7-B445-D09370EC9F47} | Dwm.exe |
| Microsoft.Windows.FaultReporting | {1377561D-9312-452C-AD13-C4A1C9C906E0} | WerFault.exe |
| Microsoft.Windows.HangReporting | {3E0D88DE-AE5C-438A-BB1C-C2E627F8AECB} | WerSvc.dll |
| Microsoft.Windows.Licensing.IUI | {753436F5-735D-41FA-B4B7-D68579AC5582} | Explorer.exe |
| Microsoft.Windows.Lxss.Manager | {B99CDB5A-039C-5046-E672-1A0DE0A40211} | LxssManager.dll |
| Microsoft.Windows.MobilityExperience | {5AFB7971-45E5-4D49-AAEB-1B04D39872CF} | Explorer.exe |
| Microsoft.Windows.NTVDM | {70CAA5B8-A8F0-408A-8B53-563BFF7FF2FF} | Kernel32.dll |
| Microsoft.Windows.PerfLib | {BC44FFCD-964B-5B85-8662-0BA87EDAF07A} | AdvApi32.dll |
| Microsoft.Windows.Shell.CoCreateInstanceAsSystem | {FFE467F7-4F51-4061-82BE-C2ED8946A961} | Explorer.exe |
| Microsoft.Windows.Shell.ControlCenter | {2C00A440-76DE-4FE3-856F-00557535BE83} | Explorer.exe |
| Microsoft.Windows.Shell.Desktop.LogonFramework | {04D28E21-00AA-5228-CFD0-D70863AA5CE9} | Explorer.exe |
| Microsoft.Windows.Shell.Explorer | {5F1E1B94-A9FE-57D8-ABE7-D29A6DF9E967} | Explorer.exe |
| Microsoft.Windows.Shell.NotificationCenter | {4BFE0FDE-99D6-5630-8A47-DA7BFAEFD876} | Explorer.exe |
| Microsoft.Windows.Shell.PrivacyConsentLogging | {58B09B7D-FD44-5A27-101D-5D2472A7BB42} | Explorer.exe |
| Microsoft.Windows.Shell.ScalingCompat | {2DBD0B99-C886-5C44-9FC2-7220DDF5AAF6} | DwmApi.dll |
| Microsoft.Windows.Shell.StateCapture | {82A0F3C6-C4DC-54FB-F358-354C5026DC61} | Explorer.exe |
| Microsoft.Windows.Shell.Taskbar | {DF8DAB3F-B1C9-58D3-2EA1-4C08592BB71B} | Explorer.exe |
| Microsoft.Windows.Shell.TileBadgeProvider | {34D3FCA3-41F2-4498-B7A0-58708572B583} | Explorer.exe |
| Microsoft.Windows.ShellExperienceDispatcher | {273C19B2-6643-5A58-6288-C336D3688B8D} | Explorer.exe |
| Microsoft.Windows.ShellPlacements | {7CA6A4DD-DAE5-5FB7-EC8E-4A6C648FADF9} | Explorer.exe |
| Microsoft_Windows_Shell_Core_Provider | {30336ED4-E327-447C-9DE0-51B652C86108} | Explorer.exe |
| Microsoft-Windows-Shell-CortanaProactive | {0E6F34B3-0637-55AB-F0BB-8B8FA83EDA04} | Explorer.exe |
| Microsoft-Windows-Shell-Launcher | {3D6120A6-0986-51C4-213A-E2975903051D} | Explorer.exe |
| Microsoft.Windows.Security.IsolationApi | {B6FD710B-F783-4B1C-AB9C-C68099DCC0C7} | SecHost.dll |
| Microsoft.Windows.Security.MitigationPolicy | {CA967C75-04BF-40B5-9A16-98B5F9332A92} | SecHost.dll |
| Microsoft.Windows.Subsystem.Adss | {754E4536-6735-4194-BE81-1374BD2E9B0D} | LxCore.sys |
| Microsoft.Windows.Subsystem.LxCore | {0CD1C309-0878-4515-83DB-749843B3F5C9} | LxCore.sys |
| Microsoft.Windows.Subsystem.Lxss | {D90B9468-67F0-5B3B-42CC-82AC81FFD960} | WslHost.exe |
| Microsoft.Windows.Taskmgr | {2E635D8E-1107-4555-9319-32EEB895AAAE} | TaskMgr.exe |
| Microsoft-Windows-UAC | {E7558269-3FA5-46ED-9F4D-3C6E282DDE55} | Kernel32.dll |
| Microsoft.Windows.Wil.FeatureLogging | {DCEF5411-1F98-5EE7-238B-5ABD0E078E97} | Explorer.exe |
| Microsoft.Windows.WindowsErrorReporting | {CC79CF77-70D9-4082-9B52-23F3A3E92FE4} | WerFault.exe |
| Microsoft.Windows.WERSecureVertical | {97945555-B04C-47C0-B399-E453D509A5F0} | WerFaultSecure.exe |
| Microsoft.Windows.WERVertical | {2B87E57E-7BD0-43A3-A278-02E62D59B2B1} | WerFault.exe |
| MSNT_SystemTrace | {9E814AAD-3204-11D2-9A82-006008A86939} | |
| TelemetryAssert | {6D1B249D-131B-468A-899B-FB0AD9551772} | Explorer.exe |
| TelemetryAssertDiagTrack | {E0B47CF8-E776-4EA7-9EC0-93A85B9A7A2B} | Explorer.exe |
| WERSVC_TRIGGER_PROVIDER_GUID | {E46EEAD8-0C54-4489-9898-8FA79D059E0E} | Dwm.exe |


* List of Event Providers from `SecHost!EtwpGuidMap` (array of GUIDs):
Expand Down
4 changes: 4 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#Root Makefile for TraceEvent project

exe:
cd src ; $(MAKE)
Loading

0 comments on commit 2fc5097

Please # to comment.