Capture ETW events with C++ (Part 2)
Pavel Yosifovich
April 13, 2026
Learn how to use TdhGetEventInformation and TdhFormatProperty in C++ to decode ETW event names, keywords,
Learn how to use TdhGetEventInformation and TdhFormatProperty in C++ to decode ETW event names, keywords,
Learn how to consume real-time ETW events in C++ using Win32 APIs. Pavel walks through
Control Panel is still supported, which means you can still build your own applets. This
In a previous post we hid a Windows service using a UI tool. This post
A Windows service can be running normally and still disappear from Services.msc and sc query.
Rust is safe by default, but Windows system programming still means calling Win32 APIs, dealing
Join Pavel Yosifovich for a live 4 hour masterclass on researching Windows using WinDbg. Learn
Thread-Local Storage (TLS) lets each thread keep its own data without sharing state across the
Access masks are the 32-bit “what you can do” values stored in handles and ACE
How to Delete a File in Windows (and What “Delete” Really Means)