How to consume real-time ETW events from the Microsoft-Windows-NDIS-PacketCapture provider?

Question

The larger question is how to consume real-time ETW network stack events in general but I\'m particularly interested in the Microsoft-Windows-NDIS-PacketCapture provider

Answer 1

Here's a commented c++ example application that demonstrates simultaneous real-time ETW sessions for packet capture and kernel events.

https://github.com/packetzero/etwrealtime