add functions to etwpatch

SolitudePy · SolitudePy · commit 94a029232848 · 2025-05-07T19:05:05.000+03:00
diff --git a/volatility3/framework/plugins/windows/etwpatch.py b/volatility3/framework/plugins/windows/etwpatch.py
@@ -30,10 +30,17 @@ class EtwPatch(interfaces.plugins.PluginInterface):
                 "EtwEventWrite",
                 "EtwEventWriteFull",
                 "NtTraceEvent",
+                "NtTraceEvent",
+                "ZwTraceEvent",
+                "NtTraceControl",
+                "ZwTraceControl",
+                "EtwpEventWriteFull"
             ],
         },
         "advapi32.dll": {
-            pe_symbols.wanted_names_identifier: ["EventWrite"],
+            pe_symbols.wanted_names_identifier: [
+                "EventWrite", 
+                "TraceEvent"],
         },
     }
 
