[ChrisMarshallNY]

That sounds extremely cool.

Sadly, I don't program in Linux, so I can't use it. :'(

[0b01]

If you program on Windows you should check out Event Tracing for Windows(ETW). Similar to eBPF, ETW is a logging framework inside Windows kernal. Microsoft.Diagnostics.Tracing.TraceEvent[0] is a nice nuget package for logging and analyzing ETL files.

[0]https://github.com/microsoft/perfview/blob/master/documentat...

[laserbeam]

But only after reading this glorious and funny article about using ETW for logging thread context switches. https://caseymuratori.com/blog_0025

[0b01]

Thankfully all of this native API is abstracted away in C#.

[tooltower]

If you just want to learn and try it, you can always do it in a Linux VM.

My general development skill (in Linux or otherwise) has definitely improved since I became a Linux native. But that didn't happen overnight.

[0mp]

You may try out generic eBPF outside of Linux: https://github.com/generic-ebpf/generic-ebpf

[0b01]

LLVM also has a BPF backend so you can compile any C++/C program to run on BPF.

[mhh__]

There is also a bpf triple for gcc (I say that having never been able to actually use it)

[jks]

If you're using an old enough MacOS X (I think 10.12 or older), DTrace has similar functionality. Unfortunately it has been broken in recent MacOS versions, at least unless you disable SIP.