ProcMonXv2 can etw file event support correlating filepath?

can etw file event support correlating filepath?

Open yangjian123 opened this issue 4 years ago • 3 comments

can ProcMonXv2 support correlating filepath for etw fileio event, especially for filerenam event?

Nov 23 '20 05:11 yangjian123

Yes, it's possible, by correlating the file unique key... but it requires work, which I didn't get around to yet :) But I'm happy to receive PRs...

Nov 23 '20 06:11 zodiacon

thanks for reply, but when will this feature be added, do you have a plan?

Nov 23 '20 08:11 yangjian123

No specific plan, as I am currently juggling several projects. I'll see if I can plan for this in the near future.

Nov 23 '20 16:11 zodiacon