Pavel Yosifovich
Pavel Yosifovich
You can always enumerate processes every interval (1 sec, 500 msec, whatever), and compare with the previous list for changes. This is how Task Manager and Process Explorer work.
You are correct, this flag is supported from Windows 8 only.
I'm afraid my resources are limited, I'll see if I can do something about that, but no promises.
Some ETW events don't provide a process ID and it's reported as -1
No promises, I'll add that to my backlog.
This is not yet supported (but planned). There may be other PE related tools that allow you to do that.
probably right... I only compiled for x64. I accept PRs!
Thanks. I know that the filters tab is far from complete, so that's no surprise. I'll try to fix the basics.
Thanks for the ideas!
Thanks, I'll look into it.