.NET C# Version, Starting point

[PatrickSchmidtSE]

Hey there, this is a rather unusual question. But i am a big fan of the project.
I am currently trying to archive a rather simple "process manager" , like the Resource Manager inside the Task manager, but with C# and within the .NET Framework.
There are so many details on a process based . ( disk usage , file I/o per process, tcp ip traffic per process).

Process Hacker shows those stuff similar to sysinternals in a great way. From what i have seen from my comparism the data in Resource Manager and Process Hacker are equal.

I found via the code here, that you are using ETW to gather all this data. I found some entry points in etwmon and etwdisk and etwstat.

I am just curious if someone can link me or help me try to understand where the matching is happening to the process for each category (disk, network, file). Its rather complex and testing is not simple due to the amount of events coming in.
The most thing i wrap my head around is the starting point. Do you start by listening all processes and the fill out relevant data coming in through events afterwards? (matching the process id ).

That would be really awesome, to get some few notes here

[dmex]

where the matching is happening to the process for each category

Everything is based on the ProcessId included in the event headers. Disk events are a 50/50 exception to this rule with some events being matched based on their object address.

Do you start by listening all processes and the fill out relevant data coming in through events afterwards? (matching the process id ).

Yes

[PatrickSchmidtSE]

Thank you for your answer :) This gives me the right starting point of thinking in this!