.NET C# Version, Starting point #1007
-
Hey there, this is a rather unusual question. But i am a big fan of the project. Process Hacker shows those stuff similar to sysinternals in a great way. From what i have seen from my comparism the data in Resource Manager and Process Hacker are equal. I found via the code here, that you are using ETW to gather all this data. I found some entry points in etwmon and etwdisk and etwstat. I am just curious if someone can link me or help me try to understand where the matching is happening to the process for each category (disk, network, file). Its rather complex and testing is not simple due to the amount of events coming in. That would be really awesome, to get some few notes here |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Everything is based on the ProcessId included in the event headers. Disk events are a 50/50 exception to this rule with some events being matched based on their object address.
Yes |
Beta Was this translation helpful? Give feedback.
Everything is based on the ProcessId included in the event headers. Disk events are a 50/50 exception to this rule with some events being matched based on their object address.
Yes