I think you’re mistaken. ProcMon doesn’t use ETW on Windows and I don’t believe ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

altano on May 6, 2021 | parent | context | favorite | on: ProcMon for Linux (Preview)

I think you’re mistaken. ProcMon doesn’t use ETW on Windows and I don’t believe it ever did?

bboreham on May 7, 2021 | [–]

Sorry about that; I guess I misremembered?

This file says it does, though only for network events: https://documentation.help/Process-Monitor/documentation.pdf

ale42 on May 6, 2021 | [–]

Indeed I don't think so. ProcMon uses a kernel driver for the event tracing.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact