Windows 10: New (possible) alternative to ProcMon uses ETW instead of kernel hooks

Developer Pavel Yosifovich has released an early version of a Process Monitor alternative that has the makings of a great addition to / replacement for SysInternal's Process Monitor (ProcMon). Called Process Monitor X (and dubbed ProcMonX), it is a unique take on how to view various events that occur within the operating system as we use it.

From his blog post about the release:

In my opinion, this could well be a great tool to add to the large list of tools that I keep handy for all sorts of analysis when I break something on my system (mostly stuff from Nir Sofer and SysInternals).

We shall see.

Github: GitHub - zodiacon/ProcMonX: Extended Process Monitor-like tool based on Event Tracing for Windows

:)

 

wpr TraceLoggingWrite

As you may already know, TraceLogging is the new Windows 10 event tracing framework for user-mode applications and kernel-mode drivers. TraceLogging builds on Event Tracing for Windows (ETW) and provides a simplified way to instrument code. As such, posting
your query on our MSDN Forums
will be the best step regarding your concern.

Let us know if you have clarifications.

 

ETL Collector svc, What is it?

Hi,

We'd like you to confirm a few things for us to assist you better:

- By any chance, are you referring to ETW Collector Service instead of ETL?

- Could you provide us with a screenshot of the service and the file extension?

- Have you made any recent changes that initiated this service to appear in your system?

Unless we can verify if it's ETL or ETW you're referring to, we will be inclined to think that this may be a third party application.

Regards.

 

Thanks- this sounds interesting.. I agree there's a real need for a tool that lets you focus quickly on particular types of events related to your current issue, and ProcMon's filter is a bit of a nightmare.

 

Great find!

Thanks!