Hacker News new | ask | show | jobs
by altano 1872 days ago
I think you’re mistaken. ProcMon doesn’t use ETW on Windows and I don’t believe it ever did?
2 comments
bboreham 1871 days ago
Sorry about that; I guess I misremembered?

This file says it does, though only for network events: https://documentation.help/Process-Monitor/documentation.pdf

link
ale42 1872 days ago
Indeed I don't think so. ProcMon uses a kernel driver for the event tracing.
link