how to find the process

Question

how to find the process

Closed this issue 7 years ago · 5 comments

SuperXiaoxiong commented 7 years ago

thanks:
I am new to the etw with 3 questions.

how to log the result with windows10? the result are print on the command and I wonder how can I log it
the description was print in byte? how could convert it to utf-8 because there is nothing I can read
When I monitor the dns request, how could I defind which process launch the dns Or is the anyother way to locate which dns launched by the process

Answer 1 · 2017-10-16T17:25:23.000Z

Use the --logfile command line argument.
The description coming from the event may or may not convert to UTF-8 properly. This is one of the reasons that we used bytes.
The ProcessId field in the event header contains the process PID.

Answer 2 · 2017-10-17T15:34:44.000Z

@SuperXiaoxiong Does my previous response answer your questions?

Answer 3 · 2017-10-18T10:45:52.000Z

Thanks first!
the question2,3 is done ,but the log still won't be created
Here is my code

import etw
def some_fuc():
    guid = {'Some provider': etw.GUID("{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}")}
    job = etw.ETW(guid)
    etw.run('etw',job, logfile='./testlog')
some_fuc()

Answer 4 · 2017-10-18T22:39:14.000Z

You are welcome. Are you sure you have write access to that path?

Answer 5 · 2017-10-19T03:14:39.000Z

thanks very much ！
It's ok now although I don't know why it don't work yesterday,
i really appreciate your help