22:40 enabling those symbols not only translated the addresses but also showed much more user mode stack frames? Is that local calls in same module or another effect?
I'm struggling to find a way to trace what script/program writes down a specific file under a specific directory at startup, meaning like when I start my PC, the file is already there so I can't trace after using Procmon, which would mean I need to use the boot thing mentioned in the video but for some reason I can't find what program writes down this file.
Great! I’ve used ProcMon many times, but learned many new techniques from this video.
Great deep dive into ProcMon! Very interesting.
22:40 enabling those symbols not only translated the addresses but also showed much more user mode stack frames? Is that local calls in same module or another effect?
I'm struggling to find a way to trace what script/program writes down a specific file under a specific directory at startup, meaning like when I start my PC, the file is already there so I can't trace after using Procmon, which would mean I need to use the boot thing mentioned in the video but for some reason I can't find what program writes down this file.
A demo of you loading your own symbols would be great
Where have you got that Isfahani Carpet?
how to unload procmon can u help me?
time to move on to windows 11