I'm struggling to find a way to trace what script/program writes down a specific file under a specific directory at startup, meaning like when I start my PC, the file is already there so I can't trace after using Procmon, which would mean I need to use the boot thing mentioned in the video but for some reason I can't find what program writes down this file.
22:40 enabling those symbols not only translated the addresses but also showed much more user mode stack frames? Is that local calls in same module or another effect?
Great! I’ve used ProcMon many times, but learned many new techniques from this video.
I'm struggling to find a way to trace what script/program writes down a specific file under a specific directory at startup, meaning like when I start my PC, the file is already there so I can't trace after using Procmon, which would mean I need to use the boot thing mentioned in the video but for some reason I can't find what program writes down this file.
Great deep dive into ProcMon! Very interesting.
A demo of you loading your own symbols would be great
Where have you got that Isfahani Carpet?
22:40 enabling those symbols not only translated the addresses but also showed much more user mode stack frames? Is that local calls in same module or another effect?
time to move on to windows 11
how to unload procmon can u help me?