Process Monitor X (ProcMonX) By Pavel Yosifovich Extended Process Monitor-like tool based on Event Tracing for Windows Link: https://github.com/zodiacon/ProcMonX First Testing Preview Build: https://github.com/zodiacon/ProcMonX/releases/tag/0.1-preview1 Something to keep an eye on. This does not utilize a kernel-mode driver as most others do since this utilizes Event Tracing instead which has been around for quite some time but has been more popular among defenders in recent times. Tons of potential in Event Tracing. Anyway, this is just a first working prototype for initial testing. So far it's working relatively well here. But something to keep an eye on going forward though. This is one of the main authors for Windows Internals books and has a whole pile of nice free / open source apps on his Github (including GFlagsX).
Soon there will be a blog post about it (and a screenshot of this tool can be seen in the following tweet)
This is getting quite powerful. Very nice. Also, we need to understand that we cannot compare this to Process Hacker or Process Explorer since it is quite different. This is more for monitoring/logging very much the same as Process Monitor (ProcMon) but done in a different method as the blog explains. Great for gathering information on malware and such. I have been compiling the binary myself with each and every commit that Pavel makes because it keeps getting better.
It has left the preview-status and a beta version has been released: ProcMonX v0.2 beta (January 20, 2018) https://github.com/zodiacon/ProcMonX/releases/tag/v0.2-beta
@mood Thank you. My RSS feeds for Github accounts seem to be delayed by hours in the past few weeks for some reason.