Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,208 questions
Procmon visilibily into Kernel activities
mrboyd
6
Reputation points
Hi Guys,
Today I had a developer tell me that Procmon could not 'see' actions that occur in kernel mode because they don't cross the system call boundery between user mode and kernel mode, and the filter driver can only see those transactions and not the ones before it. Is this accurate? If it is, is there a way (other than windbg) to catch transaction that happen in Kernel mode?
Sysinternals
Sign in to answer