![]() You can also add some additional columns to the default display by going to Options -> Select Columns. Detail – additional information that often doesn’t translate into the regular geek troubleshooting world.While you might be tempted to automatically assume that an BUFFER TOO SMALL means something really bad happened, that isn’t actually the case most of the time. ![]() Result – This shows the result of the operation, which codes like SUCCESS or ACCESS DENIED.If this was a registry event, it would show the full key being accessed. For instance, if there was a WriteFile event, this field will show the name of the file or folder being touched. Path – this is not the path of the process, it is the path to whatever was being worked on by this event.These can be a little confusing, like RegQueryKey or WriteFile, but we’ll try and help you through the confusion. Operation – this is the name of the operation that is being logged, and there is an icon that matches up with one of the event types (registry, file, network, process).It’s also a great way to isolate a single process for monitoring, assuming that process doesn’t re-launch itself. This is very useful if you are trying to understand which svchost.exe process generated the event. PID – the process ID of the process that generated the event.This doesn’t show the full path to the file by default, but if you hover over the field you can see exactly which process it was. ![]()
0 Comments
Leave a Reply. |