DavidXanatos
commented
3 years ago priv10 does now monitor file accesses, but you can use ETW for that purpose, see my task explorer for an example: https://github.com/DavidXanatos/TaskExplorer/blob/master/TaskExplorer/API/Windows/Monitors/EventMonitor.cpp
can priv10's etw get full file path from etw read/write event in native mode ? i download priv10 source code ,but can not found the solution