Do you know how to simulate win10 `perfmon.exe` to monitor the disk operation of a process?

[625781186]

I don't know how to get the information of the field "File". Do you have any good Suggestions?

Aim

The 3dsmax process did not officially display a progress bar when loading the large model. So I needed to implement an external progress bar myself.

1. Get the open files path to get the total file size;
2. Get Read file IO speed/s.

To implement the progress bar.

Can use EWT implement it?

[randomascii]

An external progress bar is a challenge. ETW could handle that, but it would be very complicated code, and the results would be delayed (ETW doesn't deliver results in real-time).

I have no expertise with this sort of real-time ETW monitoring. I'd recommend asking on stack overflow or similar.

[625781186]

An external progress bar is a challenge. ETW could handle that, but it would be very complicated code, and the results would be delayed (ETW doesn't deliver results in real-time).

I have no expertise with this sort of real-time ETW monitoring. I'd recommend asking on stack overflow or similar.

Follow this link (https://www.fireeye.com/blog/threat-research/2017/09/pywintrace-python-wrapper-for-etw.html) , It say can deliver results in real-time.

[randomascii]

"real-time" is an overloaded term in this context. To be more precise I would say that messages can be delivered in "real-time" but not synchronously and with an unpredictable and variable delay. The length of the delay and whether that is acceptable is highly context dependent. pywintrace looks interesting.