Closed bashimao closed 2 months ago
dup: #1047, #88
and where/how i can get PID?
@henrypp: Originally, I thought that you probably get the PID reported by the FW and then resolve it into a name. At least that would have sounded logical to me.
Now that I looked at the API, I see your problem. Beside the appId
field in the FWPM_NET_EVENT_HEADERx
there is not much. And that one seems to point to the name of the executable.
As said, I am surprised the API is constructed like this. Boggles me. Still, being able to tell apart processes in the log would be a super useful feature.
Now that I looked at the API, I see your problem. Beside the appId field in the FWPM_NET_EVENT_HEADERx there is not much. And that one seems to point to the name of the executable.
only executable path, not anymore, or you give a example how to get PID from FWPM_NET_EVENT_HEADERx
?
Checklist
App version
3.8.2
Problem you are trying to solve
The packets log is a great tool to understand what is going on. However, it only shows the name of the process, but not its PID. So if there are multiple processes with the same name, let's say for example
svhost.exe
, it is currently impossible to identify which instance of the executable made the request.Suggested solution
Add a column
PID
to the packets log.Screenshots / Drawings / Technical details
No response