Hi, I am looking into how programs like tcpview manage to know how many bytes are sent and received by an individual process. I notice that the task manager in windows 10 also has this information in the form of Mb/s for individual application.

In my initial search I seen comments like "(x)app must/probably use ETW (event tracing for windows)" but they never explain how.

I'm not fussy whether a solution might be in C/++ or C#.

I'm hoping someone can point me in the right direction.

Thanks for reading.

Edited 1 Year Ago by Suzie999

Thanks, I'll have another read of that, from what I gathered when I read it before, it gives overall network interface details, and cannot determine from it where the data is coming from or going to.

So from it I could get the same information as windows 7 task manager on network tab.

I found some code on msdn to get me started, or at least see what it's doing to get a general idea. I won't post it here as it's quite long, but I can link to it.

https://msdn.microsoft.com/en-us/library/windows/desktop/ee441329?v=vs.85.aspx

Problem is, the code right off msdn fails at the first hurdle which is located about 50 or so lines down and can be identified as

wprintf(L"OpenTrace failed with %lu\n", GetLastError())

GetLastError() is 161 (invalid path name) my path is fine, in an accessible place and the code is running as adminstrator.

I could only really find one reference to the problem here https://social.msdn.microsoft.com/Forums/en-US/a1cc98d7-96d3-4887-875c-ab6c46873d32/opentrace-problem?forum=etw which unfortunately went unanswered.

To be honest I would expect example code on msdn to at least run.

This article has been dead for over six months. Start a new discussion instead.