⚠️ Note:This project was initially started when the "follow child process" option wasn't availble with TTD. Now, thanks to official TTD.exe CLI, you can just use
-childrento follow child processes. See the Microsoft documentation
Two scripts have been added to the repo to start and stop the TTDProcessTracker driver.
Run the following commands in the same folders as Tracker.exe and TTDProcessTracker.sys
.\startpt.cmd
.\Tracker .\path\to\process\to\track .\path\to\out\folder
.\stoppt.cmd