I want to collect programmatically all the processes that were run (created) while my program monitors the system.
I thought using wpr (https://learn.microsoft.com/en-us/windows-hardware/test/wpt/) for collecting the data.
Is there a way to specify a filter to collect only process creation events?
Are there other tools/sdk for getting all process creation events?
Found the following which provide a good starting point: https://www.ired.team/miscellaneous-reversing-forensics/windows-kernel-internals/etw-event-tracing-for-windows-101
