From 5d1aff160a3832d8e80f0388e1b2486bfda27cc6 Mon Sep 17 00:00:00 2001
From: Bruce Dawson <brucedawson@cygnus-software.com>
Date: Wed, 19 Feb 2020 17:04:58 -0800
Subject: [PATCH] Add Microsoft-Windows-Kernel-Process

Suggested by @tiraniddo for investigating process freeze/thaw events
in relationship to a resume-from-standby issue:

https://twitter.com/tiraniddo/status/1230228418102353920

https://twitter.com/BruceDawson0xB/status/1229879280819007488
---
 UIforETW/UIforETWDlg.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/UIforETW/UIforETWDlg.cpp b/UIforETW/UIforETWDlg.cpp
index 172333e3..65185054 100644
--- a/UIforETW/UIforETWDlg.cpp
+++ b/UIforETW/UIforETWDlg.cpp
@@ -1093,6 +1093,13 @@ void CUIforETWDlg::OnBnClickedStarttracing()
 	// Memory-> Virtual Memory Snapshots. On windows 8.1 and above this makes the working set
 	// scanning in UIforETW unnecessary.
 	userProviders += L"+Microsoft-Windows-Kernel-Memory:0xE0";
+	if (IsWindowsTenOrGreater())
+	{
+		// This includes process freeze events, thread priority change events, and
+		// other good stuff. I don't know when it was first created and I can't easily
+		// test so I'm gating this to Windows 10.
+		userProviders += L"+Microsoft-Windows-Kernel-Process";
+	}
 
 	if (!extraUserProviders_.empty())
 	{