after a quick look at this tool, it seems to treat event message string as
one field. but this field is actually most interesting when considering
process tracking (event 593), and this is actually the field which causes
most problems with extracting arguments from, since it contains the image
file ...
one field. but this field is actually most interesting when considering
process tracking (event 593), and this is actually the field which causes
most problems with extracting arguments from, since it contains the image
file ...
[ more ]