- The data in user mode one can access is a field
ProcessSequenceNumber in the PROCESS_TELEMETRY_ID_INFORMATION_TYPE
- It is retrieved via well-known native but user-mode
NtQueryInformationProcess function using ProcessInformationClass=ProcessTelemetryIdInformation .
- Sure, it is Windows 10 thing, and I am Ok with that limitation since older systems are out of support, but the problem, and I hope I am wrong since I did not test it yet, is that this information about a process will be denied to a different (non-admin) user which renders exercise moot I think.
Originally posted by @iglendd in #2463
