Estou trabalhando em um processo de captura tentando analisar um problema e tenho cerca de quarenta linhas que se parecem com isso:
0.700867755 Explorer.EXE 10480 CreateFile \.\.\ SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Directory, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened \.\.\
0.700867755 Explorer.EXE 10480 FileSystemControl \.\.\ SUCCESS Control: CSC_FSCTL_OPERATION_QUERY_HANDLE \.\.\
0.700867755 Explorer.EXE 10480 FileSystemControl \.\.\ SUCCESS Control: CSC_FSCTL_OPERATION_QUERY_HANDLE \.\.\
0.700867755 Explorer.EXE 10480 CloseFile \.\.\ SUCCESS \.\.\
0.700867766 Explorer.EXE 10480 CreateFile \.\.\ SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Directory, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened \.\.\
0.700867766 Explorer.EXE 10480 FileSystemControl \.\.\ SUCCESS Control: CSC_FSCTL_OPERATION_QUERY_HANDLE \.\.\
0.700867766 Explorer.EXE 10480 FileSystemControl \.\.\ SUCCESS Control: CSC_FSCTL_OPERATION_QUERY_HANDLE \.\.\
0.700867766 Explorer.EXE 10480 CloseFile \.\.\ SUCCESS \.\.\
O que \.\.\ denota para o caminho? Parece um caminho relativo, mas eu nunca vi um caminho relativo antes em uma saída Procmon.
Tags procmon