@SteffenZeidler: each core has a thread for idle processing. These are represented by PID 0 (which doesn't really exist). The threads consume working set as the threads need to be paged in to work.
Process Explorer has history support. New history columns were added about a year ago. Instead of being numbers they are graphs. There is no explicit api that gives you the history. The closest thing is being an ETW consumer and polling the system with the tooltip32 API.
ProcDump is designed to not change the state of the target. If you wrote your own MiniDumpCallback DLL (-d <dll>) you might be able to force the flush of the ETW buffers - it'd only work if the target didn't needed to execute any of it's threads (as they will be all suspended).
@James G: I use a vhd for the show and it only runs during taping (so I don't add features to the install without you seeing it). The next time I prepare for a show, I'll make sure to give it some time to do the updates. Can't set a bad example can I!
The show will be weekly for at least another ~10 weeks based on the current episode recording schedule. We tape a few at a time if it is the same topic.
Next is vmmap, then we have a special edition, then inbox tools. After that in a yet to be decided order is 3+ on Windows Performance Toolkit, 2+ on Procdump, 4+ on Debugging Tools for Windows, Network Monitor, Fiddler and PsTools. In the maybe bucket is audio, video, printing and device troubleshooting (1 each). We will also probably do a live show on Channel 9 Live at Build.
Lots and lots of shows to watch! If your favorite tool isn't in that list, drop us an email at firstname.lastname@example.org or write a comment and we'll add it to the list or move it forward.
@siodmy: The repurposed of 0-4 is expected. It is the 5-7 that matter. You are getting enough memory pressure on 5 (1.6Gb -- x8 reused) to raise interest at least. Adding a few gigs will definitely help in those times - its not critical though.
@Tom Hall: Procmon may indeed be looked for by crysis. Some games don't like you looking at the I/O operations as they think you are trying to hack the game. All you can do iscrebiit (to unload the driver) and then play the game.