Here are somethings I discovered about Windows Process IDs that I did not previously know...ProcessIDs are stored as DWORDs.
A DWORD is a 32-bit unsigned integer (range: 0 through 4294967295 decimal).
ProcessIDs are divisible by 4 so the highest possible pid is 4,294,967,292.
Since they are divisible by 4, there are only 1,073,741,823 possible PIDs.
I wrote a script to keep launching and closing "calc.exe" until it gave me the PID I wanted.
On average, it took around 103 tries to get the pid I wanted.
I knew PIDs get reused all the time but its weird that it happens so often.
The whole problem with the sysmonmap from here
is that there was a PID reused in under a second. That has got to cause other problems than just logging.
I am not investing any actual research time on this but I am documenting the trivia nonetheless.