Hi Vasili,
The biggest challenge here is all the dynamic created kernel objects (TSK, SWI, etc.) have timed life span. The handle, name, resources, ..., only valid between creation and termination. You can imagine by the time the log is received, the object itself may be already terminated on the target and doesn't exist anymore. The only guarantee way is to log the name instead of handle with every event which will increase traffic significantly.
There is still limitation when using the nameOfReference. This works as long as the handle has not been recycled yet. You may get a handle used before and the handle-name mapping may not be correct. Please note that you have to log the same handle (Arg1) as logged in task switch event.
Bruce