我正在尝试使用PowerShell脚本中的krabsetw库(https://github.com/Microsoft/krabsetw)。 该脚本能够创建会话并正确配置,但无法使用任何事件。
脚本:
JFrame frame = new JFrame("");
frame.setLayout(new GridBagLayout());
frame.setPreferredSize(new Dimension(frameSize.x, frameSize.y));
frame.setSize(new Dimension(frameSize.x, frameSize.y));
frame.setMinimumSize(new Dimension(800, 600));
frame.setResizable(true);
frame.setVisible(true);
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.setFocusable(true);
Game game = new Game(frame);
Game.frameSize = new Vector((int) Math.round((GameFrame.frameSize.x - 2) * 1.3), GameFrame.frameSize.y - 2);
game.setSize(new Dimension(frameSize.x, frameSize.y));
game.setPreferredSize(new Dimension(frameSize.x, frameSize.y));
frame.addMouseMotionListener(new GameMouseMotionListener());
frame.addComponentListener(new GameComponentListener(frame, game));
frame.addMouseListener(new GameMouseListener());
frame.addKeyListener(new GameKeyListener());
frame.add(game);
我也尝试过“简单”的动作形式:
Function Parse-ETW()
{
Param([O365.Security.ETW.IEventRecord] $record)
Write-Host $record.Id
}
$Trace = New-Object -TypeName O365.Security.ETW.UserTrace -ArgumentList @("Session-$([System.Guid]::NewGuid())")
$Provider = New-Object -TypeName O365.Security.ETW.Provider -ArgumentList @([System.Guid]::Parse("{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}"))
$Provider.Any = [O365.Security.ETW.Provider]::AllBitsSet
$Job = Register-ObjectEvent -InputObject $Provider -EventName "OnEvent" -Action {Parse-ETW -record $EventArgs}
$Trace.Enable($Provider)
$Trace.Start()
另外,没有结果。 任何想法如何使它工作?
事件消耗方法的C#签名:
Register-ObjectEvent -InputObject $Provider -EventName "OnEvent" -Action {Write-Host "Event arrived"}
使用C#代码
public delegate void IEventRecordDelegate(IEventRecord record);