tryingToLearn
Reputation: 11659
How to control procmon through python?
I have a ProcMon Log file(PML). I have as set of rules in a json file(which keep on modifying). I want to write a script in python, which reads json file, creates a procmon filter(pmf) file, applies these filters to procmon and capture the resulting output in excel file.
Upvotes: 1
Views: 756
Answers (1)
osama ellahi
Reputation: 31
First of all save the data of procmon in pml (you can change according to your logic)
start "" "path-to-Procmon.exe" /Backingfile events.xml && timeout /t 10 && taskkill /im Procmon.exe /f
after this convert it to xml if you want
procmon.exe /OpenLog events.pml /SaveAs1 capture.xml
Now you can use python to filter things
import xml.etree.ElementTree as ET
# Example XML data
xml_data = r'''
<root>
<module>
<Timestamp>133306891318592433</Timestamp>
<BaseAddress>0x7ffd7e1d0000</BaseAddress>
<Size>352256</Size>
<Path>C:\Windows\System32\dlnashext.dll</Path>
<Version>10.0.19041.1 (WinBuild.160101.0800)</Version>
<Company>Microsoft Corporation</Company>
<Description>DLNA Namespace DLL</Description>
</module>
</root>
'''
# Parse the XML data
root = ET.fromstring(xml_data)
# Extract paths with condition "contains" starting with "C"
for module in root.findall('module'):
path_element = module.find('Path')
condition = path_element.attrib.get('condition')
path = path_element.text
if (condition == 'contains' and 'C' in path) or path.startswith('C'):
print(path)
Upvotes: 0
Related Questions
- What does the "yield" keyword do in Python?
- Does Python have a ternary conditional operator?
- What is the difference between @staticmethod and @classmethod in Python?
- How slicing in Python works
- How do I check whether a file exists without exceptions?
- How do I merge two dictionaries in a single expression in Python?
- What are metaclasses in Python?
- How do I get the current time in Python?
- How can I access environment variables in Python?
- How do I execute a program or call a system command?