![]() ![]() ![]() process) # Accessing the process of the event "C:\Windows\system32\dwm.exe", 932 > for module in first_event. exe, Pid = 932, Operation = RegQueryValue, Path = "HKCU\Software\Microsoft\Windows\DWM\ColorPrevalence", Time = 7 / 12 / 2020 1: 18: 10.7752429 AM > print( first_event. > len( pml_reader) # number of logs 53214 > first_event = next( pml_reader) # reading the next event in the log > print( first_event) > from procmon_parser import ProcmonLogsReader > f = open( "LogFile.PML", "rb") > from procmon_parser import load_configuration, dump_configuration, Rule > with open( "ProcmonConfiguration.pmc", "rb") as f: ![]() Loading configuration of a pre-exported Procmon configuration: ![]() PMC (Process Monitor Configuration) Parser Usage Instead of having to convert the file to CSV/XML formats prior to loading. Parsing PML files - making it possible to directly load the raw PML file into convenient python objects.Reduce the size of the log file over time as Procmon captures millions of events. Parsing
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |