Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Original Article: http://technet.microsoft.com/en-us/library/ff730927.aspx
- Code showing updated "Get-Event" instead of "Get-PSEvent"
- PS > Register-WMIEvent -query "Select * From __InstanceCreationEvent within 3 Where TargetInstance ISA 'Win32_Process'" `
- -messageData "A new process has started." -sourceIdentifier "New Process"
- ___________________________________________________________________________________
- # Run calc.exe
- PS > Get-Event -SourceIdentifier "New Process"
- ComputerName :
- RunspaceId : 2a7e4118-3ad2-4ef8-872f-a52924202574
- EventIdentifier : 4
- Sender : System.Management.ManagementEventWatcher
- SourceEventArgs : System.Management.EventArrivedEventArgs
- SourceArgs : {System.Management.ManagementEventWatcher, System.Management.EventArrivedEventArg
- s}
- SourceIdentifier : New Process
- TimeGenerated : 7/12/2011 4:24:09 PM
- MessageData : A new process has started.
- ______________________________________________________________________________________
- PS > Unregister-Event -SourceIdentifier "New Process"
- ______________________________________________________________________________________
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
