D00MFist/Process-Start-Log.py

## Process-Start-Log.py
'''
Original Author: In Ming Loh

Requirements:
    1. Python 3
    2. pip install pywintrace
    4. Windows machine
'''

import time
import etw

def showetwData(x):
    _etwData = x[1]
    print (_etwData)

def main_function():
    # define capture provider info
    providers = [etw.ProviderInfo('Microsoft-Windows-Kernel-Process', etw.GUID("{22FB2CD6-0E7B-422B-A0C7-2FAD1FD0E716}"))]

    # create instance of ETW class
    job = etw.ETW(providers=providers, event_callback=lambda x: showetwData(x), task_name_filters="PROCESSSTART")

    # start capture
    job.start()
    print(job)
    try:
        while True:
            pass
    except(KeyboardInterrupt):
        job.stop()
        print("ETW monitoring stopped.")

if __name__ == '__main__':
    main_function()
	'''
	Original Author: In Ming Loh

	Requirements:
	1. Python 3
	2. pip install pywintrace
	4. Windows machine
	'''

	import time
	import etw

	def showetwData(x):
	_etwData = x[1]
	print (_etwData)

	def main_function():
	# define capture provider info
	providers = [etw.ProviderInfo('Microsoft-Windows-Kernel-Process', etw.GUID("{22FB2CD6-0E7B-422B-A0C7-2FAD1FD0E716}"))]

	# create instance of ETW class
	job = etw.ETW(providers=providers, event_callback=lambda x: showetwData(x), task_name_filters="PROCESSSTART")

	# start capture
	job.start()
	print(job)
	try:
	while True:
	pass
	except(KeyboardInterrupt):
	job.stop()
	print("ETW monitoring stopped.")

	if __name__ == '__main__':
	main_function()