bill-long/Attach-OnProcessStart.ps1

## Attach-OnProcessStart.ps1
# Attach-OnProcessStart

$ProcessName = "notepad.exe"
$ExceptionFilter = "ScanQueueTimeoutException"

Register-CimIndicationEvent -ClassName Win32_ProcessStartTrace -SourceIdentifier "ProcessStarted"

while ($true) {
    $e = @(Get-Event)
    if ($e.Count -lt 1) {
        continue
    }

    $e | ForEach-Object {
        Write-Host $_.SourceEventArgs.NewEvent.ProcessID ":" $_.SourceEventArgs.NewEvent.ProcessName
        if ($_.SourceEventArgs.NewEvent.ProcessName -eq $ProcessName) {
            Start-Process procdump -ArgumentList "-ma -e 1 -f $ExceptionFilter $($_.SourceEventArgs.NewEvent.ProcessID)"
        }
    }

    $e | Remove-Event
}
	# Attach-OnProcessStart

	$ProcessName = "notepad.exe"
	$ExceptionFilter = "ScanQueueTimeoutException"

	Register-CimIndicationEvent -ClassName Win32_ProcessStartTrace -SourceIdentifier "ProcessStarted"

	while ($true) {
	$e = @(Get-Event)
	if ($e.Count -lt 1) {
	continue
	}

	$e \| ForEach-Object {
	Write-Host $_.SourceEventArgs.NewEvent.ProcessID ":" $_.SourceEventArgs.NewEvent.ProcessName
	if ($_.SourceEventArgs.NewEvent.ProcessName -eq $ProcessName) {
	Start-Process procdump -ArgumentList "-ma -e 1 -f $ExceptionFilter $($_.SourceEventArgs.NewEvent.ProcessID)"
	}
	}

	$e \| Remove-Event
	}