Skip to content

Instantly share code, notes, and snippets.

@p0w3rsh3ll

p0w3rsh3ll/Read-TranscriptAsObject.ps1 Secret

Last active July 30, 2016 09:52
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save p0w3rsh3ll/caca12813a15bcb98903c6189215d2f5 to your computer and use it in GitHub Desktop.
Save p0w3rsh3ll/caca12813a15bcb98903c6189215d2f5 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Read-TranscriptAsObject.ps1
Function Get-TranscriptContent {
[CmdletBinding()]
Param(
[Parameter(Mandatory)]
[string]$FilePath
)
Begin {
if (-not(Test-Path -Path $FilePath -PathType Leaf )) {
Write-Warning -Message "Filepath isn't a file"
break
}
Write-Verbose -Message "Dealing with file $($FilePath)"
#region helper functions
Function Test-isTranscriptInvocationHeaderEnabled {
[CmdletBinding()]
Param([string]$FilePath)
Begin {}
Process {
$r = $false
Get-ChildItem -Path $FilePath |
Select-String -Pattern "^Command\sstart\stime:\s\d{14}$" -Context 0,1 |
ForEach-Object {
if (($_.Context.PostContext)[0] -match '^\*{22}$') {
$r = $true
}
}
$r
}
End{}
}
Function Test-isTranscriptEnded {
[CmdletBinding()]
Param([string]$FilePath)
Begin {}
Process {
$r = $false
Get-ChildItem -Path $FilePath |
Select-String -Pattern "^Windows\sPowerShell\stranscript\send$" -Context 0,1 |
ForEach-Object {
if (($_.Context.PostContext)[0] -match '^End\stime:\s\d{14}$') {
$r = $true
}
}
$r
}
End{}
}
Function Get-LastSeparatorLineNumber {
[CmdletBinding()]
Param([string]$FilePath)
Begin {}
Process {
Get-ChildItem -Path $FilePath | Select-String -Pattern "^\*{22}$" |
Select -Last 1 -Expand LineNumber
}
End{}
}
Function Get-LinesTotal {
[CmdletBinding()]
Param([string]$FilePath)
Begin {}
Process {
(Get-ChildItem -Path $FilePath | Get-Content -ReadCount 1 | Measure).Count
}
End{}
}
Function Test-HasCommand {
[CmdletBinding()]
Param([string]$FilePath)
Begin {}
Process {
-not((Get-LastSeparatorLineNumber -FilePath $FilePath) -eq (Get-LinesTotal -FilePath $FilePath))
}
End{}
}
#endregion
$InvocationHeaderEnabled = Test-isTranscriptInvocationHeaderEnabled -FilePath $FilePath
Write-Verbose -Message "Invocation Header Enabled: $($InvocationHeaderEnabled)"
$TranscriptEnded = Test-isTranscriptEnded -FilePath $FilePath
Write-Verbose -Message "Transcript Ended: $($TranscriptEnded)"
if (-not$TranscriptEnded) {
$HasCommands = Test-HasCommand -FilePath $FilePath
Write-Verbose -Message "Has commands: $($HasCommands)"
$TotalLines = Get-LinesTotal -FilePath $FilePath
Write-Verbose -Message "Total lines: $($TotalLines)"
$LastSeparatorLineNumber = Get-LastSeparatorLineNumber -FilePath $FilePath
Write-Verbose -Message "Last Separator line number: $($LastSeparatorLineNumber)"
}
}
Process {
$CommandStartTime = $TranscriptStartTime = $UserName = $RunAsUser = $null
$ComputerName = $HostApplication = $PSVersion = $ProcessId = $null
$count = 0
$sb = New-Object System.Text.StringBuilder
$LineCounter = 0
Get-ChildItem -Path $FilePath | Get-Content -ReadCount 1 -Encoding UTF8 |
ForEach-Object -Process {
$Line = $_
$LineCounter++
Switch -Regex ($_) {
'^\*{22}$' { $count++ ; break }
'^Windows\sPowerShell\stranscript\sstart' { break }
'^Start\stime:\s(?<StartTime>\d{14})' { $TranscriptStartTime = $Matches['StartTime'] ; break }
'^Username:\s(?<UserName>.+)' { $UserName= $Matches['UserName'] ; break }
'^RunAs\sUser:\s(?<RunAsUser>.+)' { $RunAsUser= $Matches['RunAsUser'] ; break }
'^Machine:\s(?<ComputerName>.+)\s\(Microsoft\sWindows\sNT\s10\.0\.\d{5}.\d{1}\)' {
$ComputerName = $Matches['ComputerName'] ; break
}
'^Host\sApplication:\s(?<HostApplication>.+)' { $HostApplication = $Matches['HostApplication'] ; break }
'^Process\sID:\s(?<ProcessId>\d{1,})' { $ProcessId= $Matches['ProcessId'] ; break }
'^PSVersion:\s(?<PSVersion>.+)' { $PSVersion= $Matches['PSVersion'] ; break }
'^WSManStackVersion:\s.+' { break }
'^SerializationVersion:\s.+' { break }
'^CLRVersion:\s.+' { break }
'^BuildVersion:\s.+' { break }
'^PSCompatibleVersions:\s.+' { break }
'^PSRemotingProtocolVersion:\s.+' { break }
'^Command\sstart\stime:\s(?<StartTime>\d{14})'{ $CommandStartTime =$Matches['StartTime'] ; break }
'^Windows\sPowerShell\stranscript\send' { break }
'^End\stime:\s\d{14}$' { break }
default {
$null = $sb.AppendLine($_)
}
}
Switch ($count) {
0 {
# Write-Verbose "count is 0 and Line is $Line"
break
}
1 {
# Write-Verbose "count is 1 and Line is $Line"
if ([string]::Empty -eq $sb.toString()) {
# Write-Warning -Message 'string built is empty'
} else {
[PSCustomObject]@{
TranscriptStartTime = $TranscriptStartTime
UserName = $UserName
RunAsUser = $RunAsUser
ComputerName = $ComputerName
HostApplication = $HostApplication
ProcessId = $ProcessId
PSVersion = $PSVersion
CommandStartTime = $CommandStartTime
CommandContext = $sb.ToString()
}
}
# Reset
$sb = New-Object System.Text.StringBuilder
break
}
2 {
$count = 0
# Write-Verbose "count is 2 and Line is $Line"
$sb = New-Object System.Text.StringBuilder
break
}
default {}
}
# Get the last command
if ($LineCounter -eq $TotalLines) {
if (-not($TranscriptEnded)) {
[PSCustomObject]@{
TranscriptStartTime = $TranscriptStartTime
UserName = $UserName
RunAsUser = $RunAsUser
ComputerName = $ComputerName
HostApplication = $HostApplication
ProcessId = $ProcessId
PSVersion = $PSVersion
CommandStartTime = $CommandStartTime
CommandContext = $sb.ToString()
}
}
}
}
}
End {}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment