![]() process) # Accessing the process of the event "C:\Windows\system32\dwm.exe", 932 > for module in first_event. exe, Pid = 932, Operation = RegQueryValue, Path = "HKCU\Software\Microsoft\Windows\DWM\ColorPrevalence", Time = 7 / 12 / 2020 1: 18: 10.7752429 AM > print( first_event. > len( pml_reader) # number of logs 53214 > first_event = next( pml_reader) # reading the next event in the log > print( first_event) > from procmon_parser import ProcmonLogsReader > f = open( "LogFile.PML", "rb") ![]() > from procmon_parser import load_configuration, dump_configuration, Rule > with open( "ProcmonConfiguration.pmc", "rb") as f: Loading configuration of a pre-exported Procmon configuration: PMC (Process Monitor Configuration) Parser Usage Instead of having to convert the file to CSV/XML formats prior to loading.
0 Comments
Leave a Reply. |