def main(args): """ Main function of script. Creates object based on input parameters and calls common main. :param args: a dict of all args. :return: Does not return anything. """ # Create an INETETW instance with the parameters provided. job = INETETW( args['ring_buffer_size'], args['max_str_len'], args['min_buffers'], args['max_buffers'], args['level'], args['any_keywords'], args['all_keywords']) if args['default_filters'] is True: filters = ['WININET_USAGELOGREQUEST', 'WININET_CONNECT_HANDLE_CREATED', 'WININET_DNS_QUERYSTART', 'WININET_HTTP_REQUEST_HANDLE_CREATED', 'WININET_HTTPS_CLIENT_CERT_SELECTED', 'WININET_HTTPS_SERVER_CERT_VALIDATED', 'WININET_OPEN_URL_HANDLE_CREATED', 'WININET_ROOT_HANDLE_CREATED', 'WININET_TCP_CONNECTIONSTART'] else: filters = args['filters'] # call common run function to handle command line inout / output common.run('wininet_etw', job, filters, args['logfile'], args['no_conout'])
def main(args): """ Main function of script. Creates object based on input parameters and calls common main. :param args: a dict of all args. :return: Does not return anything. """ if args['default_filters'] is True: args['filters'] = [ 'THREADSTART', 'THREADSTOP', 'PROCESSSTART', 'PROCESSSTOP' ] args.pop('default_filters') # Create an PROCETW instance with the parameters provided. with PROCETW(**args): common.run('proc_etw', args['filters'])
def main(args): """ Main function of script. Creates object based on input parameters and calls common main. :param args: a dict of all args. :return: Does not return anything. """ if args['default_filters'] is True: args['filters'] = [ 'MICROSOFT-WINDOWS-TERMINALSERVICES-REMOTECONNECTIONMANAGER', 'SESSIONARBITRATION', 'NOTIFYLOGONTOLICENSING' ] args.pop('default_filters') # Create an RDPETW instance with the parameters provided. with RDPETW(**args): common.run('rdp_etw', args['filters'])
def main(args): """ Main function of script. Creates object based on input parameters and calls common main. :param args: a dict of all args. :return: Does not return anything. """ # Create an PROCETW instance with the parameters provided. job = PROCETW(args['ring_buffer_size'], args['max_str_len'], args['min_buffers'], args['max_buffers'], args['level'], args['any_keywords'], args['all_keywords']) if args['default_filters'] is True: filters = ['THREADSTART', 'THREADSTOP', 'PROCESSSTART', 'PROCESSSTOP'] else: filters = args['filters'] common.run('proc_etw', job, filters, args['logfile'], args['no_conout'])
def main(args): """ Main function of script. Creates object based on input parameters and calls common main. :param args: a dict of all args. :return: Does not return anything. """ # Create an RDPETW instance with the parameters provided. job = RDPETW(args['ring_buffer_size'], args['max_str_len'], args['min_buffers'], args['max_buffers'], args['level'], args['any_keywords'], args['all_keywords']) if args['default_filters'] is True: filters = [ 'MICROSOFT-WINDOWS-TERMINALSERVICES-REMOTECONNECTIONMANAGER', 'SESSIONARBITRATION', 'NOTIFYLOGONTOLICENSING' ] else: filters = args['filters'] common.run('rdp_etw', job, filters, args['logfile'], args['no_conout'])
def main(args): """ Main function of script. Creates object based on input parameters and calls common main. :param args: a dict of all args. :return: Does not return anything. """ if args['default_filters'] is True: args['filters'] = [ 'WININET_USAGELOGREQUEST', 'WININET_CONNECT_HANDLE_CREATED', 'WININET_DNS_QUERYSTART', 'WININET_HTTP_REQUEST_HANDLE_CREATED', 'WININET_HTTPS_CLIENT_CERT_SELECTED', 'WININET_HTTPS_SERVER_CERT_VALIDATED', 'WININET_OPEN_URL_HANDLE_CREATED', 'WININET_ROOT_HANDLE_CREATED', 'WININET_TCP_CONNECTIONSTART' ] args.pop('default_filters') # Create an INETETW instance with the parameters provided. with INETETW(**args): # call common run function to handle command line inout / output common.run('wininet_etw', args['filters'])