-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathevtx_output.psm1
38 lines (27 loc) · 1.09 KB
/
evtx_output.psm1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
function evtx_output{
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Bypass -Force;
$wshell=New-Object -ComObject wscript.shell
Add-Type -AssemblyName Microsoft.VisualBasic
Add-Type -AssemblyName System.Windows.Forms
if($PSScriptRoot.length -eq 0){
$scriptRoot="C:\testing_AI\modules"
}
else{
$scriptRoot=$PSScriptRoot
}
$tcpath=(Split-Path -Parent $scriptRoot)+"\currentjob\TC.txt"
$tcnumber=((get-content $tcpath).split(","))[0]
$tcstep=((get-content $tcpath).split(","))[1]
$picpath=(Split-Path -Parent $scriptRoot)+"\logs\$($tcnumber)\"
$datenow=get-date -format "yyMMdd_HHmmss"
$evtlog="$picpath$($datenow)_System_Event.evtx"
wevtutil.exe epl System $evtlog
######### write log #######
Get-Module -name "outlog"|remove-module
$mdpath=(Get-ChildItem -path "C:\testing_AI\modules\" -r -file |Where-object{$_.name -match "outlog" -and $_.name -match "psm1"}).fullname
Import-Module $mdpath -WarningAction SilentlyContinue -Global
#write-host "Do $action!"
outlog $action $results $tcnumber $tcstep $index
}
export-modulemember -Function evtx_output