Ticket #1058: events.au3

File events.au3, 1.5 KB (added by twillster, 10 years ago)

au3 to test description output

Line 
1;4624
2;4672
3;4647
4#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
5#AutoIt3Wrapper_Version=beta
6#AutoIt3Wrapper_icon=pebkac.ico
7#AutoIt3Wrapper_Change2CUI=y
8#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
9;Irongeek's sloppy code for the PEBKAC Attack on the Windows Security Event Log, http://irongeek.com
10#include <EventLog.au3>
11#include <String.au3>
12#include <array.au3>
13_Main()
14
15Func _Main()
16    Local $hEventLog
17
18ConsoleWrite ("Irongeek's PEBKAC Attack on the Windows Security Event Log ver .1" & @CRLF)
19; Get log to work on
20if $CmdLine[0] > 0 then
21    $box=$CmdLine[1]
22    ConsoleWrite ("Working on " & $box & "..." & @CRLF)
23else
24    $box=""
25endif
26$hEventLog = _EventLog__Open( $box, "System")
27;$hEventLog = _EventLog__OpenBackup("", "c:\WINDOWS\system32\config\security")
28$x=_EventLog__Count ($hEventLog)
29;Iterate through log
30MsgBox(1,"test",$x)
31For $i=0 To $x
32    $aEvent = _EventLog__Read($hEventLog)
33    ;if $aEvent[6] = "4624" then
34        for $j=0 to 14
35        ConsoleWrite($j & ":   " & $aEvent[$j] & @CRLF )
36        next
37        ;msgbox(0,"",$aEvent[13] & @CRLF )
38        ;$gooduser=GrabUsername ($aEvent[13])
39        ;ConsoleWrite ("Successful  Login (" & $aEvent[1] & "): " & $gooduser & @CRLF)
40    ;endif
41next
42_EventLog__Close($hEventLog)
43
44EndFunc   ;==>_Main
45
46Func GrabUsername($eventdescription)
47    $aArray =_StringBetween($eventdescription,"User Name:", @cr)
48    If IsArray($aArray) Then
49        return StringStripWS($aArray[0], 1)
50    EndIf
51EndFunc