Ticket #1058: events.au3

File events.au3, 1.5 KB (added by twillster, on Jul 7, 2009 at 11:26:34 PM)

au3 to test description output

Line 
1;4624
2;4672
3;4647
4#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
5#AutoIt3Wrapper_Version=beta
6#AutoIt3Wrapper_icon=pebkac.ico
7#AutoIt3Wrapper_Change2CUI=y
8#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
9;Irongeek's sloppy code for the PEBKAC Attack on the Windows Security Event Log, http://irongeek.com
10#include <EventLog.au3>
11#include <String.au3>
12#include <array.au3>
13_Main()
14
15Func _Main()
16 Local $hEventLog
17
18ConsoleWrite ("Irongeek's PEBKAC Attack on the Windows Security Event Log ver .1" & @CRLF)
19; Get log to work on
20if $CmdLine[0] > 0 then
21 $box=$CmdLine[1]
22 ConsoleWrite ("Working on " & $box & "..." & @CRLF)
23else
24 $box=""
25endif
26$hEventLog = _EventLog__Open( $box, "System")
27;$hEventLog = _EventLog__OpenBackup("", "c:\WINDOWS\system32\config\security")
28$x=_EventLog__Count ($hEventLog)
29;Iterate through log
30MsgBox(1,"test",$x)
31For $i=0 To $x
32 $aEvent = _EventLog__Read($hEventLog)
33 ;if $aEvent[6] = "4624" then
34 for $j=0 to 14
35 ConsoleWrite($j & ": " & $aEvent[$j] & @CRLF )
36 next
37 ;msgbox(0,"",$aEvent[13] & @CRLF )
38 ;$gooduser=GrabUsername ($aEvent[13])
39 ;ConsoleWrite ("Successful Login (" & $aEvent[1] & "): " & $gooduser & @CRLF)
40 ;endif
41next
42_EventLog__Close($hEventLog)
43
44EndFunc ;==>_Main
45
46Func GrabUsername($eventdescription)
47 $aArray =_StringBetween($eventdescription,"User Name:", @cr)
48 If IsArray($aArray) Then
49 return StringStripWS($aArray[0], 1)
50 EndIf
51EndFunc