Permalink
Browse files

Add README.

  • Loading branch information...
zacbrown committed Nov 5, 2016
1 parent a56f17b commit 88da7a12ccc67a0e9add6051f73620ff1ca60b59
Showing with 22 additions and 0 deletions.
  1. +22 −0 README.md
  2. BIN img/PowerShellMethodInvocation.PNG
@@ -0,0 +1,22 @@
# Introduction
This is an example project for demonstrating how to use
[krabsetw](https://github.com/Microsoft/krabsetw) and its .NET bindings to consume
events from the Microsoft-Windows-PowerShell Operational log.
The Microsoft-Windows-PowerShell Operational log exposes a number of events
through the event log as well as many others which are not written to the Event
Log and only available through ETW. This example project shows how to parse EID
7937, "PowerShell Method Invocation."
After loading the project in Visual Studio 2015 and compiling it,.you should be
able to run it. You'll then need to open a powershell.exe console and run a
function (e.g. Write-Host). You should then see something similar to the
following:
[example](img/PowerShellMethodInvocation.PNG)
# Requirements
* .NET 4.5.2 (krabsetw .NET bindings will work on 4.5 though)
* Visual Studio 2015
* Windows 7 or higher - tested on Windows 10
Binary file not shown.

0 comments on commit 88da7a1

Please sign in to comment.