I am using powershell to sift through my event log in event viewer. The challenge is to locate specific character sets inside the message detail and to display both the events with those character sets and the individual character sets themselves.
Right now, I have the following:
Get-WinEvent -FilterHashTable #{LogName="Application"; id=1035} -MaxEvents 10 | where {$_.message -like "* Visual C++ *" }
This script will return the events that have messages with Visual C++ inside, however there is a set of about 7 characters after that ranging in letter and number. I need to extract those 7 characters and print them exclusively. Thank you for all help.
Related
Is there a way detect size of taskbar buttons (small or large) on Windows 7,10?
There is a registry that could be used HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\TaskbarSmallIcons but I don't know if electron provides ability read registry
You can do this with 2 methods, they all would query the registry key on your application load, and you could send the data either via IPC from your main to the render process or as preload script in the render process only.
Spawn a process that executes reg query or similiar and you then parse the result string. I personally would do it via Get-ItemProperty in powershell. (simple)
This should return you the value as a JSON
Get-ItemProperty -Path Registry::HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarSmallIcons | Select-Object -Property TaskbarSmallIcons | ConvertTo-Json
Create/Use a native node module to call the Windows API (harder)
I wrote a script to send a notification in Windows 10 but it failed SILENTLY. Then I realised that the Notifications was turned off. But I can't seem to find if there is a command to check if Notification is turned on or off.
How do I programmatically check if the Notification is On or Off?
There is no direct way to check this using PowerShell,
But may be you can check registry value and get that value returned and go for if-else condition to fulfill your code.
Usually the value of ToastEnabled DWORD located at
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\PushNotifications says the status of PushNotifications
If ToastEnabled DWORD,
0 = PushNotifications Turn off
1 = PushNotifications Turn on
Below code will help you to read , whether that value is 1 or 0.
$key = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\PushNotifications'
(Get-ItemProperty -Path $key -Name ToastEnabled).ToastEnabled
Also, if you wish you can check whether "Action Center in Windows" has been disabled
$key2 = 'HKCU:\Software\Policies\Microsoft\Windows\Explorer'
(Get-ItemProperty -Path $key -Name DisableNotificationCenter).DisableNotificationCenter
Note DisableNotificationCenter is not a default key just like ToastEnabled. Someone has to manually create it. So if that has not been created, you will not see 0. Instead you may get
Get-ItemProperty : Property DisableNotificationCenter does not exist at path
I'm hoping to find a solution that doesn't require a large block of text / code, hopefully only 1 or 2 lines in a .bat script.
So far the main PowerShell call that does these 2 things is the Get-PhysicalDisk, MediaType and Size,
But Size doesn't automatically abbreviate to GB / TB, but I know it or Format Table can, because it does abbreviate to GB / TB if the column it is listed in is restricted in size (width), but I can't figure out a way to force it to?
The standard entry I've used from command prompt is:
PowerShell "Get-PhysicalDisk | FT -AutoSize"
Which gives me something like:
Output on Command-Line
Which looks perfectly fine so long as your HDD / SDDs don't have some insanely long Serial #. In which case you don't even get to see the size. But the real issue is if you want to customize this so you always see the Size ie: PowerShell "Get-PhysicalDisk | FT Size, MediaType, FriendlyName, HealthStatus, OperationalStatus -hideTableHeaders -auto"
Now the size doesn't get summarized in GB, it gets the full number treatment like so:
Output on Command-Line
So is there a way to format or adjust this simply so it'll list in GB, while also having a listed Media Type? (forgot to add that in the end reminder) and if it has to be with a script does anyone have a succinct one?
~TY in advance!
An additional Q, using PowerShell "Get-Disk | FT -auto"
I get a good abbrev in GB as well, but can't |FT the "Total Size" since it has a space in it? or is there a trick to that?
Output on Command-Line
Apply Using PowerShell's Calculated Properties article e.g. as follows:
Get-PhysicalDisk |
Format-Table -Property #{Name='Size GB'; Expression={$_.Size / 1GB}},
MediaType, FriendlyName, HealthStatus, OperationalStatus -AutoSize
I wish to send input to multiple emulated mice using dsf(device simulation framework) incuded in the current windows ddk. My code is below the problem is device manager recogizes the device got added but my program (mouse mischief - also microsoft) doesnt create the addtional pointer like its supposed to:
WriteLine "Create first input report to send to the consumer control"
Dim strMessage
strMessage = "Press Enter key to stop looping"
WriteLine strMessage
Do While NOT WScript.StdIn.AtEndOfLine
Dim InputReport1(4)
InputReport1(0) = CByte(0)
InputReport1(1) = CByte(100)
InputReport1(2) = CByte(100)
InputReport1(3) = CByte(0)
InputReport1(4) = CByte(0)
'PromptAndWaitForEnterKey "Queue input reports for processing"
GenericHIDDev.QueueInputReport(InputReport1), 10
'PromptAndWaitForEnterKey "Wait for the device to finish enumerating. Press enter to start processing input reports."
GenericHIDDev.StartProcessing
'WriteLine "You may send additional input reports at this time..."
'PromptAndWaitForEnterKey "Press enter at any time to stop processing input reports and start cleanup."
GenericHIDDev.StopProcessing
Input = WScript.StdIn.Read(1)
Loop
Note: this is the only section i modified of the TestGenericHid sample included with the dsf in the windows ddk(device driver kit). After install of windows ddk go to c:\Program Files\dsf\GenericHid or something similar to access the vbscript file.
Need mousmischief and windows ddk to fully understand whats going on and to correctly answer this. Dont worry all samples are in vbscript and can be redone in vb.net but i dont wish to waste time converting until i get the vbscript to work.
I have since I posted this got it working with multiple mouse and within 2-3 months time will have a nice beta upload of my whole kinectmultipoint project here:
http://kinectmultipoint.codeplex.com
The code above is in a zip file at the address above in the preceding sentence.
I was wondering if there is any feature in Visual Studio 2008 that would show me data stored at address XY? Specifically I need to check data the pointer points to. Something like this:
BYTE *pMem = (BYTE*)GlobalAlloc(GMEM_FIXED | GMEM_ZEROINIT, FileSize);
<do some magic at pMem+offset1>
//bug occurs, need to check data at pMem+offset2>
Basicly the "Locals" window shows me only first few bytes of the *pMem while I need to see 100th byte for example.
Of course I can store it in some another variable and check it when the execution hits the breakpoint but thats not as much handy/quick as looking at some window or writing some command somewhere in special console while the app is paused.
Thanks for any info.
Kra
P.S. its C++, not managed code
Use a memory Window (Debug | Windows | Memory) of which there are four to look at four different areas of memory.
Enter the address or expression that gives the address and you'll see the memory. VS will highlight the changes as you step through code).