Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!

v27.00.17: PSHELL /S dosn't do nothing

Sep
134
1
1609156466788.png
 
Run the command from a PowerShell command prompt.

I just ran the following;
Code:
e:\utils>pshell /s "Get-EventLog -LogName System -Source "EventLog" -EntryType Error | Where {$_.EventID -eq 6008}"
and it returned nothing.

When I ran it from a PowerShell command prompt, it returned;
Code:
PS E:\utils> Get-EventLog -LogName System -Source "EventLog" -EntryType Error | Where {$_.EventID -eq 6008}
Get-EventLog : No matches found
At line:1 char:1
+ Get-EventLog -LogName System -Source "EventLog" -EntryType Error | Wh ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (:) [Get-EventLog], ArgumentException
    + FullyQualifiedErrorId : GetEventLogNoEntriesFound,Microsoft.PowerShell.Commands.GetEventLogCommand

Joe
Code:
     _x64: 1
   _admin: 1
_elevated: 1

TCC  27.00.17 x64   Windows 10 [Version 10.0.18363.1256]
 
Joe, try it with the command, as seen in the screenshot:
PShell /S "Get-EventLog System -Source 'Microsoft-Windows-Kernel-Power' -newest 25 | Where-Object {$_.InstanceID -eq 42} |Format-Table Timegenerated"
or
Get-EventLog System -Source 'Microsoft-Windows-Kernel-Power' -newest 25 | Where-Object {$_.InstanceID -eq 42} |Format-Table Timegenerated
then it shoutl work.
 
What's the point here? When I run Peter's PSHELL command I get nothing. And I also get nothing when I run it in Powershell. I suspect there are no such events.

But PSHELL /S does, in general, work.

Code:
v:\> PShell /S "Get-EventLog System -Source 'w32tmsvc' -newest 5 | Format-Table Timegenerated"

TimeGenerated
-------------
2020-12-28 02:18:27
2020-12-27 02:18:27
2020-12-26 02:18:29
2020-12-25 02:18:27
2020-12-24 02:18:27
 
Here's what I got;
Code:
e:\utils>pshell /s "Get-EventLog System -Source 'Microsoft-Windows-Kernel-Power' -newest 25 | Where-Object {$_.InstanceID -eq 42} |Format-Table Timegenerated"

TimeGenerated
-------------
2020-11-12 1:03:45 PM

I have found that the 3rd-party PowerShell used from TCC does not display error output, which makes it appear as if the command has done nothing, when in fact, there was nothing to return, except the error output.

Joe
 
Even when I use my own PowerShell addin, I get the same as TCC/PShell;
Code:
e:\utils>runspace.exe test1.ps1 & echo End Of Job

TimeGenerated
-------------
2020-11-12 1:03:45 PM




End Of Job

Test1.ps1
Code:
Get-EventLog System -Source 'Microsoft-Windows-Kernel-Power' -newest 25 | Where-Object {$_.InstanceID -eq 42} |Format-Table Timegenerated

Joe
 
Try it without the event-ID, it maybe that this Event (Goto Sleep) is not recorded on Your machines.
Get-EventLog System -Source 'Microsoft-Windows-Kernel-Power' -newest 5
This should give a result in PowerShell:
1609181329569.png

V22:
1609181300370.png

V27:
1609181263840.png
 
Code:
e:\utils>pshell /s "Get-EventLog System -Source 'Microsoft-Windows-Kernel-Power' -newest 5"

   Index Time          EntryType   Source                 InstanceID Message
   ----- ----          ---------   ------                 ---------- -------
  122369 Dec 25 11:09  Information Microsoft-Windows...          172 The desc...
  122305 Dec 25 11:08  Information Microsoft-Windows...          109 The desc...
  121715 Dec 23 09:51  Information Microsoft-Windows...          172 The desc...
  121648 Dec 23 09:50  Information Microsoft-Windows...          109 The desc...
  120866 Dec 19 19:04  Information Microsoft-Windows...          172 The desc...

Joe
Code:
     _x64: 1
   _admin: 1
_elevated: 1

TCC  27.00.17 x64   Windows 10 [Version 10.0.18363.1256]
 
Found ! The reason is the "empty" environment, especially the path. I have a script
in my starting sequence wich uses the ENDLOCAL var var2 etc, this cleans the Environment
and lead to the state, that TCC will not found Powershell.
So I've created a workaround with SET > varlist / SET /R varlist til JPSoft the bug has removed.
 

Similar threads

Back
Top