How to control procmon through python?

Question

I have a ProcMon Log file(PML). I have as set of rules in a json file(which keep on modifying). I want to write a script in python, which reads json file, creates a procmon filter(pmf) file, applies these filters to procmon and capture the resulting output in excel file.

Answer 1

First of all save the data of procmon in pml (you can change according to your logic)

start "" "path-to-Procmon.exe" /Backingfile events.xml && timeout /t 10 && taskkill /im Procmon.exe /f

after this convert it to xml if you want

procmon.exe /OpenLog events.pml /SaveAs1 capture.xml

Now you can use python to filter things

import xml.etree.ElementTree as ET

# Example XML data
xml_data = r'''
<root>
    <module>
        <Timestamp>133306891318592433</Timestamp>
        <BaseAddress>0x7ffd7e1d0000</BaseAddress>
        <Size>352256</Size>
        <Path>C:\Windows\System32\dlnashext.dll</Path>
        <Version>10.0.19041.1 (WinBuild.160101.0800)</Version>
        <Company>Microsoft Corporation</Company>
        <Description>DLNA Namespace DLL</Description>
    </module>
</root>
'''

# Parse the XML data
root = ET.fromstring(xml_data)

# Extract paths with condition "contains" starting with "C"
for module in root.findall('module'):
    path_element = module.find('Path')
    condition = path_element.attrib.get('condition')
    path = path_element.text
    if (condition == 'contains' and 'C' in path) or path.startswith('C'):
        print(path)