Skip to content

Latest commit

 

History

History
215 lines (153 loc) · 5.78 KB

Get-ProfilingResults.md

File metadata and controls

215 lines (153 loc) · 5.78 KB
Raw

Module Name: Microsoft.Windows.Win32Isolation.ApplicationCapabilityProfiler

Get-ProfilingResults

SYNOPSIS

Retrieves capability access information from input ETL files.

SYNTAX

Get-ProfilingResults [[-EtlFilePaths] <string[]>] [-ExeNames <string[]>] [-ManifestPath <string>]
[-RecordsOutputPath <string>] [-SummaryOutputPath <string>] [-PackageNames <string[]>] [-Quiet]
[-ShowNoNameObjectFailures] [-WhatIf] [-Confirm] [<CommonParameters>]

DESCRIPTION

The Get-ProfilingResults cmdlet parses one or more specified ETL (Event Tracing for Windows) files to find access denied events for application packages and identifies capabilities that would allow the package to perform those accesses. It also outputs relevant information about the access denied events found for the packages.

EXAMPLES

Example 1: Parse trace captured via Start-Profiling/Stop-Profiling and output capability access information

Capability access information that can be matched to the application package manifest provided is automatically added to the manifest.

Get-ProfilingResults -EtlFilePaths C:\Logs\trace.etl -ManifestPath C:\Path\To\MyAppXManifest.xml

Example 2: Look for active trace logging session from Start-Profiling, collect trace and parse it.

If a trace logging session is currently active, Stop-Profiling will be called to attempt to collect a trace that can be parsed.

Get-ProfilingResults -ManifestPath C:\Path\To\MyAppXManifest.xml

Example 3: Parse multiple traces

Get-ProfilingResults -EtlFilePaths C:\Logs\trace1.etl, C:\Logs\trace2.etl

PARAMETERS

-EtlFilePaths

Specifies an array of paths to the ETL files from which profiling results should be retrieved. Get-ProfilingResults require an input ETL file. If not provided, the cmdlet will attempt to stop an active trace logging session and capture an ETL file from it.

Type: System.String[]
Parameter Sets: (All)
Aliases: Logs, l

Required: False
Position: 0
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ExeNames

Specifies an array of executable names to filter the profiling results. Only results related to the specified executables will be returned.

Type: System.String[]
Parameter Sets: (All)
Aliases: e

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ManifestPath

Specifies the path to the application package manifest file to be edited by the cmdlet with the identified capabilities. If the capabilities identified cannot be attributed to this manifest’s package, a copy of the manifest is generated for each package identified including the capabilities pertaining thereto.

Type: System.String
Parameter Sets: (All)
Aliases: m

Required: False
Position: Named
Default value: <working directory>\<package name>\AppXManfiest-Capabilities.xml
Accept pipeline input: False
Accept wildcard characters: False

-PackageNames

Specifies an array of package names to filter the profiling results. Only results related to the specified packages will be returned.

Type: System.String[]
Parameter Sets: (All)
Aliases: p, Packages

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-RecordsOutputPath

Specifies the path to a CSV file to save detailed access attempt information. If not specified, the default output path will be used.

Type: System.String
Parameter Sets: (All)
Aliases: r, RecordsOutput, RecordsPath

Required: False
Position: Named
Default value: <working directory>\AccessAttemptRecords.csv
Accept pipeline input: False
Accept wildcard characters: False

-ShowNoNameObjectFailures

Indicates whether to output summary information for access attempts to unidentified objects.

Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-SummaryOutputPath

Specifies the path to a TXT file to save a summary of the profiling results. If not specified, the default output path will be used.

Type: System.String
Parameter Sets: (All)
Aliases: s, SummaryPath, SummaryOutput

Required: False
Position: Named
Default value: <working directory>\summary.txt
Accept pipeline input: False
Accept wildcard characters: False

-Quiet

Indicates that the cmdlet runs in quiet mode, suppressing unnecessary output and prompts.

Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not executed.

Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

RELATED LINKS

Application capability profiler

Start-Profiling

Stop-Profiling

Merge-ProfilingResults