dstaulcu · October 17, 2015 21:18 · dstaulcu · Oct 17, 2015
diff --git a/get-remoteprocmon.bat b/get-remoteprocmon.bat
 @echo off
 echo.

 REM check usage
 if not exist .\procmon.exe goto ERR_RES
 if not exist .\psexec.exe goto ERR_RES
 set HOSTNAME=%1
 if not defined HOSTNAME goto USAGE

 REM check to see if remote host is online
 echo -Checking remote host availability
 ping -n 1 -w 300 %HOSTNAME% | find /i "REPLY" >NUL
 if errorlevel 1 goto ERR_OFFLINE

 REM check that you have remote admin access
 echo -Checking remote host access level
 dir \\%HOSTNAME%\C$ >nul 
 if errorlevel 1 goto ERR_ACCESS

 REM copy resource files to remote directory
 echo -Copying resources to remote host
 if not exist "\\%HOSTNAME%\C$\LocalApps" md "\\%HOSTNAME%\C$\LocalApps"
 if not exist "\\%HOSTNAME%\C$\LocalApps\ProcMonCapture" md "\\%HOSTNAME%\C$\LocalApps\ProcMonCapture"
 copy .\procmon.exe "\\%HOSTNAME%\C$\LocalApps\ProcMonCapture" /y >nul

 REM start remote resource (do not wait for completion)
 echo -Launching procmon remotely
 psexec.exe -d -s \\%HOSTNAME% "C:\LocalApps\ProcMonCapture\procmon.exe" /AcceptEula /Nofilter /BackingFile C:\LocalApps\ProcMonCapture\Capture.PML >nul 2>&1

 REM prompt user for go-ahead to stop remote resource
 echo.
 echo Capture in progress. Press any key to stop...
 echo.
 pause >nul

 REM stop remote resource (wait for completion)
 echo -Terminating capture
 psexec.exe -s \\%HOSTNAME% "c:\LocalApps\ProcMonCapture\procmon.exe" /AcceptEula /Quiet /Terminate >nul 2>&1

 REM copy logfiles created by remote resource
 echo -Copying trace logs
 if not exist ".\Captures" md ".\Captures"
 if not exist ".\Captures\%HOSTNAME%" md ".\Captures\%HOSTNAME%"
 copy "\\%HOSTNAME%\C$\LocalApps\ProcMonCapture\*.PML" ".\Captures\%HOSTNAME%\*.PML" /y >nul

 REM remove remote resource files
 echo -Cleaning up remote resource files
 rmdir /s /q "\\%HOSTNAME%\C$\LocalApps\ProcMonCapture"

 REM print out the take
 echo -Operation complete! Captures available in .\Captures\%HOSTNAME%\*.PML

 echo.
 CHOICE /C YN /M "Review capture file now? "
 if errorlevel 2 goto EOF
 if errorlevel 1 goto CAP_OPEN

 :CAP_OPEN
 ".\procmon.exe" /AcceptEula /Quiet /OpenLog ".\Captures\%HOSTNAME%\Capture.PML" 
 goto EOF

 :ERR_RES
 echo ERROR: script resoures not available
 echo please ensure psexec.exe and procmon.exe are in same directory as script.
 goto EOF

 :USAGE
 echo ERROR: missing argument ^<target_hostname^>
 goto EOF


 :ERR_OFFLINE
 echo ERROR: specified host is not available (%HOSTNAME%)
 goto EOF

 :ERR_ACCESS
 echo ERROR: unable to access system volume on remote resource (%HOSTNAME%)
 goto EOF

 :EOF
 echo.
	@echo off
	echo.

	REM check usage
	if not exist .\procmon.exe goto ERR_RES
	if not exist .\psexec.exe goto ERR_RES
	set HOSTNAME=%1
	if not defined HOSTNAME goto USAGE

	REM check to see if remote host is online
	echo -Checking remote host availability
	ping -n 1 -w 300 %HOSTNAME% \| find /i "REPLY" >NUL
	if errorlevel 1 goto ERR_OFFLINE

	REM check that you have remote admin access
	echo -Checking remote host access level
	dir \\%HOSTNAME%\C$ >nul
	if errorlevel 1 goto ERR_ACCESS

	REM copy resource files to remote directory
	echo -Copying resources to remote host
	if not exist "\\%HOSTNAME%\C$\LocalApps" md "\\%HOSTNAME%\C$\LocalApps"
	if not exist "\\%HOSTNAME%\C$\LocalApps\ProcMonCapture" md "\\%HOSTNAME%\C$\LocalApps\ProcMonCapture"
	copy .\procmon.exe "\\%HOSTNAME%\C$\LocalApps\ProcMonCapture" /y >nul

	REM start remote resource (do not wait for completion)
	echo -Launching procmon remotely
	psexec.exe -d -s \\%HOSTNAME% "C:\LocalApps\ProcMonCapture\procmon.exe" /AcceptEula /Nofilter /BackingFile C:\LocalApps\ProcMonCapture\Capture.PML >nul 2>&1

	REM prompt user for go-ahead to stop remote resource
	echo.
	echo Capture in progress. Press any key to stop...
	echo.
	pause >nul

	REM stop remote resource (wait for completion)
	echo -Terminating capture
	psexec.exe -s \\%HOSTNAME% "c:\LocalApps\ProcMonCapture\procmon.exe" /AcceptEula /Quiet /Terminate >nul 2>&1

	REM copy logfiles created by remote resource
	echo -Copying trace logs
	if not exist ".\Captures" md ".\Captures"
	if not exist ".\Captures\%HOSTNAME%" md ".\Captures\%HOSTNAME%"
	copy "\\%HOSTNAME%\C$\LocalApps\ProcMonCapture\.PML" ".\Captures\%HOSTNAME%\.PML" /y >nul

	REM remove remote resource files
	echo -Cleaning up remote resource files
	rmdir /s /q "\\%HOSTNAME%\C$\LocalApps\ProcMonCapture"

	REM print out the take
	echo -Operation complete! Captures available in .\Captures\%HOSTNAME%\*.PML

	echo.
	CHOICE /C YN /M "Review capture file now? "
	if errorlevel 2 goto EOF
	if errorlevel 1 goto CAP_OPEN

	:CAP_OPEN
	".\procmon.exe" /AcceptEula /Quiet /OpenLog ".\Captures\%HOSTNAME%\Capture.PML"
	goto EOF

	:ERR_RES
	echo ERROR: script resoures not available
	echo please ensure psexec.exe and procmon.exe are in same directory as script.
	goto EOF

	:USAGE
	echo ERROR: missing argument ^<target_hostname^>
	goto EOF


	:ERR_OFFLINE
	echo ERROR: specified host is not available (%HOSTNAME%)
	goto EOF

	:ERR_ACCESS
	echo ERROR: unable to access system volume on remote resource (%HOSTNAME%)
	goto EOF

	:EOF
	echo.