Tweet
เครื่องพีซีแฮ็งค์ครับ
สเป็ค- บอร์ด AFOX IG41-MA7 ,ซีพียู Q 8200, แรม 4 GB(2x2), การ์ดจอ ไม่มี ,เพาเวอร์ ซิลเวอร์สโตน 650, วินโดว์ 11/64 บิท เวอร์ชั่น 22H2
Log Detail
Log Name: Windows PowerShell
Source: PowerShell
Date: 11/5/2022 1:09:30 PM
Event ID: 403
Task Category: Engine Lifecycle
Level: Information
Keywords: Classic
User: N/A
Computer: DESKTOP-CRDV4TC
Description:
Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.22621.608
HostId=44cbf24e-6c59-44ef-915d-0cd058906030
HostApplication=powershell.exe -ExecutionPolicy Restricted -Command $Res = 0; $ContIdOfs = 8; $ChCntOfs = 10; $MaskOfs = 28; $ExpContId = [Byte[]]@(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff); $ExpChCnt = [Byte[]]@(0x04,0x00); $ExpMask = [Byte[]]@(0x33,0x00,0x00,0x00); $RootKeyPath = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture'; $Devices = Get-ChildItem -Path $RootKeyPath | Where-Object { $_.GetValue('DeviceState') -eq 1 }; foreach ($Device in $Devices) { $PropertiesKeyPath = 'Registry::' + $Device.Name + '\Properties'; if (Test-Path -Path $PropertiesKeyPath) { $Properties = Get-ItemProperty -Path $PropertiesKeyPath; $ContIdKeyData = $Properties.'{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c},2'; if (-not $ContIdKeyData) { continue; } $ContId = $ContIdKeyData[$ContIdOfs..$($ContIdOfs + $ExpContId.Count - 1)]; $MixFormatData = $Properties.'{3d6e1656-2e50-4c4c-8d85-d0acae3c6c68},2'; if (-not $MixFormatData) { $MixFormatData = $Properties.'{3d6e1656-2e50-4c4c-8d85-d0acae3c6c68},3'; } if (-not $MixFormatData) { continue; } $ChCnt = $MixFormatData[$ChCntOfs..$($ChCntOfs + $ExpChCnt.Count - 1)]; $Mask = $MixFormatData[$MaskOfs..$($MaskOfs + $ExpMask.Count - 1)]; if ($ContId -and $ChCnt -and $Mask -and (Compare-Object $ContId $ExpContId).Length -eq 0 -and (Compare-Object $ChCnt $ExpChCnt).Length -eq 0 -and (Compare-Object $Mask $ExpMask).Length -eq 0) { $Res = 1; break; } } } Write-Host 'Final result:', $Res;
EngineVersion=5.1.22621.608
RunspaceId=f0c77ef5-64b8-41ca-b74d-346387a98e61
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="PowerShell" />
<EventID Qualifiers="0">403</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>4</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-11-05T06:09:30.6984875Z" />
<EventRecordID>112</EventRecordID>
<Correlation />
<Execution ProcessID="8580" ThreadID="0" />
<Channel>Windows PowerShell</Channel>
<Computer>DESKTOP-CRDV4TC</Computer>
<Security />
</System>
<EventData>
<Data>Stopped</Data>
<Data>Available</Data>
<Data> NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.22621.608
HostId=44cbf24e-6c59-44ef-915d-0cd058906030
HostApplication=powershell.exe -ExecutionPolicy Restricted -Command $Res = 0; $ContIdOfs = 8; $ChCntOfs = 10; $MaskOfs = 28; $ExpContId = [Byte[]]@(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff); $ExpChCnt = [Byte[]]@(0x04,0x00); $ExpMask = [Byte[]]@(0x33,0x00,0x00,0x00); $RootKeyPath = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture'; $Devices = Get-ChildItem -Path $RootKeyPath | Where-Object { $_.GetValue('DeviceState') -eq 1 }; foreach ($Device in $Devices) { $PropertiesKeyPath = 'Registry::' + $Device.Name + '\Properties'; if (Test-Path -Path $PropertiesKeyPath) { $Properties = Get-ItemProperty -Path $PropertiesKeyPath; $ContIdKeyData = $Properties.'{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c},2'; if (-not $ContIdKeyData) { continue; } $ContId = $ContIdKeyData[$ContIdOfs..$($ContIdOfs + $ExpContId.Count - 1)]; $MixFormatData = $Properties.'{3d6e1656-2e50-4c4c-8d85-d0acae3c6c68},2'; if (-not $MixFormatData) { $MixFormatData = $Properties.'{3d6e1656-2e50-4c4c-8d85-d0acae3c6c68},3'; } if (-not $MixFormatData) { continue; } $ChCnt = $MixFormatData[$ChCntOfs..$($ChCntOfs + $ExpChCnt.Count - 1)]; $Mask = $MixFormatData[$MaskOfs..$($MaskOfs + $ExpMask.Count - 1)]; if ($ContId -and $ChCnt -and $Mask -and (Compare-Object $ContId $ExpContId).Length -eq 0 -and (Compare-Object $ChCnt $ExpChCnt).Length -eq 0 -and (Compare-Object $Mask $ExpMask).Length -eq 0) { $Res = 1; break; } } } Write-Host 'Final result:', $Res;
EngineVersion=5.1.22621.608
RunspaceId=f0c77ef5-64b8-41ca-b74d-346387a98e61
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>
</EventData>
</Event>
สเป็ค- บอร์ด AFOX IG41-MA7 ,ซีพียู Q 8200, แรม 4 GB(2x2), การ์ดจอ ไม่มี ,เพาเวอร์ ซิลเวอร์สโตน 650, วินโดว์ 11/64 บิท เวอร์ชั่น 22H2
Log Detail
Log Name: Windows PowerShell
Source: PowerShell
Date: 11/5/2022 1:09:30 PM
Event ID: 403
Task Category: Engine Lifecycle
Level: Information
Keywords: Classic
User: N/A
Computer: DESKTOP-CRDV4TC
Description:
Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.22621.608
HostId=44cbf24e-6c59-44ef-915d-0cd058906030
HostApplication=powershell.exe -ExecutionPolicy Restricted -Command $Res = 0; $ContIdOfs = 8; $ChCntOfs = 10; $MaskOfs = 28; $ExpContId = [Byte[]]@(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff); $ExpChCnt = [Byte[]]@(0x04,0x00); $ExpMask = [Byte[]]@(0x33,0x00,0x00,0x00); $RootKeyPath = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture'; $Devices = Get-ChildItem -Path $RootKeyPath | Where-Object { $_.GetValue('DeviceState') -eq 1 }; foreach ($Device in $Devices) { $PropertiesKeyPath = 'Registry::' + $Device.Name + '\Properties'; if (Test-Path -Path $PropertiesKeyPath) { $Properties = Get-ItemProperty -Path $PropertiesKeyPath; $ContIdKeyData = $Properties.'{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c},2'; if (-not $ContIdKeyData) { continue; } $ContId = $ContIdKeyData[$ContIdOfs..$($ContIdOfs + $ExpContId.Count - 1)]; $MixFormatData = $Properties.'{3d6e1656-2e50-4c4c-8d85-d0acae3c6c68},2'; if (-not $MixFormatData) { $MixFormatData = $Properties.'{3d6e1656-2e50-4c4c-8d85-d0acae3c6c68},3'; } if (-not $MixFormatData) { continue; } $ChCnt = $MixFormatData[$ChCntOfs..$($ChCntOfs + $ExpChCnt.Count - 1)]; $Mask = $MixFormatData[$MaskOfs..$($MaskOfs + $ExpMask.Count - 1)]; if ($ContId -and $ChCnt -and $Mask -and (Compare-Object $ContId $ExpContId).Length -eq 0 -and (Compare-Object $ChCnt $ExpChCnt).Length -eq 0 -and (Compare-Object $Mask $ExpMask).Length -eq 0) { $Res = 1; break; } } } Write-Host 'Final result:', $Res;
EngineVersion=5.1.22621.608
RunspaceId=f0c77ef5-64b8-41ca-b74d-346387a98e61
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="PowerShell" />
<EventID Qualifiers="0">403</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>4</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-11-05T06:09:30.6984875Z" />
<EventRecordID>112</EventRecordID>
<Correlation />
<Execution ProcessID="8580" ThreadID="0" />
<Channel>Windows PowerShell</Channel>
<Computer>DESKTOP-CRDV4TC</Computer>
<Security />
</System>
<EventData>
<Data>Stopped</Data>
<Data>Available</Data>
<Data> NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.22621.608
HostId=44cbf24e-6c59-44ef-915d-0cd058906030
HostApplication=powershell.exe -ExecutionPolicy Restricted -Command $Res = 0; $ContIdOfs = 8; $ChCntOfs = 10; $MaskOfs = 28; $ExpContId = [Byte[]]@(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff); $ExpChCnt = [Byte[]]@(0x04,0x00); $ExpMask = [Byte[]]@(0x33,0x00,0x00,0x00); $RootKeyPath = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture'; $Devices = Get-ChildItem -Path $RootKeyPath | Where-Object { $_.GetValue('DeviceState') -eq 1 }; foreach ($Device in $Devices) { $PropertiesKeyPath = 'Registry::' + $Device.Name + '\Properties'; if (Test-Path -Path $PropertiesKeyPath) { $Properties = Get-ItemProperty -Path $PropertiesKeyPath; $ContIdKeyData = $Properties.'{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c},2'; if (-not $ContIdKeyData) { continue; } $ContId = $ContIdKeyData[$ContIdOfs..$($ContIdOfs + $ExpContId.Count - 1)]; $MixFormatData = $Properties.'{3d6e1656-2e50-4c4c-8d85-d0acae3c6c68},2'; if (-not $MixFormatData) { $MixFormatData = $Properties.'{3d6e1656-2e50-4c4c-8d85-d0acae3c6c68},3'; } if (-not $MixFormatData) { continue; } $ChCnt = $MixFormatData[$ChCntOfs..$($ChCntOfs + $ExpChCnt.Count - 1)]; $Mask = $MixFormatData[$MaskOfs..$($MaskOfs + $ExpMask.Count - 1)]; if ($ContId -and $ChCnt -and $Mask -and (Compare-Object $ContId $ExpContId).Length -eq 0 -and (Compare-Object $ChCnt $ExpChCnt).Length -eq 0 -and (Compare-Object $Mask $ExpMask).Length -eq 0) { $Res = 1; break; } } } Write-Host 'Final result:', $Res;
EngineVersion=5.1.22621.608
RunspaceId=f0c77ef5-64b8-41ca-b74d-346387a98e61
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>
</EventData>
</Event>