From 8f66dfaafa9f58085dc625d11fd275dce9c10f10 Mon Sep 17 00:00:00 2001
From: Manuel Thalmann <m@nuth.ch>
Date: Fri, 22 Mar 2024 14:51:17 +0100
Subject: [PATCH] Fix non-functioning events

---
 scripts/Windows/OS/User/Add.ps1 | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/scripts/Windows/OS/User/Add.ps1 b/scripts/Windows/OS/User/Add.ps1
index db271138..f4b5a4dc 100644
--- a/scripts/Windows/OS/User/Add.ps1
+++ b/scripts/Windows/OS/User/Add.ps1
@@ -141,7 +141,17 @@ function Start-EventDrivenTask() {
         )
         $identifier = "EventLog$EventID";
         Write-EventLog -LogName Application -Source "Application" -EventId $EventID -Message "This event was created by $env:Username";
-        Register-WmiEvent -Query "SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent' AND EventIdentifier=$EventID" -SourceIdentifier "$identifier";
+
+        $applicationLog = Get-EventLog -List | Where-Object { $_.Log -eq "Application" };
+
+        Register-ObjectEvent -InputObject $applicationLog -EventName EntryWritten -Action {
+            $entry = $event.SourceEventArgs.Entry;
+
+            if ($entry.EventID -eq $EventID) {
+                New-Event -SourceIdentifier $identifier;
+            }
+        };
+
         Wait-Event -SourceIdentifier $identifier;
     } -args $EventID
 }