Change name Transluator to translator

.gitignore

@@ -3,18 +3,18 @@ ntTraceControl/obj/
 ntTraceControl/bin/
 ntTraceControl/.vs/
 
-Transluator/packages/
-Transluator/obj/
-Transluator/bin/
-Transluator/.vs/
+Translator/packages/
+Translator/obj/
+Translator/bin/
+Translator/.vs/
 
 *.dll
 *.pdb
 *.xml
+*.user
 
 ntTraceControlInstall/bin/
 ntTraceControlInstall/obj/
 
 .vs/
-
 packages/

README.md

@@ -1,18 +1,18 @@
 # ntTraceControl -- Powershell Event Tracing Toolbox
 
-ntTraceControl is a set of Powershell commands to `forge (generate)` Windows logs. Thus, ntTraceControl supports Detection teams to simply test detection use cases and alerts without using complex infrastructure, tools, or testing vulnerability.
+ntTraceControl is a set of Powershell commands to forge/generate Windows logs. Simply put, ntTraceControl supports Detection teams by simplifying the testing of detection use cases and alerts without using complex infrastructure, tools, or the testing of vulnerabilities.
 
 # Use Cases
 
 ## Generate command line : Write Sysmon Create Process Event
 
-Many detection teams rely on Sysmon to create advanced detection rules. ntTraceControl includes dedicated cmdlets for Sysmon through Write-SysmonEventId*:
+Many detection teams rely upon Sysmon to create advanced detection rules. ntTraceControl includes dedicated cmdlets for Sysmon through Write-SysmonEventId*:
 
 ```
 Write-SysmonEventId1 -Image mimikatz.exe -CommandLine "c:\Users\Admin\personal\mimikatz.exe" -ParentCommandLine "Get-Password.ps1"
 ```
 
-Thus, you can esaily generate a `fake` command line and test your use cases and alerts.
+Therefore, you can easily generate a `fake` command line to test your use cases and alerts.
 
 ![Sysmon Process Create Example](assets/example1.png)
 
@@ -74,7 +74,7 @@ In most cases, administrator rights are needed to produce a log.
 
 For security reasons, the Microsoft-Windows-Audit-Security provider is not managed using the straight API. Only the lsass process can emit Security logs. To simulate security logs, ntTraceControl will inject a payload into the lsass.exe process to call the proper API. So to achieve injection you must have system privileges.
 
-Next, the Transluator project is used to create Powershell functions, with strong type enforcement deduced from the ETW provider manifest. Sometimes we have to customize a little bit what is automatically extracted from the manifest, this is why we versioned the output files.
+Next, the Translator project is used to create Powershell functions, with strong type enforcement deduced from the ETW provider manifest. Sometimes we have to customize a little bit what is automatically extracted from the manifest, this is why we versioned the output files.
 
 For example the following command will Generate WriteSysmon.ps1 :
 
@@ -94,5 +94,5 @@ We generated functions for the following providers:
 |Microsoft-Windows-WMI-Activity|1418ef04-b0b4-4623-bf7e-d74ab47bbdaa|Write-WMIActivityEventId*|
 
 
-As generating new ones is only a call to the Transluator project, it will be easy to add more if needed.
+As generating new ones is only a call to the Translator project, it will be easy to add more if needed.
 

Transluator/DissectorPowershell.cs → Translator/DissectorPowershell.cs

@@ -3,12 +3,12 @@
 using System.IO;
 using System.Linq;
 
-namespace Transluator
+namespace Translator
 {
     static class DissectorPowershellTemplate
     {
         public const string PROVIDER = @"
-# This module was generated automaticaly using Transluator.exe
+# This module was generated automaticaly using Translator.exe
 # Some customs could be made afterwards to take into account some specificity of the provider (like Task or keywords arguments)
 # This is the module that handle the following provider
 # Name : {0}
@@ -20,10 +20,10 @@ Function Write-{0}EventId{1}
 {{
 <#
 .SYNOPSIS
-This function was generated using Transluator.exe
+This function was generated using Translator.exe
 If you modify it afterwards please add a comment
 
-Version 1.0 Transluator.exe
+Version 1.0 Translator.exe
 
 Symbol : {2}
 #>

Transluator/Manifest.cs → Translator/Manifest.cs

@@ -4,7 +4,7 @@
 using System.IO;
 using System.Collections.Generic;
 
-namespace Transluator
+namespace Translator
 {
     [XmlType("map")]
     public class Map

Transluator/Properties/AssemblyInfo.cs → Translator/Properties/AssemblyInfo.cs

@@ -5,11 +5,11 @@
 // General Information about an assembly is controlled through the following
 // set of attributes. Change these attribute values to modify the information
 // associated with an assembly.
-[assembly: AssemblyTitle("Transluator")]
+[assembly: AssemblyTitle("Translator")]
 [assembly: AssemblyDescription("")]
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("")]
-[assembly: AssemblyProduct("Transluator")]
+[assembly: AssemblyProduct("Translator")]
 [assembly: AssemblyCopyright("Copyright ©  2022")]
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]

Transluator/Transluator.cs → Translator/Translator.cs

@@ -6,12 +6,12 @@
 using System.Linq;
 using CommandLine;
 
-namespace Transluator
+namespace Translator
 {
     /// <summary>
-    /// This the main class of transluator
+    /// This the main class of translator
     /// </summary>
-	static class Transluator
+	static class Translator
     {
         public class Options
         {

Transluator/Transluator.csproj → Translator/Translator.csproj

@@ -7,8 +7,8 @@
     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
     <ProjectGuid>{C94A7057-8B74-40E4-803B-B389429B51AE}</ProjectGuid>
     <OutputType>Exe</OutputType>
-    <RootNamespace>Transluator</RootNamespace>
-    <AssemblyName>Transluator</AssemblyName>
+    <RootNamespace>Translator</RootNamespace>
+    <AssemblyName>Translator</AssemblyName>
     <TargetFrameworkVersion>v4.7.2</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <Deterministic>true</Deterministic>
@@ -39,40 +39,40 @@
   </PropertyGroup>
   <ItemGroup>
     <Reference Include="CommandLine, Version=2.8.0.0, Culture=neutral, PublicKeyToken=5a870481e358d379, processorArchitecture=MSIL">
-      <HintPath>..\ntTraceControl\packages\CommandLineParser.2.8.0\lib\net461\CommandLine.dll</HintPath>
+      <HintPath>..\packages\CommandLineParser.2.8.0\lib\net461\CommandLine.dll</HintPath>
     </Reference>
     <Reference Include="Dia2Lib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
-      <HintPath>..\ntTraceControl\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.76\lib\net45\Dia2Lib.dll</HintPath>
+      <HintPath>..\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.76\lib\net45\Dia2Lib.dll</HintPath>
       <EmbedInteropTypes>True</EmbedInteropTypes>
     </Reference>
     <Reference Include="Microsoft.Diagnostics.FastSerialization, Version=1.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
-      <HintPath>..\ntTraceControl\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.76\lib\net45\Microsoft.Diagnostics.FastSerialization.dll</HintPath>
+      <HintPath>..\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.76\lib\net45\Microsoft.Diagnostics.FastSerialization.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Diagnostics.Tracing.TraceEvent, Version=2.0.76.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
-      <HintPath>..\ntTraceControl\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.76\lib\net45\Microsoft.Diagnostics.Tracing.TraceEvent.dll</HintPath>
+      <HintPath>..\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.76\lib\net45\Microsoft.Diagnostics.Tracing.TraceEvent.dll</HintPath>
     </Reference>
     <Reference Include="OSExtensions, Version=1.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
-      <HintPath>..\ntTraceControl\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.76\lib\net45\OSExtensions.dll</HintPath>
+      <HintPath>..\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.76\lib\net45\OSExtensions.dll</HintPath>
     </Reference>
     <Reference Include="System" />
     <Reference Include="System.Core" />
     <Reference Include="System.Runtime.CompilerServices.Unsafe, Version=4.0.4.1, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
-      <HintPath>..\ntTraceControl\packages\System.Runtime.CompilerServices.Unsafe.4.5.2\lib\netstandard2.0\System.Runtime.CompilerServices.Unsafe.dll</HintPath>
+      <HintPath>..\packages\System.Runtime.CompilerServices.Unsafe.4.5.2\lib\netstandard2.0\System.Runtime.CompilerServices.Unsafe.dll</HintPath>
     </Reference>
     <Reference Include="System.Xml.Linq" />
     <Reference Include="System.Data.DataSetExtensions" />
     <Reference Include="Microsoft.CSharp" />
     <Reference Include="System.Data" />
     <Reference Include="System.Xml" />
     <Reference Include="TraceReloggerLib, Version=0.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
-      <HintPath>..\ntTraceControl\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.76\lib\net45\TraceReloggerLib.dll</HintPath>
+      <HintPath>..\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.76\lib\net45\TraceReloggerLib.dll</HintPath>
       <EmbedInteropTypes>True</EmbedInteropTypes>
     </Reference>
   </ItemGroup>
   <ItemGroup>
     <Compile Include="DissectorPowershell.cs" />
     <Compile Include="Manifest.cs" />
-    <Compile Include="Transluator.cs" />
+    <Compile Include="Translator.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
   </ItemGroup>
   <ItemGroup>
@@ -84,6 +84,6 @@
     <PropertyGroup>
       <ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
     </PropertyGroup>
-    <Error Condition="!Exists('..\ntTraceControl\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.76\build\Microsoft.Diagnostics.Tracing.TraceEvent.props')" Text="$([System.String]::Format('$(ErrorText)', '..\ntTraceControl\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.76\build\Microsoft.Diagnostics.Tracing.TraceEvent.props'))" />
+    <Error Condition="!Exists('..\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.76\build\Microsoft.Diagnostics.Tracing.TraceEvent.props')" Text="$([System.String]::Format('$(ErrorText)', '..\ntTraceControl\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.76\build\Microsoft.Diagnostics.Tracing.TraceEvent.props'))" />
   </Target>
 </Project>

ntTraceControl.sln

@@ -5,7 +5,7 @@ VisualStudioVersion = 16.0.32002.261
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ntTraceControl", "ntTraceControl\ntTraceControl.csproj", "{E9A388AB-42EF-4173-92D5-AB9F49F4370E}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Transluator", "Transluator\Transluator.csproj", "{C94A7057-8B74-40E4-803B-B389429B51AE}"
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Translator", "Translator\Translator.csproj", "{C94A7057-8B74-40E4-803B-B389429B51AE}"
 EndProject
 Project("{930C7802-8A8C-48F9-8165-68863BCCD9DD}") = "ntTraceControlInstall", "ntTraceControlInstall\ntTraceControlInstall.wixproj", "{3740C3CE-A458-4E28-8FBF-A59EA883DC0D}"
 	ProjectSection(ProjectDependencies) = postProject