Update raccine.cpp

[JohnLaTwC]

Adds optional Windows Event logging to Raccine. This allows collection of Raccine events to a SIEM and sigma rules :)

                                                                                                                                                                                                       Sigma Rule:                                                                                                                                                                                                                                                                                                                                                                                                        title: Raccine detected malicious activity                                                                                                                                                                status: experimental                                                                                                                                                                                      description: 'Auto-generated Sigma rule'                                                                                                                                                                  date: 2020-10-17                                                                                                                                                                                          references:                                                                                                                                                                                                   - Internal Research                                                                                                                                                                                   author: @JohnLaTwC                                                                                                                                                                                        logsource:                                                                                                                                                                                                    product: windows                                                                                                                                                                                      detection:                                                                                                                                                                                                    selection:                                                                                                                                                                                                    EventID: 2                                                                                                                                                                                                Level: 4                                                                                                                                                                                                  Task: 0                                                                                                                                                                                                   Keywords: '0x80000000000000'                                                                                                                                                                              Channel: 'Application'                                                                                                                                                                                condition: selection                                                                                                                                                                                  falsepositives:                                                                                                                                                                                               - Unknown                                                                                                                                                                                             level: medium                                                                                                                                                                                                                                                        

[Neo23x0]

Great.

I could add these commands mentioned in the comments in the batch installer.

/// This function will optionally log messages to the eventlog
/// To enable viewing in the eventlog run this command to create the message IDs for Raccine
/// As admin:
///  eventcreate.exe / L Application / T Information / id 1 / so Raccine / d "Raccine event message"
///  eventcreate.exe / L Application / T Information / id 2 / so Raccine / d "Raccine event message"
///
/// To configure event logging, set this registry key to 2
///  REG.EXE ADD HKCU\Software\Raccine / v Logging / t REG_DWORD / d 2