PowerShell/Scripts/crash_dumps.ps1

292 lines
10 KiB
PowerShell
Raw Normal View History

2020-05-25 21:21:40 +02:00
#!/snap/bin/powershell
2020-10-10 18:51:57 +02:00
2020-09-29 20:05:52 +02:00
# Syntax: ./crash_dumps.ps1
# Description: enables crash dumps
# Author: Markus Fleschutz
# Source: github.com/fleschutz/PowerShell
# License: CC0
2020-05-25 21:21:40 +02:00
##################################################################
2020-05-04 11:54:58 +02:00
# #
# Written by: Ryan Waters #
# #
# Program: Get-Dump.ps1 #
# Date: 2-06-2020 #
# Purpose: To set registry keys to gather a WER Usermode Dump #
# and be able to change from a custom, mini, or FULL #
# Dumps for ease of use for customers and others. #
# #
# EULA: Code is free to use for all, and free to distribute #
# I just ask that you leave the credit information and #
# this EULA and Comment Section in tact and do not delete. #
# #
# Bitwise Values: (For reference) #
# #
# 0x00000000 - MiniDumpNormal #
# 0x00000001 - MiniDumpWithDataSegs #
# 0x00000002 - MiniDumpWithFullMemory #
# 0x00000004 - MiniDumpWithHandleData #
# 0x00000008 - MiniDumpFilterMemory #
# 0x00000010 - MiniDumpScanMemory #
# 0x00000020 - MiniDumpWithUnloadedModules #
# 0x00000040 - MiniDumpWithIndirectlyReferenced #
# 0x00000080 - MemoryMiniDumpFilterModulePaths #
# 0x00000100 - MiniDumpWithProcessThreadData #
# 0x00000200 - MiniDumpWithPrivateReadWriteMemory #
# 0x00000400 - MiniDumpWithoutOptionalData #
# 0x00000800 - MiniDumpWithFullMemoryInfo #
# 0x00001000 - MiniDumpWithThreadInfo #
# 0x00002000 - MiniDumpWithCodeSegs #
# 0x00004000 - MiniDumpWithoutAuxiliaryState #
# 0x00008000 - MiniDumpWithFullAuxiliaryState #
# 0x00010000 - MiniDumpWithPrivateWriteCopyMemory #
# 0x00020000 - MiniDumpIgnoreInaccessibleMemory #
# 0x00040000 - MiniDumpWithTokenInformation #
# #
##################################################################
#Setting Values:
$MDN = '0'
$MDWDS = '1'
$MDWFM = '2'
$MDWHD = '4'
$MDFM = '8'
$MDSM = '10'
$MDWUM = '20'
$MDWIR = '40'
$MMDFMP = '80'
$MDWPTD = '100'
$MDWPRWM = '200'
$MDWOD = '400'
$MDWFMI = '800'
$MDWTI = '1000'
$MDWCS = '2000'
$MDWAS = '4000'
$MDWFAS = '8000'
$MDWPWCM = '10000'
$MDIIM = '20000'
$MDWTOI = '40000'
$a = $MDN
$b = $MDWDS
$c = $MDWFM
$d = $MDWHD
$e = $MDFM
$f = $MDSM
$g = $MDWUM
$h = $MDWIR
$i = $MMDFMP
$j = $MDWPTD
$k = $MDWPRWM
$l = $MDWOD
$m = $MDWFMI
$n = $MDWTI
$o = $MDWCS
$p = $MDWAS
$q = $MDWFAS
$r = $MDWPWCM
$s = $MDIIM
$t = $MDWTOI
$0x = "0x"
$array = @()
Clear-host
write-host "Setting up your machine to receive Usermode Dumps via WER."
Start-sleep -s 3
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpFolder" -Value "%LOCALAPPDATA%\CrashDumps" -PropertyType ExpandString -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpCount" -Value "10" -PropertyType DWORD -Force
clear-host
write-host "What would you like to do?"
write-host "(0) Disable Dumps and restore system to factory."
write-host "(1) Enable System for Full Dumps."
write-host "(2) Enable System for Mini Dumps."
write-host "(3) Enable System for custom dump with options."
$NCD = Read-Host "Enter a number option"
If ($NCD -eq '3')
{
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpType" -Value "0" -PropertyType DWORD -Force
Do
{
clear-host
write-host "Here are the optional custom dump to add to your custom dump parameters:"
write-host "(1) Mini Dump Normal"
write-host "(2) Mini Dump With Data Segs"
write-host "(3) Mini Dump With Full Memory"
write-host "(4) Mini Dump With Handle Data"
write-host "(5) Mini Dump Filter Memory"
write-host "(6) Mini Dump Scan Memory"
write-host "(7) Mini Dump With Unloaded Modules"
write-host "(8) Mini Dump With Indirectly Referenced"
write-host "(9) Memory Mini Dump Filter Module Paths"
write-host "(10) Mini Dump With Process Thread Data"
write-host "(11) Mini Dump With Private Read Write Memory"
write-host "(12) Mini Dump Without Optional Data"
write-host "(13) Mini Dump With Full Memory Info"
write-host "(14) Mini Dump With Thread Info"
write-host "(15) Mini Dump With Code Segs"
write-host "(16) Mini Dump Without Auxiliary State"
write-host "(17) Mini Dump With Full Auxiliary State"
write-host "(18) Mini Dump With Private Write Copy Memory"
write-host "(19) Mini Dump Ignore Inaccessible Memory"
write-host "(20) Mini Dump With Token Information"
$Option = Read-Host "Enter one number value at a time and press enter. (Press 'q' when finished)"
if($Option -eq '1')
{
$array += [int]$a
}
ElseIf($Option -eq '2')
{
$array += [int]$b
}
ElseIf($Option -eq '3')
{
$array += [int]$c
}
ElseIf($Option -eq '4')
{
$array += [int]$d
}
ElseIf($Option -eq '5')
{
$array += [int]$e
}
ElseIf($Option -eq '6')
{
$array += [int]$f
}
ElseIf($Option -eq '7')
{
$array += [int]$g
}
ElseIf($Option -eq '8')
{
$array += [int]$h
}
ElseIf($Option -eq '9')
{
$array += [int]$i
}
ElseIf($Option -eq '10')
{
$array += [int]$j
}
ElseIf($Option -eq '11')
{
$array += [int]$k
}
ElseIf($Option -eq '12')
{
$array += [int]$l
}
ElseIf($Option -eq '13')
{
$array += [int]$m
}
ElseIf($Option -eq '14')
{
$array += [int]$n
}
ElseIf($Option -eq '15')
{
$array += [int]$o
}
ElseIf($Option -eq '16')
{
$array += [int]$p
}
ElseIf($Option -eq '17')
{
$array += [int]$q
}
ElseIf($Option -eq '18')
{
$array += [int]$r
}
ElseIf($Option -eq '19')
{
$array += [int]$s
}
ElseIf($Option -eq '20')
{
$array += [int]$t
}
ElseIf($Option -eq 'q')
{
write-host "Closing application."
Start-Sleep -s 2
}
Else
{
write-host "Invalid Option, Try again."
Start-sleep -s 2
}
}
While($Option -ne "q")
$sum = $array -join '+'
$SumArray = Invoke-Expression $sum
$FinalSum = $0x + $SumArray
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "CustomDumpFlags" -Value "$FinalSum" -PropertyType DWORD -Force
write-host " "
write-host "Setting up the system for crash dumps requires a reboot"
}
ElseIf ($NCD -eq '0')
{
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpCount" -Force -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpType" -Force -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpFolder" -Force -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "CustomDumpFlags" -Force -ErrorAction SilentlyContinue
write-host " "
$reboot = read-host "Registry reset to factory settings and cleared. It is recommended to restart your machine, would you like to now?"
if($reboot -eq "Yes" -or $reboot -eq "Y" -or $reboot -eq "yes" -or $reboot -eq "y")
{
shutdown -r
}
Else
{
write-host "Please restart the machine for settings to take effect at your convenience."
}
}
ElseIf ($NCD -eq '1')
{
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpType" -Value "2" -PropertyType DWORD -Force
write-host "The computer has been set up to create a Full Sized Dump and will be located in %LOCALAPPDATA%\CrashDumps."
write-host "The computer must also restart for settings to take effect. Would you like to now? (Y/n)"
if($reboot -eq "Yes" -or $reboot -eq "Y" -or $reboot -eq "yes" -or $reboot -eq "y")
{
shutdown -r
}
Else
{
write-host "Please restart the machine for settings to take effect at your convenience."
}
}
ElseIf ($NCD -eq '2')
{
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpType" -Value "1" -PropertyType DWORD -Force
write-host "The computer has been set up to create a Mini Dump and will be located in %LOCALAPPDATA%\CrashDumps."
write-host "The computer must also restart for settings to take effect. Would you like to now? (Y/n)"
if($reboot -eq "Yes" -or $reboot -eq "Y" -or $reboot -eq "yes" -or $reboot -eq "y")
{
shutdown -r
}
Else
{
write-host "Please restart the machine for settings to take effect at your convenience."
}
}
Else
{
write-host "You did not enter a valid option. Please re-run Get-Dump.ps1"
start-sleep -s 5
2020-05-25 21:21:40 +02:00
}