mirror of
https://github.com/fleschutz/PowerShell.git
synced 2024-11-26 01:43:37 +01:00
Added crash_dumps.ps1
This commit is contained in:
parent
f33ced2af8
commit
7d206acd21
283
crash_dumps.ps1
Executable file
283
crash_dumps.ps1
Executable file
@ -0,0 +1,283 @@
|
||||
##################################################################
|
||||
# #
|
||||
# Written by: Ryan Waters #
|
||||
# #
|
||||
# Program: Get-Dump.ps1 #
|
||||
# Date: 2-06-2020 #
|
||||
# Purpose: To set registry keys to gather a WER Usermode Dump #
|
||||
# and be able to change from a custom, mini, or FULL #
|
||||
# Dumps for ease of use for customers and others. #
|
||||
# #
|
||||
# EULA: Code is free to use for all, and free to distribute #
|
||||
# I just ask that you leave the credit information and #
|
||||
# this EULA and Comment Section in tact and do not delete. #
|
||||
# #
|
||||
# Bitwise Values: (For reference) #
|
||||
# #
|
||||
# 0x00000000 - MiniDumpNormal #
|
||||
# 0x00000001 - MiniDumpWithDataSegs #
|
||||
# 0x00000002 - MiniDumpWithFullMemory #
|
||||
# 0x00000004 - MiniDumpWithHandleData #
|
||||
# 0x00000008 - MiniDumpFilterMemory #
|
||||
# 0x00000010 - MiniDumpScanMemory #
|
||||
# 0x00000020 - MiniDumpWithUnloadedModules #
|
||||
# 0x00000040 - MiniDumpWithIndirectlyReferenced #
|
||||
# 0x00000080 - MemoryMiniDumpFilterModulePaths #
|
||||
# 0x00000100 - MiniDumpWithProcessThreadData #
|
||||
# 0x00000200 - MiniDumpWithPrivateReadWriteMemory #
|
||||
# 0x00000400 - MiniDumpWithoutOptionalData #
|
||||
# 0x00000800 - MiniDumpWithFullMemoryInfo #
|
||||
# 0x00001000 - MiniDumpWithThreadInfo #
|
||||
# 0x00002000 - MiniDumpWithCodeSegs #
|
||||
# 0x00004000 - MiniDumpWithoutAuxiliaryState #
|
||||
# 0x00008000 - MiniDumpWithFullAuxiliaryState #
|
||||
# 0x00010000 - MiniDumpWithPrivateWriteCopyMemory #
|
||||
# 0x00020000 - MiniDumpIgnoreInaccessibleMemory #
|
||||
# 0x00040000 - MiniDumpWithTokenInformation #
|
||||
# #
|
||||
##################################################################
|
||||
|
||||
#Setting Values:
|
||||
$MDN = '0'
|
||||
$MDWDS = '1'
|
||||
$MDWFM = '2'
|
||||
$MDWHD = '4'
|
||||
$MDFM = '8'
|
||||
$MDSM = '10'
|
||||
$MDWUM = '20'
|
||||
$MDWIR = '40'
|
||||
$MMDFMP = '80'
|
||||
$MDWPTD = '100'
|
||||
$MDWPRWM = '200'
|
||||
$MDWOD = '400'
|
||||
$MDWFMI = '800'
|
||||
$MDWTI = '1000'
|
||||
$MDWCS = '2000'
|
||||
$MDWAS = '4000'
|
||||
$MDWFAS = '8000'
|
||||
$MDWPWCM = '10000'
|
||||
$MDIIM = '20000'
|
||||
$MDWTOI = '40000'
|
||||
|
||||
$a = $MDN
|
||||
$b = $MDWDS
|
||||
$c = $MDWFM
|
||||
$d = $MDWHD
|
||||
$e = $MDFM
|
||||
$f = $MDSM
|
||||
$g = $MDWUM
|
||||
$h = $MDWIR
|
||||
$i = $MMDFMP
|
||||
$j = $MDWPTD
|
||||
$k = $MDWPRWM
|
||||
$l = $MDWOD
|
||||
$m = $MDWFMI
|
||||
$n = $MDWTI
|
||||
$o = $MDWCS
|
||||
$p = $MDWAS
|
||||
$q = $MDWFAS
|
||||
$r = $MDWPWCM
|
||||
$s = $MDIIM
|
||||
$t = $MDWTOI
|
||||
|
||||
$0x = "0x"
|
||||
|
||||
$array = @()
|
||||
|
||||
Clear-host
|
||||
write-host "Setting up your machine to receive Usermode Dumps via WER."
|
||||
Start-sleep -s 3
|
||||
|
||||
|
||||
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpFolder" -Value "%LOCALAPPDATA%\CrashDumps" -PropertyType ExpandString -Force
|
||||
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpCount" -Value "10" -PropertyType DWORD -Force
|
||||
|
||||
clear-host
|
||||
write-host "What would you like to do?"
|
||||
write-host "(0) Disable Dumps and restore system to factory."
|
||||
write-host "(1) Enable System for Full Dumps."
|
||||
write-host "(2) Enable System for Mini Dumps."
|
||||
write-host "(3) Enable System for custom dump with options."
|
||||
$NCD = Read-Host "Enter a number option"
|
||||
|
||||
If ($NCD -eq '3')
|
||||
{
|
||||
|
||||
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpType" -Value "0" -PropertyType DWORD -Force
|
||||
Do
|
||||
{
|
||||
clear-host
|
||||
write-host "Here are the optional custom dump to add to your custom dump parameters:"
|
||||
write-host "(1) Mini Dump Normal"
|
||||
write-host "(2) Mini Dump With Data Segs"
|
||||
write-host "(3) Mini Dump With Full Memory"
|
||||
write-host "(4) Mini Dump With Handle Data"
|
||||
write-host "(5) Mini Dump Filter Memory"
|
||||
write-host "(6) Mini Dump Scan Memory"
|
||||
write-host "(7) Mini Dump With Unloaded Modules"
|
||||
write-host "(8) Mini Dump With Indirectly Referenced"
|
||||
write-host "(9) Memory Mini Dump Filter Module Paths"
|
||||
write-host "(10) Mini Dump With Process Thread Data"
|
||||
write-host "(11) Mini Dump With Private Read Write Memory"
|
||||
write-host "(12) Mini Dump Without Optional Data"
|
||||
write-host "(13) Mini Dump With Full Memory Info"
|
||||
write-host "(14) Mini Dump With Thread Info"
|
||||
write-host "(15) Mini Dump With Code Segs"
|
||||
write-host "(16) Mini Dump Without Auxiliary State"
|
||||
write-host "(17) Mini Dump With Full Auxiliary State"
|
||||
write-host "(18) Mini Dump With Private Write Copy Memory"
|
||||
write-host "(19) Mini Dump Ignore Inaccessible Memory"
|
||||
write-host "(20) Mini Dump With Token Information"
|
||||
$Option = Read-Host "Enter one number value at a time and press enter. (Press 'q' when finished)"
|
||||
if($Option -eq '1')
|
||||
{
|
||||
$array += [int]$a
|
||||
}
|
||||
ElseIf($Option -eq '2')
|
||||
{
|
||||
$array += [int]$b
|
||||
}
|
||||
ElseIf($Option -eq '3')
|
||||
{
|
||||
$array += [int]$c
|
||||
}
|
||||
ElseIf($Option -eq '4')
|
||||
{
|
||||
$array += [int]$d
|
||||
}
|
||||
ElseIf($Option -eq '5')
|
||||
{
|
||||
$array += [int]$e
|
||||
}
|
||||
ElseIf($Option -eq '6')
|
||||
{
|
||||
$array += [int]$f
|
||||
}
|
||||
ElseIf($Option -eq '7')
|
||||
{
|
||||
$array += [int]$g
|
||||
}
|
||||
ElseIf($Option -eq '8')
|
||||
{
|
||||
$array += [int]$h
|
||||
}
|
||||
ElseIf($Option -eq '9')
|
||||
{
|
||||
$array += [int]$i
|
||||
}
|
||||
ElseIf($Option -eq '10')
|
||||
{
|
||||
$array += [int]$j
|
||||
}
|
||||
ElseIf($Option -eq '11')
|
||||
{
|
||||
$array += [int]$k
|
||||
}
|
||||
ElseIf($Option -eq '12')
|
||||
{
|
||||
$array += [int]$l
|
||||
}
|
||||
ElseIf($Option -eq '13')
|
||||
{
|
||||
$array += [int]$m
|
||||
}
|
||||
ElseIf($Option -eq '14')
|
||||
{
|
||||
$array += [int]$n
|
||||
}
|
||||
ElseIf($Option -eq '15')
|
||||
{
|
||||
$array += [int]$o
|
||||
}
|
||||
ElseIf($Option -eq '16')
|
||||
{
|
||||
$array += [int]$p
|
||||
}
|
||||
ElseIf($Option -eq '17')
|
||||
{
|
||||
$array += [int]$q
|
||||
}
|
||||
ElseIf($Option -eq '18')
|
||||
{
|
||||
$array += [int]$r
|
||||
}
|
||||
ElseIf($Option -eq '19')
|
||||
{
|
||||
$array += [int]$s
|
||||
}
|
||||
ElseIf($Option -eq '20')
|
||||
{
|
||||
$array += [int]$t
|
||||
}
|
||||
ElseIf($Option -eq 'q')
|
||||
{
|
||||
write-host "Closing application."
|
||||
Start-Sleep -s 2
|
||||
}
|
||||
Else
|
||||
{
|
||||
write-host "Invalid Option, Try again."
|
||||
Start-sleep -s 2
|
||||
}
|
||||
|
||||
}
|
||||
While($Option -ne "q")
|
||||
$sum = $array -join '+'
|
||||
$SumArray = Invoke-Expression $sum
|
||||
$FinalSum = $0x + $SumArray
|
||||
|
||||
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "CustomDumpFlags" -Value "$FinalSum" -PropertyType DWORD -Force
|
||||
|
||||
write-host " "
|
||||
write-host "Setting up the system for crash dumps requires a reboot"
|
||||
}
|
||||
ElseIf ($NCD -eq '0')
|
||||
{
|
||||
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpCount" -Force -ErrorAction SilentlyContinue
|
||||
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpType" -Force -ErrorAction SilentlyContinue
|
||||
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpFolder" -Force -ErrorAction SilentlyContinue
|
||||
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "CustomDumpFlags" -Force -ErrorAction SilentlyContinue
|
||||
write-host " "
|
||||
$reboot = read-host "Registry reset to factory settings and cleared. It is recommended to restart your machine, would you like to now?"
|
||||
if($reboot -eq "Yes" -or $reboot -eq "Y" -or $reboot -eq "yes" -or $reboot -eq "y")
|
||||
{
|
||||
shutdown -r
|
||||
}
|
||||
Else
|
||||
{
|
||||
write-host "Please restart the machine for settings to take effect at your convenience."
|
||||
}
|
||||
}
|
||||
ElseIf ($NCD -eq '1')
|
||||
{
|
||||
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpType" -Value "2" -PropertyType DWORD -Force
|
||||
write-host "The computer has been set up to create a Full Sized Dump and will be located in %LOCALAPPDATA%\CrashDumps."
|
||||
write-host "The computer must also restart for settings to take effect. Would you like to now? (Y/n)"
|
||||
if($reboot -eq "Yes" -or $reboot -eq "Y" -or $reboot -eq "yes" -or $reboot -eq "y")
|
||||
{
|
||||
shutdown -r
|
||||
}
|
||||
Else
|
||||
{
|
||||
write-host "Please restart the machine for settings to take effect at your convenience."
|
||||
}
|
||||
}
|
||||
ElseIf ($NCD -eq '2')
|
||||
{
|
||||
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpType" -Value "1" -PropertyType DWORD -Force
|
||||
write-host "The computer has been set up to create a Mini Dump and will be located in %LOCALAPPDATA%\CrashDumps."
|
||||
write-host "The computer must also restart for settings to take effect. Would you like to now? (Y/n)"
|
||||
if($reboot -eq "Yes" -or $reboot -eq "Y" -or $reboot -eq "yes" -or $reboot -eq "y")
|
||||
{
|
||||
shutdown -r
|
||||
}
|
||||
Else
|
||||
{
|
||||
write-host "Please restart the machine for settings to take effect at your convenience."
|
||||
}
|
||||
}
|
||||
Else
|
||||
{
|
||||
write-host "You did not enter a valid option. Please re-run Get-Dump.ps1"
|
||||
start-sleep -s 5
|
||||
}
|
Loading…
Reference in New Issue
Block a user