kvm-guest-drivers-windows
288 строк · 11.1 Кб
1# This script collects various system information for diagnostic
2# purposes. The collected data includes system configuration,
3# event logs, driver lists, registry information, update logs,
4# services, uptime, running processes, installed applications,
5# installed KBs, and memory dumps.
6
7# Copyright (c) 2024 Red Hat, Inc. and/or its affiliates. All rights reserved.
8
9# Redistribution and use in source and binary forms, with or without
10# modification, are permitted provided that the following conditions
11# are met:
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14# 2. Redistributions in binary form must reproduce the above copyright
15# notice, this list of conditions and the following disclaimer in the
16# documentation and/or other materials provided with the distribution.
17# 3. Neither the names of the copyright holders nor the names of their contributors
18# may be used to endorse or promote products derived from this software
19# without specific prior written permission.
20# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
21# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE
24# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30# SUCH DAMAGE.
31
32
33# Ensure the script runs with an unrestricted execution policy (for Windows 10 and Windows Server 2016)
34# Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process -Force
35
36# For gathering event logs run the script as an administrator
37
38# IncludeSensitiveData is used to include memory dumps add this parameter to your command line to collect them
39# Example: .\CollectSystemInfo.ps1 -IncludeSensitiveData
40
41param (
42[switch]$IncludeSensitiveData,
43[switch]$Help
44)
45
46Add-Type -AssemblyName 'System.IO.Compression.FileSystem'
47
48function Compress-Files {
49param (
50[string]$SourcePath,
51[string]$DestinationPath
52)
53
54[System.IO.Compression.ZipFile]::CreateFromDirectory($SourcePath, $DestinationPath)
55}
56
57function Show-Help {
58Write-Host "Usage: .\CollectSystemInfo.ps1 [-IncludeSensitiveData] [-Help]"
59Write-Host ""
60Write-Host "Parameters:"
61Write-Host " -IncludeSensitiveData Include sensitive data (memory dump)"
62Write-Host " -Help Show this help message"
63Write-Host ""
64Write-Host "If no parameters are provided, the script will run with default behavior."
65}
66
67function Export-SystemConfiguration {
68try {
69Write-Host 'Collecting system configuration started it may take a while...'
70Start-Process -FilePath 'msinfo32.exe' -ArgumentList '/report', (Join-Path $logfolderPath 'msinfo32.txt') -Wait
71Write-Host 'System configuration collection completed.'
72} catch {
73Write-Warning "Failed to collect system configuration: $_"
74}
75}
76
77function Export-EventLogs {
78try {
79$logNames = @('system', 'security', 'application')
80foreach ($logName in $logNames) {
81$logPath = Join-Path $logfolderPath "$logName.evtx"
82wevtutil epl $logName $logPath
83wevtutil al $logPath
84}
85Write-Host 'Event logs collection completed.'
86} catch {
87Write-Warning "Failed to collect event logs: $_"
88}
89}
90
91function Export-DriversList {
92try {
93Get-WindowsDriver -Online -All | Select-Object -Property * | Export-Csv -Path (Join-Path $logfolderPath 'drv_list.csv') -NoTypeInformation
94Write-Host 'Drivers list collection completed.'
95} catch {
96Write-Warning "Failed to collect drivers list: $_"
97}
98}
99
100function Export-VirtioWinStorageDrivers {
101$registryPaths = @(
102'HKLM:\SYSTEM\CurrentControlSet\Services\Disk',
103'HKLM:\SYSTEM\CurrentControlSet\Services\viostor\Parameters',
104'HKLM:\SYSTEM\CurrentControlSet\Services\vioscsi\Parameters'
105)
106$valuesToQuery = @('IoTimeoutValue', 'TimeoutValue')
107
108foreach ($path in $registryPaths) {
109foreach ($value in $valuesToQuery) {
110$property = Get-ItemProperty -Path $path -Name $value -ErrorAction SilentlyContinue
111$output = "$path\$value : $($property.$value)"
112$output | Out-File -FilePath (Join-Path $logfolderPath 'virtio_disk.txt') -Append
113}
114}
115Write-Host 'Virtio-Win storage drivers configuration collection completed.'
116}
117
118function Export-WindowsUpdateLogs {
119try {
120$logPath = Join-Path $logfolderPath 'WindowsUpdate.log'
121$command = "Get-WindowsUpdateLog -LogPath '$logPath'"
122Start-Process -FilePath 'powershell.exe' -ArgumentList '-NoLogo', '-NoProfile', '-Command', $command -NoNewWindow -Wait -RedirectStandardOutput (Join-Path $logfolderPath 'OutputWindowsUpdate.log') -RedirectStandardError (Join-Path $logfolderPath 'ErrorWindowsUpdate.log')
123Write-Host 'Windows Update logs collection completed.'
124} catch {
125Write-Warning "Failed to collect Windows Update logs: $_"
126}
127}
128
129function Export-WindowsUptime {
130try {
131$uptime = (Get-Date) - (gcim Win32_OperatingSystem).LastBootUpTime
132$uptime.ToString() | Out-File -FilePath (Join-Path $logfolderPath 'WindowsUptime.txt')
133Write-Host 'Windows uptime collection completed.'
134} catch {
135Write-Warning "Failed to collect Windows uptime: $_"
136}
137}
138
139function Export-ServicesList {
140try {
141Get-Service | Select-Object -Property Name, DisplayName, Status, StartType | Export-Csv -Path (Join-Path $logfolderPath 'Services.csv') -NoTypeInformation
142Write-Host 'Services list collection completed.'
143} catch {
144Write-Warning "Failed to collect list of services: $_"
145}
146}
147
148function Export-RunningProcesses {
149try {
150Get-Process | Select-Object -Property Id, ProcessName, StartTime | Export-Csv -Path (Join-Path $logfolderPath 'RunningProcesses.csv') -NoTypeInformation
151Write-Host 'Running processes collection completed.'
152} catch {
153Write-Warning "Failed to collect list of running processes: $_"
154}
155}
156
157function Export-InstalledApplications {
158try {
159Get-ItemProperty -Path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*' |
160Select-Object -Property DisplayName, DisplayVersion, Publisher, InstallDate |
161Export-Csv -Path (Join-Path $logfolderPath 'InstalledApplications.csv') -NoTypeInformation
162Write-Host 'Installed applications collection completed.'
163} catch {
164Write-Warning "Failed to collect list of installed applications: $_"
165}
166}
167
168function Export-InstalledKBs {
169try {
170Get-HotFix | Select-Object -Property Description, HotFixID, InstalledOn | Export-Csv -Path (Join-Path $logfolderPath 'InstalledKBs.csv') -NoTypeInformation
171Write-Host 'Installed KBs collection completed.'
172} catch {
173Write-Warning "Failed to collect list of installed KBs: $_"
174}
175}
176
177function Export-NetworkConfiguration {
178try {
179Get-NetAdapterAdvancedProperty | Out-File -FilePath (Join-Path $logfolderPath 'NetworkInterfaces.txt')
180ipconfig /all | Out-File -FilePath (Join-Path $logfolderPath 'IPConfiguration.txt')
181
182Write-Host 'Network configuration collection completed.'
183} catch {
184Write-Warning "Failed to collect network configuration: $_"
185}
186}
187
188function Export-WindowsMemoryDump {
189$memoryDumpPaths = @("$env:SystemRoot\MEMORY.DMP", "$env:SystemRoot\Minidump")
190
191foreach ($dump in $memoryDumpPaths) {
192Copy-Item -Path $dump -Destination $dumpfolderPath -Recurse -ErrorAction SilentlyContinue
193}
194Write-Host 'Windows memory dump collection completed.'
195}
196
197function Write-InformationToArchive {
198param (
199[string]$FolderPath,
200[string]$SubFolderPath,
201[string]$ArchiveFileName
202)
203try {
204$archivePath = Join-Path -Path $FolderPath -ChildPath "$ArchiveFileName.zip"
205Compress-Files -SourcePath $SubFolderPath -DestinationPath $archivePath
206Write-Host "Archiving completed ($ArchiveFileName.zip)."
207} catch {
208Write-Warning "Failed to archive ($ArchiveFileName.zip): $_"
209}
210}
211
212function StopTranscriptAndCloseFile {
213if ($transcriptStarted) {
214Stop-Transcript | Out-Null
215$transcriptStarted = $false
216}
217}
218
219$validParams = @('IncludeSensitiveData', 'Help')
220if ($Help -or $args -contains '-?' -or $args -contains '--Help') {
221Show-Help
222return
223}
224
225foreach ($param in $args) {
226if ($param -notlike '-*' -or ($param -like '-*' -and $validParams -notcontains $param.TrimStart('-'))) {
227Write-Host "A parameter cannot be found that matches parameter name '$param'"
228Show-Help
229return
230}
231}
232
233$breakHandler = {
234Write-Host "Script interrupted by user. Stopping transcript..."
235StopTranscriptAndCloseFile
236exit
237}
238Register-EngineEvent -SourceIdentifier ConsoleBreak -Action $breakHandler | Out-Null
239Register-EngineEvent -SourceIdentifier PowerShell.Exiting -Action $breakHandler | Out-Null
240
241$timestamp = Get-Date -Format 'yyyy-MM-dd_HH-mm-ss'
242$folderName = "SystemInfo_$timestamp"
243$logfolderName = "Log_folder_$timestamp"
244$dumpfolderName = "Dump_folder_$timestamp"
245$folderPath = Join-Path -Path (Get-Location) -ChildPath $folderName
246$logfolderPath = Join-Path -Path $folderPath -ChildPath $logfolderName
247$dumpfolderPath = Join-Path -Path $folderPath -ChildPath $dumpfolderName
248$progressFile = "$folderPath\Collecting_Status.txt"
249New-Item -Path $logfolderPath -ItemType Directory | Out-Null
250New-Item -Path $progressFile -ItemType File | Out-Null
251Write-Host "Starting system info collecting into $folderPath"
252Write-Output "Log folder path: $logfolderPath"
253
254try {
255Start-Transcript -Path $progressFile -Append
256$transcriptStarted = $true
257Export-SystemConfiguration
258Export-EventLogs
259Export-DriversList
260Export-VirtioWinStorageDrivers
261Export-WindowsUpdateLogs
262Export-ServicesList
263Export-WindowsUptime
264Export-RunningProcesses
265Export-InstalledApplications
266Export-InstalledKBs
267Export-NetworkConfiguration
268
269if ($IncludeSensitiveData) {
270Write-Output "Dump folder path: $dumpfolderPath"
271New-Item -Path $dumpfolderPath -ItemType Directory | Out-Null
272Export-WindowsMemoryDump
273}
274} catch {
275$errorMsg = "An error occurred: $_"
276Write-Host $errorMsg
277Add-Content -Path $progressFile -Value $errorMsg
278} finally {
279StopTranscriptAndCloseFile
280Unregister-Event -SourceIdentifier ConsoleBreak
281Unregister-Event -SourceIdentifier PowerShell.Exiting
282}
283
284Remove-Item -Path $progressFile -ErrorAction SilentlyContinue
285Write-InformationToArchive -FolderPath $folderPath -SubFolderPath $logfolderPath -ArchiveFileName $logfolderName
286if ($IncludeSensitiveData) {
287Write-InformationToArchive -FolderPath $folderPath -SubFolderPath $dumpfolderPath -ArchiveFileName $dumpfolderName
288}