Post problem reports here for Batch files for use in BSOD debugging

Page 92 of 114 FirstFirst ... 42829091929394102 ... LastLast

  1. Posts : 39,170
    windows 10 professional version 1607 build 14393.969 64 bit
       #911

    The title and version number are your choice.
    Event viewer and top errors or the above.

    Please post a share link with the current script.
      My Computer

  2. Matthew Wai's Avatar
    Posts : 6,453
    Windows 10 Home 20H2
       #912

    The share link is already in my post #906.
    Download it and rename it as you please. Just don't modify the content.
    Last edited by Matthew Wai; 16 Sep 2021 at 01:54.
      My Computer


  3. Posts : 39,170
    windows 10 professional version 1607 build 14393.969 64 bit
       #913

    Isn't that a bat file. How can the script be saved like LOGS PS1 (text file)?
    So that it can be copied and pasted into administrative powershell.
      My Computer

  4. Matthew Wai's Avatar
    Posts : 6,453
    Windows 10 Home 20H2
       #914

    Just double-click on the batch script, which will do the job automatically. You need not copy and paste anything.
      My Computer


  5. Posts : 39,170
    windows 10 professional version 1607 build 14393.969 64 bit
       #915

    I'm planning to upload the bat file.
    Separately I'd like a copy and paste file.
    This way there is a backup option.
      My Computer

  6. Matthew Wai's Avatar
    Posts : 6,453
    Windows 10 Home 20H2
       #916

    The following PowerShell code will be run automatically when you double-click on the batch script.
    I do not know whether it will work when you copy and paste it onto the "Administrator: Windows PowerShell" window.

    Code:
    function wh   
        {   Param ( [parameter (Mandatory = $true)][string]$txt )  
            Write-Host $txt -ForegroundColor Green -BackgroundColor Black -NoNewline }  
    
    function StartScript   
        {  ##Locating Temp Dir and writing Transcript  
            $global:tempDir = [System.IO.Path]::GetTempPath()  
    CMD /C "RD /s /q ""$tempDir\LOGS"" 2>Nul"
            MD $tempDir\LOGS -EA SilentlyContinue   
            CD $tempDir\LOGS  
            $txtCount = Get-Item $tempDir/LOGS/*.TXT -EA SilentlyContinue  
            if((Get-Host).Version.Major -cge 5) ##WIN7 Not Supported  
                {if($txtCount.Count -cge 1)   
                    {Start-Transcript -Append -Path $tempDir/LOGS/Event-Search.TXT}   
                    Else{Start-Transcript -Path $tempDir\LOGS\Event-Search.TXT}  }  
            $global:explore = $tempDir + "LOGS\"  
            $global:Ver = "1.6.3"  
            wh "`nLog Collection... (V$Ver)`n"   
            Stop-Job *  
            Remove-Job *                                    
        } ## End function Start-Script  
     
    function EventSearch  
        {  wh "`n Starting EventSearch Job-Function ...`n"  
        ## Gathering Events from System using Get-WinEvent via Job  
        $EventSearchJob =   
            {$evtPaths = Get-Item C:\Windows\System32\Winevt\Logs\*.evtx -Exclude "*PowerShell*",   
                "*known folders*" | Select-Object FullName  
            $i = $evtPaths.Count  
            $x = 0 ##For 1st Loop do Until x = i  
            $events = @()  
            $gatherEvents = @()  
            $eventsArray = @()  
            $searchResult = @()  
            $MaxEvents = 99  
            do {$gatherEvents = Get-WinEvent -Path $evtPaths[$x].FullName -MaxEvents $MaxEvents -EA SilentlyContinue  
                $events = $events + $gatherEvents             
                $x++ } Until ($x -eq $i)      
            $x = $x +1 ##Total Events Found!         
            $eventsLength = $events.Length ##Total events catalogged!        
            $xx = 0  
            do { $date = $events[$xx].TimeCreated | Get-Date -Format "yyyyMMdd".ToString() -EA SilentlyContinue ##EA SC for Blank Entries  
                    $eventRow = new-object PSObject -Property @{  
                    Date = $date;  
                    Id = $events[$xx].Id;  
                    Level = $events[$xx].LevelDisplayName;  
                    Provider = $events[$xx].ProviderName;  
                   Message = $events[$xx].Message;  }  
                    $cRow = $date + " " + "ID:" +  $events[$xx].Id + " " + "Level:" + $events[$xx].LevelDisplayName + " " + "Provider:" + $events[$xx].ProviderName + " " + "Message:" + $events[$xx].Message   
                    $eventsArray += $cRow      
                    $xx++  
                    $d++  } Until ($xx -eq $events.Length)  
            ##Looking for patterns error or fail in $eventsArray  
            $search = $eventsArray | Select-String -pattern ("error|fail") 
            Return $search } ## End $EventSearchJob  
    Start-Job -Name EventSearchJob -ScriptBlock $EventSearchJob } ## End function Event-Search 
    
    function writeSearch  ##   
        {  MD $tempDir\LOGS\EVTX\ -EA SilentlyContinue 
            $search | Group-Object | Sort-Object Count -Descending | Format-Table Count, Name -Wrap > TOP-ERRORS.TXT  
            $search > $tempDir\LOGS\SEARCH.TXT   
        if($Global:eventOut -eq $True)  
            { $search | Group-Object | Sort-Object Count -Descending |   
     Select-Object -Property Count, Name | Out-GridView -Title "Top `"Errors`" via EVTX - V-$Ver"}  
            wh "`n Collecting Matching EVTX Entries ...`n"     
            #Collecting all prev matching EVTX  
            #$evtx = Get-ChildItem C:\Windows\System32\Winevt\Logs\*.evtx  
            $evv = 0    
               $providerName =   
                   (($search | Select-String "Provider:.*Message:").Matches.Value -Replace   
                          " Message:", "" -Replace "Provider:", "" | Group-Object ).Name   
                #Converting Provider Name to Log Name                 
                $providerName = (($providerName | ForEach-Object {Get-WinEvent -ProviderName $_ -MaxEvents 1 -EA SilentlyContinue}).LogName | Group-Object).Name     
                   $providerName = $providerName -replace "Microsoft.", ""  
                      $providerName = $providerName -replace "Windows.", ""  
                         $providerName = $providerName -replace "`/.*$", ""  
     $evtx = $providerName | foreach{Get-ChildItem "C:\Windows\System32\winevt\logs\*$_*"}  
     Do{ COPY $evtx[$evv].PSPath $tempDir\LOGS\EVTX\ 
              $evv++ } Until($evv -eq $evtx.Count) } #End function writeSearch  
    
    StartScript
    EventSearch
    wh "`nWaiting for EventSearchJob to complete...`n"  
    Receive-Job -Name EventSearchJob -OutVariable eventSearch -Wait   
    $search = $eventSearch.Line  
    writeSearch
    #============================================================================
    $REG = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
    $Desktop = (GP -Path $REG -Name "Desktop").Desktop
    $Date = Get-Date -format "yyyy-MM-dd_HH-mm-ss"
    $Logs = "$Desktop\Event_logs-($Date)"
    $Folder   = "$tempDir\LOGS"
    $System32     = Join-Path -Path $env:SystemRoot -ChildPath "System32"
    $WevtUtilPath = Join-Path -Path $System32 -ChildPath "wevtutil.exe"
    $AppEvents    = Join-Path -Path "$Folder" -ChildPath "application-events.txt"
    $SystemEvents = Join-Path -Path "$Folder" -ChildPath "system-events.txt"
    $PnPEvents    = Join-Path -Path "$Folder" -ChildPath "pnp-events.txt"
    $TimeLimit  = "2592000000"
    $TimeString = "*[System[TimeCreated[timediff(@SystemTime) <= " + $TimeLimit + "]]]"
    Echo "";Echo "Exporting Application event Log..."
    &$WevtUtilPath query-events Application /q:"$TimeString" /f:text > "$AppEvents"
    Echo "";Echo "Exporting System event log..."
    &$WevtUtilPath query-events System /q:"$TimeString" /f:text > $SystemEvents
    Echo "";Echo "Exporting Kernel PnP event log..."
    &$WevtUtilPath query-events Microsoft-Windows-Kernel-PnP/Configuration /q:"$TimeString" /f:text > $PnPEvents
    If (Test-Path "$Folder\Event-Search.txt" -PathType Leaf ) {CP "$Folder\Event-Search.txt" -Destination "$Folder\Event_Search.txt"}       
    If (Test-Path "$Folder\EVTX" -PathType Container) {Compress-Archive -Path "$Folder\EVTX" -Update -DestinationPath "$Logs"} 
    If (Test-Path "$Folder\SEARCH.txt" -PathType Leaf) {Compress-Archive -Path "$Folder\SEARCH.txt" -Update -DestinationPath "$Logs"}       
    If (Test-Path "$Folder\TOP-ERRORS.txt" -PathType Leaf) {Compress-Archive -Path "$Folder\TOP-ERRORS.txt" -Update -DestinationPath "$Logs"}       
    If (Test-Path "$Folder\Event_Search.txt" -PathType Leaf) {Compress-Archive -Path "$Folder\Event_Search.txt" -Update -DestinationPath "$Logs"} 
    Compress-Archive -Path "$AppEvents" -Update -DestinationPath "$Logs"
    Compress-Archive -Path "$SystemEvents" -Update -DestinationPath "$Logs"
    Compress-Archive -Path "$PnPEvents" -Update -DestinationPath "$Logs"
    
    Start "$Logs.zip" ; CMD /C "RD /s /q ""$Folder"" 2>Nul"
    Echo "";Echo " The following ZIP file has been created on the desktop."
    Echo "";Echo " $Logs.zip";Echo ""
    Echo " Please upload it as an attachment to your post on TenForums."
    Switch(Read-Host ' You may press [Enter] to close this window.'){""{Exit}}
    #============================================================================
      My Computer



  7. Posts : 39,170
    windows 10 professional version 1607 build 14393.969 64 bit
       #917

    Running the script created folders and files dated today 9/16 with one exception.
    The Event_Search displayed 9/14.


    Code:
        Directory: C:\Users\a\AppData\Local\Temp\LOGS
    
    
    Mode                 LastWriteTime         Length Name
    ----                 -------------         ------ ----
    d-----         9/14/2021   7:38 AM                EVTX
    
    Exporting Application event Log...
    
    Exporting System event log...
    
    Exporting Kernel PnP event log...
    
    
     The following ZIP file has been created on the desktop.
    
     C:\Users\a\Desktop\Event_logs-(2021-09-14_07-38-23).zip
    
     Please upload it as an attachment to your post on TenForums.
      My Computer

  8. Matthew Wai's Avatar
    Posts : 6,453
    Windows 10 Home 20H2
       #918

    zbook said:
    Code:
      C:\Users\a\Desktop\Event_logs-(2021-09-14_07-38-23).zip
    Three days ago, I downloaded your "Event_logs-(2021-09-14_07-38-23).zip" onto my PC.
    Three days ago, the date was 2021-09-14. I see no problem.
      My Computer

  9. jbcarreon123's Avatar
    Posts : 1,639
    Windows 10 Pro v21H1 x64 (19043.1052), Linux (LiveUSB)
       #919

    zbook said:
    How is the script protected from modification?
    Code:
    icacls "D:\path\to\file.bat" /inheritance:r /grant %username%:F /grant everyone:RX
    or,
    obfuscate.bat
      My Computers


  10. Posts : 39,170
    windows 10 professional version 1607 build 14393.969 64 bit
       #920

    If a bat script is posted in resources on either WQ or EF can someone modify (add, subtract, or replace parts of the scrip)?
    For example any malware?
      My Computer


 
Page 92 of 114 FirstFirst ... 42829091929394102 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 02:12.
Find Us




Windows 10 Forums