|
| 1 | +- win_guest_debugging_tool: install setup image_copy unattended_install.cdrom |
| 2 | + only Windows |
| 3 | + type = win_guest_debugging_tool |
| 4 | + tmp_dir = %TEMP% |
| 5 | + runtimeout = 360 |
| 6 | + shutdown_command = "shutdown -s -t 0" |
| 7 | + reboot_command = "shutdown -r -t 0" |
| 8 | + cmd_unrestrict_policy = 'powershell.exe Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process -Force' |
| 9 | + test_tmp_dir = "%TEMP%\testtmpdir" |
| 10 | + cmd_create_dir = "mkdir %s >nul 2>&1" |
| 11 | + cmd_remove_dir = "rmdir /S /Q %s" |
| 12 | + cdroms += " virtio" |
| 13 | + cdrom_virtio = isos/windows/virtio-win.iso |
| 14 | + cmd_findstr_in_file = type %s | findstr "%s" |
| 15 | + include_sensitive_data = False |
| 16 | + target_files = "msinfo32.txt,system.evtx,security.evtx,application.evtx,drv_list.csv,virtio_disk.txt,WindowsUpdate.log,Services.csv,WindowsUptime.txt,RunningProcesses.csv,InstalledApplications.csv,InstalledKBs.csv,NetworkInterfaces.txt,IPConfiguration.txt,setupapi.dev.log,setupapi.setup.log,setupapi.offline.log,ErrorWindowsUpdate.log,OutputWindowsUpdate.log,LocaleMetaData" |
| 17 | + target_dump_files = "MEMORY.DMP,Minidump" |
| 18 | + script_name = "CollectSystemInfo.ps1" |
| 19 | + cmd_search_file_global = powershell.exe -Command "Get-PSDrive -PSProvider FileSystem | ForEach-Object { Get-ChildItem -Path $_.Root -Recurse -Filter '%s' -ErrorAction SilentlyContinue } | ForEach-Object { Join-Path -Path $_.Directory.FullName -ChildPath $_.Name }" |
| 20 | + variants: |
| 21 | + - check_script_execution: |
| 22 | + windegtool_check_type = script_execution |
| 23 | + - check_zip_package: |
| 24 | + windegtool_check_type = zip_package |
| 25 | + cmd_extract_zip = 'powershell.exe Expand-Archive -Path "%s" -DestinationPath %s -Force' |
| 26 | + cmd_check_folder_size = powershell -c "$folderPath='%s'; $folderSize=(Get-ChildItem -Path $folderPath -Recurse | Measure-Object -Property Length -Sum).Sum; Write-Output $folderSize" |
| 27 | + - check_run_tools_multi_times: |
| 28 | + windegtool_check_type = run_tools_multi_times |
| 29 | + - check_user_friendliness: |
| 30 | + windegtool_check_type = user_friendliness |
| 31 | + cmd_kill_powershell_process = taskkill /IM powershell.exe /F |
| 32 | + cmd_kill_powershell_process1 = powershell.exe -Command "Stop-Process -Name msinfo32 -Force" |
| 33 | + invalid_params = "-invalidparam,IncludeSensitiveData,0000,hell,-H,-IncludeSensitiveData -h" |
| 34 | + expect_output_prompt = "Usage: .\CollectSystemInfo.ps1 [-IncludeSensitiveData] [-Help]" |
| 35 | + script_interrupt_signal_file = 'Collecting_Status.txt' |
| 36 | + cmd_dir_del = powershell.exe -Command "Remove-Item -Path '%s' -Recurse -Force -ErrorAction SilentlyContinue" |
| 37 | + cmd_query_path = powershell.exe "$lastDir = dir | Select-String 'System*' | Select-Object -Last 1; write-output $lastDir" |
| 38 | + - check_disk_registry_collection: |
| 39 | + windegtool_check_type = disk_registry_collection |
| 40 | + virtio_disk_filepath = "%s\virtio_disk.txt" |
| 41 | + new_reg_item = "HKLM:\SYSTEM\CurrentControlSet\Services\viostor\Parameters" |
| 42 | + exist_reg_item = "HKLM:\SYSTEM\CurrentControlSet\Services\Disk" |
| 43 | + cmd_reg_query = powershell.exe -Command "(Get-ItemProperty -Path %s).%s" |
| 44 | + cmd_reg_add_item = powershell.exe "if (-not (Test-Path -Path '%s')) {New-Item -Path %s | Out-Null}" |
| 45 | + cmd_reg_add_item_key = powershell.exe "if (-not (Test-Path -Path '%s')) {New-Item -Path %s -Name %s -ItemType Key | Out-Null}" |
| 46 | + cmd_reg_set_value = powershell.exe -Command "Set-ItemProperty -Path '%s' -Name '%s' -Value %d" |
| 47 | + cmd_reg_del = powershell.exe -Command "Remove-Item -Path '%s' -Recurse -Force -ErrorAction SilentlyContinue" |
| 48 | + reg_subkey1 = IoTimeoutValue |
| 49 | + reg_subkey2 = TimeoutValue |
| 50 | + key_value1 = 100 |
| 51 | + key_value2 = 150 |
| 52 | + - check_includeSensitiveData_collection: |
| 53 | + windegtool_check_type = includeSensitiveData_collection |
| 54 | + include_sensitive_data = True |
| 55 | + timeout = 360 |
| 56 | + reboot_method = system_reset |
| 57 | + memory_dmp_file = "%SystemRoot%\Memory.dmp" |
| 58 | + mini_dmp_folder = "%SystemRoot%\Minidump" |
| 59 | + crash_method = nmi |
| 60 | + cmd_check_files = powershell.exe ls %s |
| 61 | + - check_trigger_driver_msinfo_collection: |
| 62 | + windegtool_check_type = trigger_driver_msinfo_collection |
| 63 | + image_snapshot = yes |
| 64 | + transfer_timeout = 720 |
| 65 | + msinfo_file_path = "%s\msinfo32.txt" |
| 66 | + drv_list_file_path = "%s\drv_list.csv" |
| 67 | + setupapi_dev_file_path = "%s\setupapi.dev.log" |
| 68 | + target_driver = pvpanic |
| 69 | + cmd_query_oem_inf = powershell.exe -Command "pnputil.exe /enum-drivers | Select-String -Pattern '%s.inf' -Context 1,1 | ForEach-Object { if ($_ -match 'Published Name:\s+(oem\d+\.inf)') { $matches[1] } }" |
| 70 | + cmd_install_driver = pnputil.exe /add-driver %s /install |
| 71 | + cmd_uninstall_driver = pnputil.exe /delete-driver %s /uninstall /force |
| 72 | + cmd_scan_device = pnputil.exe /scan-devices |
| 73 | + cmd_backup_driver = Export-WindowsDriver -Online -Destination "C:\DriverBackup" |
| 74 | + cmd_check_driver_ver = powershell.exe -Command "Get-WmiObject Win32_PnPSignedDriver | Where-Object DeviceName -eq '%s'" |
| 75 | + new_system_name = "NewsystemName" |
| 76 | + cmd_change_systemname = powershell.exe -Command "Rename-Computer -NewName %s" |
| 77 | + cmd_query_from_file = powershell.exe -Command "Get-Content %s | Select-String -Pattern '%s'" |
| 78 | + cmd_check_systemname = echo %computername% |
| 79 | + cmd_query_ver_vm = powershell.exe -Command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption" |
| 80 | + cmd_search_2k16_inf_file_global = powershell.exe -Command "Get-PSDrive -PSProvider FileSystem | ForEach-Object { Get-ChildItem -Path $_.Root -Recurse -Filter '%s' -ErrorAction SilentlyContinue } | ForEach-Object { Join-Path -Path $_.Directory.FullName -ChildPath $_.Name } | Where-Object { $_ -match '2k16' }" |
| 81 | + - check_networkadapter_collection: |
| 82 | + windegtool_check_type = networkadapter_collection |
| 83 | + check_adapter_name = powershell.exe -Command "Get-NetAdapter | Select-Object -ExpandProperty Name" |
| 84 | + check_adapter_jp_info = powershell.exe -Command "Get-NetAdapterAdvancedProperty -Name '%s' | Where-Object { $_.DisplayName -eq 'Jumbo Packet' } | Select-Object -ExpandProperty DisplayValue" |
| 85 | + cmd_set_adapter_jp_info = powershell.exe -Command "Set-NetAdapterAdvancedProperty -Name '%s' -DisplayName 'Jumbo Packet' -DisplayValue %d" |
| 86 | + cmd_disable_adapter = powershell.exe -Command "Disable-NetAdapter -Name '%s' -Confirm:$false" |
| 87 | + cmd_enable_adapter = powershell.exe -Command "Enable-NetAdapter -Name '%s' -Confirm:$false" |
| 88 | + networkfile_path = "%s\NetworkInterfaces.txt" |
| 89 | + ipconfigfile_path = "%s\IPConfiguration.txt" |
| 90 | + static_dns = 8.8.8.8 |
| 91 | + cmd_get_dns = powershell.exe -Command (Get-DnsClientServerAddress -AddressFamily IPv4).ServerAddresses |
| 92 | + cmd_set_dns = netsh interface ipv4 set dns name="%s" static %s |
| 93 | + cmd_set_dns_dhcp = netsh interface ipv4 set dns name="%s" dhcp |
| 94 | + - check_documentation: |
| 95 | + windegtool_check_type = documentation |
| 96 | + standard_docs = "README.md", "LICENSE", "CollectSystemInfo.ps1" |
| 97 | + target_doc = "README.md" |
| 98 | + query_cmd_from_file = powershell.exe -Command "Get-Content %s | Select-String '```powershell' -Context 0,1" |
| 99 | + cmd_cp_file = powershell.exe -Command "cp %s %s" |
0 commit comments