Sign in to follow this  
Followers 0
ripdad

SysInfoLog v2.11

102 posts in this topic

#1 ·  Posted (edited)

There are a number of programs on the internet that will make a log of your system processes and
registry settings, so that you can submit the log to someone that can make heads or tails of the
information contained in it and thereby help someone to repair a computer.

I've always dreaded reading system logs. Not anymore, as this makes reading one a joy.

It's actually 2 programs.

_SysInfoLog.au3 - This program generates the log of a PC.
_SysInfoLogViewer.au3 - This program is the log viewer.

As you will notice, I used alot of the code thats in GetCommonStartups to make them.
But these are geared to collect the information on one PC and view it on another.

Because of redirection issues between 64bit Os's, the programs will have to be compiled
64bit if used on a 64bit machine and 32bit on a 32bit machine.

(I won't use "disable redirection" along with WMI in a script anymore -- been there, done that)

For the most part, the viewer looks just like >GetCommonStartups, but without the teeth and not "live".

You will need a good understanding of registry values to interpret "Registry Settings".
The keys and values are enumerated whether they exist or not. This is because the program is
geared for trouble-shooting a PC.

Some keys are meant to be missing. Some values are meant to be blank. Some L@@K good, but are bad. And so on.
If you don't know, you can do a comparison on another machine of the "same OS" or find out from someone who does.

If a virus applied hidden attributes to a hard drive, you will be able to see "(HIDDEN)"
after the process in the "Running Programs" screen, and get an idea if it's system wide.

#RequireAdmin is needed to get "All" the info on a PC, although it will work without it, with "Less" info.

Comments and suggestions are welcome.

Change Log: Version 2

May 22, 2012 - v2.00 - Added: ATAPISmartData.
Thanks to ricky03 for the idea.

A good portion of SysInfoLog has either been rewritten, improved or new functions added.

With the knowledge gained from WMI_Query, I have been able to provide better information to the script.
A new function called _WMI_InstancesOf() is the one that makes this possible.

ProcessList_Extended() and NTLogs_GetEvents() have been completely rewritten for optimum speed.
Instead of individual querries, they now obtain that information all in one call to their functions.

May 24, 2012 - v2.01 - Fixed a few problem areas, some generated characters clashing with _WMI_InstancesOf() and added a QuickFix function.

May 26, 2012 - v2.02 - Changed value translation logic in _WMI_InstancesOf(). Added a few more WMI calls, ie: Win32_Keyboard. Added Loaded Misc

June 01, 2012 - v2.03 - Added _GetDisplayEDID(), optimized some functions and made a few improvements.

June 07, 2012 - v2.04 - Added Win32_PnPEntity, MfgYear in _GetDisplayEDID() and a few adjustments to _WMI_InstancesOf() and _WMI_GetATAPISmartData().

October 02, 2012 - v2.05 - Changed Error Handling for Objects and Various Improvements.

October 03, 2012 - v2.06 - Fixed a few problems with object errors in _WMI_InstancesOf().
1) If a device is not found (like a sound card), it will return a blank string when the "object count" is zero.
2) If a "property name" returns an error of "not found" at the "qualifier loop", then the function will continue without it.
Thanks goes to ricky03 for posting the errors and testing.

October 04, 2012 - v2.07 - Updated GUI in SysInfoLogViewer with newer code.

November 05, 2012 - v2.08 - Updated _WMI_GetATAPISmartData() with v1.00

December 14, 2012 - v2.09
SysInfoLog
* Upgraded _WMI_InstancesOf() to v1.00 -- Getting a "bit" more from WMI.
* Updated _WMI_GetATAPISmartData() with v1.01
* Updated _Array_RemoveDuplicates() to v1.01 -- Speed is much better now.
* Added _WMI_GetErrorDescription() for when the Error Handler fails to give one.
* Updated various other functions. ie: Reg_Debuggers(), GetCommonstartups(), _ObjErrorHandler(), etc.
SysInfoLogViewer
* Moved QuickFixEngineering to it's own window.
* Rewrote IsFlagged(), _FlagThisEntry() and _RemoveThisFlag() -- Should work better now.
* Updated a few functions.

July 14, 2014 - v2.10
* Modified to support Win8.0 and newer AutoIt versions (ie: 3.3.12.0).

_SysInfoLog_v2.10.au3:
* Removed _StartService() and Modified SIL_TestWMI().

_SysInfoLogViewer_v2.10.au3
* Minor adjustment to SysInfoLog_Export2HTML().
* Added progress bar.

July 29, 2014 - v2.11

_SysInfoLog_v2.11.au3:

* Modified to support Win8.1

_SysInfoLogViewer_v2.11.au3

* Added _LogOpen()

* Added "Open Log File" to the menu.

Thanks to ricky03 for the idea.

These script's must be compiled 64Bit if used on a 64Bit OS.

Download Version 2.11
SysInfoLog_v2.11.zip

Both scripts are in the zipfile above. Please let me know if any problems. Thanks.

Edited by ripdad

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

When I ran _SysInfoLog.au3 it returned an error, so I just removed the bracket ')' and it worked fine, I don't know if that bracket was important?!

I then checked the log file & it was blank, no idea why! I'm using Windows 7 x64.

Edited by guinness

_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Thanks, removed bracket ... must have been one too many Ctrl-Z's or something. Hmmm, I'm sure I Tidy'd it.

I ran this on Win7 x64 without problems. Anyone else having troubles?

-edit-

I tested that bracket on Tidy and it didn't catch it, which is unusual.

Here was code line, in case someone is interested:

$s &= $i & '=' & $s1 & ':' & $aItems[$i][1] & ' (HIDDEN)|' & $s2) & $cr

Edited by ripdad

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites
Very nice thank you for taking your time to make such a great utility. I tested on Windows 7 both 32 and 64 bit and it works great. Would be interesting if there was a way to add the ability to gather the windows mini dump with a viewer as well because the MiniDump is very valuable information when troubleshooting as well. :)

Share this post


Link to post
Share on other sites

G'day ripdad

Brilliant idea!

I’ve been looking for something like this for a while. But each time I decide to write one myself I get bogged down in “WHAT do I NEED to know from the computer” I think your program handles almost everything I can think of. :) THANKS!

Now for suggestions... ;) (well YOU did ask)

Collector

  • Add some command line options so sysinforlog can be run from batch or another program without user intervention. (eg /Silent – No Gui, /Quiet – No Prompts)
  • Don’t add sending (email/ftp/etc) functions to your program it will just clutter it up and you’ll never be able to add everything.
Viewer

  • Add ability to easily tag items as good or bad (and/or add a comment) by right clicking then store the comment/info in an INI or SQLite file. As the viewer program is used (at the office or from USB drive) it would be easier to spot new/bad items as more items are tagged.

Apart from those few suggestions I think it’s a great program.

MANY thanks for sharing it!

John Morrison

Share this post


Link to post
Share on other sites

@All - Thanks and you're welcome. I am just a hobby coder. A Pro would have done much better.

It works ... thats the important thing.

Nunos - I'll check into it, when I find minidumps of various OS's.

Chimaera - Nice to know it works on that version of Vista.

storme -

"command line options": I'll give it some thought. One could disable the prompts by commenting them.

"Don’t add sending (email/ftp/etc)": It did cross my mind, for about 10 seconds. <grin>

"ability to easily tag items": I'm not sure how I would go about that and be solid. I'll give it some thought.

Updated First Post to v1.03


"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

What? I thought Win7 was a version of Vista! They look the same! <grin>


"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

another update


"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

Nunos - about the minidumps ..... I doubt I will mess with that.

1) The size of those dumps can be anywhere between 100k and 1MB or more.

2) I've never needed to look at one to find out whats wrong with a PC.

Mainly, because I use other methods to obtain such information.

The BSOD code usually tells me all I need to know in that situation anyway.

If I were to incorporate it to the program, I would most likely just append

it to the end of the log. The same would go for the bootlog: ntbtlog.txt

or any other such files.

Thanks for the suggestion anyways, and ... I'm still entertaining others.


"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

V Nice and informative. Ive been writing something similar but using a html method for output.

I would like to see the minidumo stuff there too but use a BSOD viewer anyway so no major

thanks :)


Drunken Frat-Boy Monkey Garbage

Share this post


Link to post
Share on other sites

engjcowi,

I miss the WinX-ME days -- NOT.

It's rare to see a BSOD these days. It's usually hardware related if "I" see one.

Others may have a different story.

This is another log that can be useful at times: (not sure about Vista_7 (need to see))

"C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log"

Not fully tested, but you might be interested in this. It outputs WMI Console to htm, csv or list(ini type).

Local $s
$s &= 'BASEBOARD|';                - Base board (also known as a motherboard or system board) management.
$s &= 'BIOS|';                     - Basic input/output services (BIOS) management.
$s &= 'BOOTCONFIG|';               - Boot configuration management.
$s &= 'CDROM|';                    - CD-ROM management.
$s &= 'COMPUTERSYSTEM|';           - Computer system management.
$s &= 'CPU|';                      - CPU management.
$s &= 'CSPRODUCT|';                - Computer system product information from SMBIOS.
$s &= 'DESKTOPMONITOR|';           - Desktop Monitor management.
$s &= 'DISKDRIVE|';                - Physical disk drive management.
$s &= 'IDECONTROLLER|';            - IDE Controller management.
$s &= 'JOB|';                      - Provides  access to the jobs scheduled using the schedule service.
$s &= 'LOGICALDISK|';              - Local storage device management.
$s &= 'MEMCACHE|';                 - Cache memory management.
$s &= 'MEMLOGICAL|';               - System memory management (configuration layout and availability of memory).
$s &= 'MEMPHYSICAL|';              - Computer system's physical memory management.
$s &= 'NETPROTOCOL|';              - Protocols (and their network characteristics) management.
$s &= 'NETUSE|';                   - Active network connection management.
$s &= 'NIC|';                      - Network Interface Controller (NIC) management.
$s &= 'NICCONFIG|';                - Network adapter management.
;$s &= 'NTEVENT|'; <-- CAN MAKE A HUGE FILE! - Entries in the NT Event Log.
$s &= 'NTEVENTLOG|';               - NT eventlog file management.
$s &= 'ONBOARDDEVICE|';            - Management of common adapter devices built into the motherboard (system board).
$s &= 'OS|';                       - Installed Operating System/s management.
$s &= 'PAGEFILE|';                 - Virtual memory file swapping management.
$s &= 'PARTITION|';                - Management of partitioned areas of a physical disk.
$s &= 'PRINTER|';                  - Printer device management.
$s &= 'PROCESS|';                  - Process management.
$s &= 'PRODUCT|';                  - Installation package task management.
$s &= 'QFE|';                      - Quick Fix Engineering.
$s &= 'RECOVEROS|';                - Information that will be gathered from memory when the operating system fails.
$s &= 'REGISTRY|';                 - Computer system registry management.
$s &= 'SCSICONTROLLER|';           - SCSI Controller management.
;$s &= 'SERVICE|';                  - Service application management.
$s &= 'SOFTWAREELEMENT|';          - Management of the  elements of a software product installed on a system.
$s &= 'SOFTWAREFEATURE|';          - Management of software product subsets of SoftwareElement.
$s &= 'SOUNDDEV|';                 - Sound Device management.
$s &= 'STARTUP|';                  - Management of commands that run automatically when users log onto the computer system.
$s &= 'SYSACCOUNT|';               - System account management.
;$s &= 'SYSDRIVER|';                - Management of the system driver for a base service.
$s &= 'SYSTEMENCLOSURE|';          - Physical system enclosure management.
$s &= 'TEMPERATURE|';              - Data management of a temperature sensor (electronic thermometer).
$s &= 'TIMEZONE';                  - Time zone data management.
;
Local $ar = StringSplit($s, '|')
Local $as, $dt, $pd, $so, $st, $hf = FileOpen(@ScriptDir & '\SystemDump.htm', 1)
Local $ui = GUICreate('WMI Console SystemDump', 300, 100, -1, -1, 0x00C00000)
GUICtrlCreateLabel('Collecting Information...', 20, 20, 260, 20, 1)
Local $pb = GUICtrlCreateProgress(20, 50, 260, 20, 1)
GUISetState(@SW_DISABLE, $ui)
GUISetState(@SW_SHOW, $ui)
;
For $i = 1 To $ar[0]
    GUICtrlSetData($pb, ($i / $ar[0]) * 100)
    ; FileWriteLine($hf, @CRLF & '[' & $ar[$i] & ']' & @CRLF); <-- For: /FORMAT:LIST
    $pd = Run('WMIC ' & $ar[$i] & ' LIST FULL /FORMAT:HTABLE', '', @SW_HIDE, 2)
    ;                              (LIST FULL, LIST BRIEF), (/FORMAT:HTABLE, /FORMAT:LIST, /FORMAT:CSV)
    If Not $pd Then Exit
    ;
    While 1
        $so &= StdoutRead($pd, 0, 0)
        If @error Then ExitLoop
        Sleep(10)
    WEnd
    $so = StringStripWS($so, 3)
    If StringInStr($so, @LF) Then
        $as = StringSplit($so, @LF, 1)
        For $j = 1 To $as[0]
            $st = StringStripWS($as[$j], 3)
            If $st Then
                $dt = StringRegExp($st, '\.(.*?)-', 3)
                If IsArray($dt) And StringLen($dt[0]) = 6 Then
                    $dt = StringTrimLeft(StringLeft($st, StringInStr($st, '.' & $dt[0] & '-', 0, 1) + 10), 4)
                    $st = StringReplace($st, $dt, WMI_DTC($dt))
                EndIf
                If StringInStr($st, 'Instances of') Then
                    $st = '<H3>' & StringTrimLeft($st, StringInStr($st, 'Instances', 0, 1) + 12)
                    $as[$j + 3] = StringReplace($as[$j + 3], 'Node', $st)
                    $st = '<br>'
                EndIf
                $st = StringReplace($st, '<span style="height:1px;overflow-y:hidden">.</span>', '<font color="#FFFFFF">.</font>')
                FileWriteLine($hf, $st)
            EndIf
        Next
    EndIf
    $so = ''
Next
GUIDelete($ui)
FileClose($hf)
MsgBox(8256, 'Finished', @ScriptDir & '\SystemDump.htm')
Exit
;
Func WMI_DTC($x)
    If Not StringIsDigit(StringLeft($x, 14)) Then Return 'Unknown Date'
    Local $a = StringRegExp($x, '(\d{2})', 3)
    Return ($a[2] & '/' & $a[3] & '/' & $a[0] & $a[1] & ' ' & $a[4] & ':' & $a[5] & ':' & $a[6])
EndFunc

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

#15 ·  Posted (edited)

-Edit-

Update v1.20

Edited by ripdad

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

#16 ·  Posted (edited)

Hello,

thanks for this very useful software. Very interesting and a very nice job.

I have some questions :

  • Could you please send me the version 1.06?
  • Why you don't replace SysInfoLog v1.xx in all of your script by a Global var?

In the viewer I need to replace a string how can I do that?

Example, in the log I have this :

10=DigitalKey:|6A982F8ECC80

In the viewer I want to decode the string and replace the screened info (not modify the log) by:

SoftKey: 123-456-789

Edit : insert in the Switch $idText (after line 134) Edited by ricky03

Share this post


Link to post
Share on other sites

ricky03,

Thanks for the comments.

1) Unfortunately, v1.06 is water under the bridge on my PC. Someone on the forums may still have a copy of it.

The only thing missing from v1.06 is the HotKey "space", which was causing too much trouble for me globally.

2) I think I did that in v1.20 -- previous scripts were "diamonds in the rough" -- sorry about that.

Have a nice day.


"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

#18 ·  Posted (edited)

Hello,

thanks for your reply.

2) I think I did that in v1.20 -- previous scripts were "diamonds in the rough" -- sorry about that.

Yes in the Viewer, but not in the SysInfoLog.

With the right click I want to export all the section (example : System Information or Common Startups). How can I take all the listview to an Array?

Edited by ricky03

Share this post


Link to post
Share on other sites

#19 ·  Posted (edited)

It's fairly easy to get any section from the log array.

It's just a matter of setting up the menu and event and then write the function for it.

Example in the script:

Func MyFunctionName()
    Local $aItems = SysInfoLog_ReadSection($aSIL, 'System Information')
    _ArrayDisplay($aItems, 'System Information')
EndFunc

With the example above, you would need to insert #include <array.au3> at top of script.

Edited by ripdad

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

#20 ·  Posted (edited)

Thanks for your Help.

I create a function like this :

Func _Copy2File()

    Local $ColumnHeader, $iItems, $FileName, $TitleFile, $Zf, $data
    Local $aValues[1][6]

    For $i = 1 To 5
        $ColumnHeader = _GUICtrlListView_GetColumn($hLv, $i - 1)
        If StringRight($ColumnHeader[5], 1) = " " Then $ColumnHeader[5] = StringTrimRight($ColumnHeader[5], 1)
        $aValues[0][$i] = $ColumnHeader[5]
    Next

    $FileName = "Export_" & $aValues[0][1] & ".html"
    If FileExists($FileName) Then FileDelete($FileName)

    $TitleFile = "Export_" & $aValues[0][1]

    $iItems = _GUICtrlListView_GetItemCount($hLv)
    For $iItem = 0 To $iItems - 1
        $Zf = _GUICtrlListView_GetItemTextString($hLv, $iItem)

        $Zf = StringSplit($Zf, "|", 1)
        _ArrayAdd2D($aValues, $Zf, 0)
        $aValues[0][0] = $iItem
    Next
    _Array2DToHtml($aValues, $FileName, $TitleFile, 1)

    $data = "Export finished"

    If @error Then $data &= " with an error"

    MsgBox(64, $Title & " - Export", $data & ".", 5)

EndFunc   ;==>_Copy2File

Thanks for your help

Edited by ricky03

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0