# Read-only crash diagnostics for DESKTOP-BTR2AM3 (Stamback Septic)
$ErrorActionPreference = 'SilentlyContinue'
function H($t){ "`n===== $t =====" }

H "SYSTEM / BOOT"
$os = Get-CimInstance Win32_OperatingSystem
"Caption      : $($os.Caption) build $($os.BuildNumber)"
"InstallDate  : $($os.InstallDate)"
"LastBootUp   : $($os.LastBootUpTime)"
"Uptime       : {0:dd}d {0:hh}h {0:mm}m" -f ((Get-Date) - $os.LastBootUpTime)
$cs = Get-CimInstance Win32_ComputerSystem
"Model        : $($cs.Manufacturer) $($cs.Model)"
"TotalRAM GB  : {0:N1}" -f ($cs.TotalPhysicalMemory/1GB)

H "PHYSICAL MEMORY MODULES"
Get-CimInstance Win32_PhysicalMemory | Select-Object @{n='GB';e={$_.Capacity/1GB}}, Speed, Manufacturer, PartNumber, DeviceLocator | Format-Table -Auto | Out-String

H "UNEXPECTED SHUTDOWNS / KERNEL-POWER (last 14d, ID 41/6008/1074)"
Get-WinEvent -FilterHashtable @{LogName='System'; Id=41,6008,1074; StartTime=(Get-Date).AddDays(-14)} -MaxEvents 30 |
  Select-Object TimeCreated, Id, ProviderName, @{n='Msg';e={($_.Message -split "`n")[0]}} | Format-Table -Auto | Out-String

H "BUGCHECK / BSOD EVENTS (last 30d, ID 1001/1018)"
Get-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-WER-SystemErrorReporting'; StartTime=(Get-Date).AddDays(-30)} -MaxEvents 20 |
  Select-Object TimeCreated, Id, Message | Format-List | Out-String
Get-WinEvent -FilterHashtable @{LogName='Application'; ProviderName='Windows Error Reporting'; StartTime=(Get-Date).AddDays(-30)} -MaxEvents 15 |
  Where-Object { $_.Message -match 'BlueScreen|bugcheck|LiveKernel|0x' } |
  Select-Object TimeCreated, @{n='Msg';e={($_.Message -split "`n")[0..3] -join ' | '}} | Format-List | Out-String

H "WHEA HARDWARE ERRORS (last 30d)"
Get-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-WHEA-Logger'; StartTime=(Get-Date).AddDays(-30)} -MaxEvents 25 |
  Select-Object TimeCreated, Id, LevelDisplayName, @{n='Msg';e={($_.Message -split "`n")[0]}} | Format-Table -Auto | Out-String

H "CRASH DUMP FILES"
$md = "$env:SystemRoot\Minidump"
if (Test-Path $md) { Get-ChildItem $md -Filter *.dmp | Sort-Object LastWriteTime -Desc | Select-Object LastWriteTime, @{n='KB';e={[int]($_.Length/1KB)}}, Name | Format-Table -Auto | Out-String }
else { "No Minidump folder." }
$mem = "$env:SystemRoot\MEMORY.DMP"
if (Test-Path $mem) { $f = Get-Item $mem; "MEMORY.DMP   : $($f.LastWriteTime)  {0:N0} MB" -f ($f.Length/1MB) } else { "No MEMORY.DMP." }
"CrashControl :"
Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl' | Select-Object CrashDumpEnabled, AutoReboot, LogEvent | Format-List | Out-String

H "TOP SYSTEM-LOG ERRORS/CRITICAL (last 7d, grouped)"
Get-WinEvent -FilterHashtable @{LogName='System'; Level=1,2; StartTime=(Get-Date).AddDays(-7)} |
  Group-Object ProviderName, Id | Sort-Object Count -Desc | Select-Object -First 15 Count, Name | Format-Table -Auto | Out-String

H "TOP APPLICATION-LOG ERRORS/CRITICAL (last 7d, grouped)"
Get-WinEvent -FilterHashtable @{LogName='Application'; Level=1,2; StartTime=(Get-Date).AddDays(-7)} |
  Group-Object ProviderName, Id | Sort-Object Count -Desc | Select-Object -First 15 Count, Name | Format-Table -Auto | Out-String

H "DISK HEALTH (SMART / reliability counters)"
Get-PhysicalDisk | Select-Object DeviceId, FriendlyName, MediaType, @{n='SizeGB';e={[int]($_.Size/1GB)}}, HealthStatus, OperationalStatus | Format-Table -Auto | Out-String
Get-PhysicalDisk | Get-StorageReliabilityCounter | Select-Object DeviceId, Wear, ReadErrorsTotal, WriteErrorsTotal, Temperature, PowerOnHours | Format-Table -Auto | Out-String
Get-Volume | Where-Object DriveLetter | Select-Object DriveLetter, FileSystemLabel, HealthStatus, @{n='FreeGB';e={[int]($_.SizeRemaining/1GB)}}, @{n='SizeGB';e={[int]($_.Size/1GB)}} | Format-Table -Auto | Out-String

H "DISK ERROR EVENTS (last 14d, ID 7/11/51/52/98/153)"
Get-WinEvent -FilterHashtable @{LogName='System'; Id=7,11,51,52,98,153; StartTime=(Get-Date).AddDays(-14)} -MaxEvents 25 |
  Select-Object TimeCreated, Id, ProviderName, @{n='Msg';e={($_.Message -split "`n")[0]}} | Format-Table -Auto | Out-String

H "PROBLEM DEVICES"
Get-CimInstance Win32_PnPEntity | Where-Object { $_.ConfigManagerErrorCode -ne 0 } |
  Select-Object Name, ConfigManagerErrorCode, DeviceID | Format-Table -Auto | Out-String

H "RECENT WINDOWS UPDATES (last 10)"
Get-HotFix | Sort-Object InstalledOn -Desc | Select-Object -First 10 HotFixID, Description, InstalledOn | Format-Table -Auto | Out-String

H "PAGEFILE"
Get-CimInstance Win32_PageFileUsage | Select-Object Name, @{n='AllocMB';e={$_.AllocatedBaseSize}}, @{n='PeakMB';e={$_.PeakUsage}}, @{n='CurrentMB';e={$_.CurrentUsage}} | Format-Table -Auto | Out-String
Get-CimInstance Win32_ComputerSystem | Select-Object AutomaticManagedPagefile | Format-List | Out-String

H "BITLOCKER / BOOT"
manage-bde -status C: 2>&1 | Select-String 'Conversion|Protection|Lock' | Out-String
bcdedit /enum '{current}' 2>&1 | Select-String 'recoveryenabled|bootstatuspolicy|description' | Out-String

H "DONE"