system-diagnostics
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseWindows System Diagnostics
Windows系统诊断
Comprehensive Windows 11 system diagnostics using PowerShell. This skill helps diagnose crashes, freezes, unexpected reboots, disk problems, memory issues, hardware errors, and performance bottlenecks.
使用PowerShell进行全面的Windows 11系统诊断。该技能可帮助诊断崩溃、冻结、意外重启、磁盘问题、内存问题、硬件错误和性能瓶颈。
Table of Contents
目录
- Quick Start - Immediate diagnostic commands
- Platform Requirements - Windows 11, PowerShell 7+
- Diagnostic Categories - What this skill covers
- Quick Health Check - Fast system overview
- Reference Loading - Progressive disclosure
- Safety Model - Read-only vs suggested repairs
- Common Issues - Troubleshooting patterns
Overview
概述
This skill provides read-only diagnostic capabilities to gather system health information. It does NOT execute repair commands - those are provided as suggestions for the user to run manually.
Capabilities:
- Event log analysis (crashes, errors, warnings)
- Disk health monitoring (SMART data, filesystem errors)
- Memory diagnostics (usage, leaks, hardware issues)
- Hardware error detection (device failures, drivers, WHEA)
- Performance analysis (CPU, memory, disk bottlenecks)
- System stability metrics (uptime, restart reasons)
本技能提供只读诊断功能,用于收集系统健康信息。不会执行修复命令——仅会提供建议,由用户手动运行。
功能:
- 事件日志分析(崩溃、错误、警告)
- 磁盘健康监控(SMART数据、文件系统错误)
- 内存诊断(使用率、泄漏、硬件问题)
- 硬件错误检测(设备故障、驱动程序、WHEA)
- 性能分析(CPU、内存、磁盘瓶颈)
- 系统稳定性指标(运行时间、重启原因)
When to Use This Skill
适用场景
Use this skill when:
- Computer is crashing, freezing, or rebooting unexpectedly
- Blue Screen of Death (BSOD) errors occur
- Disk health concerns (slow performance, errors)
- Memory issues suspected (high usage, crashes under load)
- Hardware errors or driver problems
- Need to analyze Windows Event Viewer logs
- System performance degradation
- Investigating application crashes
在以下场景中使用本技能:
- 计算机出现崩溃、冻结或意外重启
- 发生蓝屏死机(BSOD)错误
- 存在磁盘健康隐患(性能缓慢、错误)
- 怀疑存在内存问题(高使用率、负载下崩溃)
- 硬件错误或驱动程序问题
- 需要分析Windows事件查看器日志
- 系统性能下降
- 调查应用程序崩溃
Platform Requirements
平台要求
Required:
- Windows 11 (this skill is optimized for Windows 11 Pro)
- PowerShell 7+ () for best compatibility
pwsh
Verify PowerShell version:
powershell
$PSVersionTable.PSVersionNote: Most commands also work with Windows PowerShell 5.1, but PowerShell 7+ is recommended for consistent behavior.
必需条件:
- Windows 11(本技能针对Windows 11 Pro优化)
- PowerShell 7+()以获得最佳兼容性
pwsh
验证PowerShell版本:
powershell
$PSVersionTable.PSVersion注意: 大多数命令也可在Windows PowerShell 5.1中运行,但推荐使用PowerShell 7+以确保行为一致。
Quick Start
快速开始
Immediate System Health Check
即时系统健康检查
Run these commands to get a quick overview of system health:
powershell
undefined运行以下命令获取系统健康快速概览:
powershell
undefinedSystem info and uptime
系统信息和运行时间
Get-Uptime
Get-ComputerInfo | Select-Object OsName, OsVersion, OsBuildNumber, CsProcessors, CsTotalPhysicalMemory
Get-Uptime
Get-ComputerInfo | Select-Object OsName, OsVersion, OsBuildNumber, CsProcessors, CsTotalPhysicalMemory
Recent critical/error events (last 7 days)
近期严重/错误事件(过去7天)
Get-WinEvent -FilterHashtable @{LogName='System';Level=1,2;StartTime=(Get-Date).AddDays(-7)} -MaxEvents 20 |
Select-Object TimeCreated, Id, ProviderName, Message | Format-Table -Wrap
Get-WinEvent -FilterHashtable @{LogName='System';Level=1,2;StartTime=(Get-Date).AddDays(-7)} -MaxEvents 20 |
Select-Object TimeCreated, Id, ProviderName, Message | Format-Table -Wrap
Disk health
磁盘健康
Get-PhysicalDisk | Select-Object FriendlyName, MediaType, Size, HealthStatus, OperationalStatus
Get-PhysicalDisk | Select-Object FriendlyName, MediaType, Size, HealthStatus, OperationalStatus
Top memory consumers
内存占用Top10进程
Get-Process | Sort-Object WorkingSet64 -Descending |
Select-Object -First 10 ProcessName, Id, @{N='MB';E={[math]::Round($_.WorkingSet64/1MB,0)}}
Get-Process | Sort-Object WorkingSet64 -Descending |
Select-Object -First 10 ProcessName, Id, @{N='MB';E={[math]::Round($_.WorkingSet64/1MB,0)}}
Device errors
设备错误
Get-PnpDevice -PresentOnly | Where-Object { $_.Status -in 'Error','Degraded','Unknown' } |
Select-Object Class, FriendlyName, Status
undefinedGet-PnpDevice -PresentOnly | Where-Object { $_.Status -in 'Error','Degraded','Unknown' } |
Select-Object Class, FriendlyName, Status
undefinedDiagnostic Categories
诊断分类
| Category | Description | Reference |
|---|---|---|
| Event Logs | Windows Event Viewer analysis | event-logs.md |
| Disk Health | SMART data, filesystem, storage | disk-health.md |
| Memory | RAM usage, leaks, hardware | memory-diagnostics.md |
| Stability | Uptime, restarts, BSOD | system-stability.md |
| Hardware | Device errors, WHEA, drivers | hardware-errors.md |
| Performance | CPU, memory, disk bottlenecks | performance-analysis.md |
| Crashes | Minidumps, WER, BSOD analysis | crash-analysis.md |
| Elevation | Admin requirements, graceful degradation | admin-elevation.md |
| 分类 | 描述 | 参考文档 |
|---|---|---|
| 事件日志 | Windows事件查看器分析 | event-logs.md |
| 磁盘健康 | SMART数据、文件系统、存储 | disk-health.md |
| 内存 | RAM使用率、泄漏、硬件 | memory-diagnostics.md |
| 稳定性 | 运行时间、重启、BSOD | system-stability.md |
| 硬件 | 设备错误、WHEA、驱动程序 | hardware-errors.md |
| 性能 | CPU、内存、磁盘瓶颈 | performance-analysis.md |
| 崩溃分析 | 小型转储、WER、BSOD分析 | crash-analysis.md |
| 权限提升 | 管理员要求、优雅降级 | admin-elevation.md |
Quick Health Check
快速健康检查
System Information
系统信息
powershell
undefinedpowershell
undefinedBasic system info
基础系统信息
Get-ComputerInfo | Select-Object
CsName, CsDomain,
@{N='RAM_GB';E={[math]::Round($_.CsTotalPhysicalMemory/1GB,1)}}
OsName, OsVersion, OsBuildNumber, CsProcessors, CsNumberOfLogicalProcessors,Get-ComputerInfo | Select-Object
CsName, CsDomain,
@{N='RAM_GB';E={[math]::Round($_.CsTotalPhysicalMemory/1GB,1)}}
OsName, OsVersion, OsBuildNumber, CsProcessors, CsNumberOfLogicalProcessors,System uptime
系统运行时间
Get-Uptime
Get-Uptime -Since # Last boot time
undefinedGet-Uptime
Get-Uptime -Since # 上次启动时间
undefinedRecent System Errors
近期系统错误
powershell
undefinedpowershell
undefinedCritical and Error events from System log (last 7 days)
系统日志中的严重和错误事件(过去7天)
Get-WinEvent -FilterHashtable @{
LogName = 'System'
Level = 1,2 # 1=Critical, 2=Error
StartTime = (Get-Date).AddDays(-7)
} -MaxEvents 50 | Select-Object TimeCreated, Id, ProviderName, LevelDisplayName, Message
undefinedGet-WinEvent -FilterHashtable @{
LogName = 'System'
Level = 1,2 # 1=严重, 2=错误
StartTime = (Get-Date).AddDays(-7)
} -MaxEvents 50 | Select-Object TimeCreated, Id, ProviderName, LevelDisplayName, Message
undefinedDisk Quick Check
磁盘快速检查
powershell
undefinedpowershell
undefinedPhysical disk health
物理磁盘健康
Get-PhysicalDisk | Select-Object FriendlyName, MediaType, Size, HealthStatus, OperationalStatus
Get-PhysicalDisk | Select-Object FriendlyName, MediaType, Size, HealthStatus, OperationalStatus
SMART-like reliability data
类SMART可靠性数据
Get-PhysicalDisk | ForEach-Object {
$disk = $_
$counters = $_ | Get-StorageReliabilityCounter
[PSCustomObject]@{
Disk = $disk.FriendlyName
Health = $disk.HealthStatus
Temperature = $counters.Temperature
ReadErrors = $counters.ReadErrorsTotal
WriteErrors = $counters.WriteErrorsTotal
PowerOnHours = $counters.PowerOnHours
}
}
undefinedGet-PhysicalDisk | ForEach-Object {
$disk = $_
$counters = $_ | Get-StorageReliabilityCounter
[PSCustomObject]@{
Disk = $disk.FriendlyName
Health = $disk.HealthStatus
Temperature = $counters.Temperature
ReadErrors = $counters.ReadErrorsTotal
WriteErrors = $counters.WriteErrorsTotal
PowerOnHours = $counters.PowerOnHours
}
}
undefinedMemory Quick Check
内存快速检查
powershell
undefinedpowershell
undefinedSystem memory overview
系统内存概览
Get-CimInstance Win32_OperatingSystem | Select-Object `
@{N='Total_GB';E={[math]::Round($.TotalVisibleMemorySize/1MB,2)}},
@{N='Free_GB';E={[math]::Round($.FreePhysicalMemory/1MB,2)}},
@{N='Used_Pct';E={[math]::Round((1 - $.FreePhysicalMemory/$.TotalVisibleMemorySize)*100,1)}}
Get-CimInstance Win32_OperatingSystem | Select-Object `
@{N='Total_GB';E={[math]::Round($.TotalVisibleMemorySize/1MB,2)}},
@{N='Free_GB';E={[math]::Round($.FreePhysicalMemory/1MB,2)}},
@{N='Used_Pct';E={[math]::Round((1 - $.FreePhysicalMemory/$.TotalVisibleMemorySize)*100,1)}}
Top 10 memory-consuming processes
内存占用Top10进程
Get-Process | Sort-Object WorkingSet64 -Descending |
Select-Object -First 10 ProcessName, Id,
@{N='WS_MB';E={[math]::Round($.WorkingSet64/1MB,0)}},
@{N='PM_MB';E={[math]::Round($.PrivateMemorySize64/1MB,0)}}
undefinedGet-Process | Sort-Object WorkingSet64 -Descending |
Select-Object -First 10 ProcessName, Id,
@{N='WS_MB';E={[math]::Round($.WorkingSet64/1MB,0)}},
@{N='PM_MB';E={[math]::Round($.PrivateMemorySize64/1MB,0)}}
undefinedHardware Quick Check
硬件快速检查
powershell
undefinedpowershell
undefinedDevices with errors
存在错误的设备
Get-PnpDevice -PresentOnly | Where-Object { $_.Status -in 'Error','Degraded','Unknown' } |
Select-Object Class, FriendlyName, InstanceId, Status
Get-PnpDevice -PresentOnly | Where-Object { $_.Status -in 'Error','Degraded','Unknown' } |
Select-Object Class, FriendlyName, InstanceId, Status
WHEA hardware errors (last 30 days)
WHEA硬件错误(过去30天)
Get-WinEvent -FilterHashtable @{
LogName = 'System'
ProviderName = 'Microsoft-Windows-WHEA-Logger'
StartTime = (Get-Date).AddDays(-30)
} -MaxEvents 20 -ErrorAction SilentlyContinue | Select-Object TimeCreated, Id, Message
undefinedGet-WinEvent -FilterHashtable @{
LogName = 'System'
ProviderName = 'Microsoft-Windows-WHEA-Logger'
StartTime = (Get-Date).AddDays(-30)
} -MaxEvents 20 -ErrorAction SilentlyContinue | Select-Object TimeCreated, Id, Message
undefinedReference Loading Guide
参考文档加载指南
References are loaded on-demand based on the diagnostic category being investigated. This progressive disclosure keeps token usage efficient.
参考文档会根据正在调查的诊断分类按需加载。这种渐进式披露方式可有效控制令牌使用量。
Always Load (Core)
始终加载(核心内容)
The main SKILL.md provides quick commands for initial triage (~4k tokens).
主SKILL.md文件提供用于初步分类的快速命令(约4k令牌)。
Conditional Load
条件加载
Load specific references based on what you're investigating:
| Trigger | Reference to Load |
|---|---|
| Event logs, errors, warnings | event-logs.md |
| Disk, storage, SMART, chkdsk | disk-health.md |
| Memory, RAM, paging, leaks | memory-diagnostics.md |
| Uptime, restarts, reliability | system-stability.md |
| Hardware, drivers, WHEA, devices | hardware-errors.md |
| CPU, performance, bottlenecks | performance-analysis.md |
| BSOD, minidump, crashes, WER | crash-analysis.md |
| Admin, elevation, permissions | admin-elevation.md |
根据调查内容加载特定参考文档:
| 触发条件 | 需加载的参考文档 |
|---|---|
| 事件日志、错误、警告 | event-logs.md |
| 磁盘、存储、SMART、chkdsk | disk-health.md |
| 内存、RAM、分页、泄漏 | memory-diagnostics.md |
| 运行时间、重启、可靠性 | system-stability.md |
| 硬件、驱动程序、WHEA、设备 | hardware-errors.md |
| CPU、性能、瓶颈 | performance-analysis.md |
| BSOD、小型转储、崩溃、WER | crash-analysis.md |
| 管理员、权限提升、权限 | admin-elevation.md |
Token Estimates
令牌估算
- Quick health check: ~4k tokens (SKILL.md only)
- Single category deep dive: ~7k tokens (SKILL.md + 1 reference)
- Full diagnostic: ~25k tokens (SKILL.md + all references)
- 快速健康检查:约4k令牌(仅SKILL.md)
- 单分类深度分析:约7k令牌(SKILL.md + 1份参考文档)
- 完整诊断:约25k令牌(SKILL.md + 所有参考文档)
Safety Model
安全模型
This skill follows a read-only diagnostics model. All commands executed by the skill only gather information - they do not modify the system.
本技能遵循只读诊断模式。技能执行的所有命令仅用于收集信息——不会修改系统。
Read-Only (Skill Can Execute)
可执行的只读命令
These commands are safe to run:
| Category | Commands |
|---|---|
| Event Logs | |
| Disk Health | |
| Memory | |
| Devices | |
| Performance | |
| System Info | |
以下命令可安全运行:
| 分类 | 命令 |
|---|---|
| 事件日志 | |
| 磁盘健康 | |
| 内存 | |
| 设备 | |
| 性能 | |
| 系统信息 | |
Suggested Only (User Runs Manually)
仅建议(用户手动运行)
These repair/diagnostic commands modify the system or require reboot. The skill will provide instructions but NOT execute them:
| Command | Purpose | Notes |
|---|---|---|
| Disk repair | Requires reboot for system drive |
| System file repair | Requires admin |
| System image repair | Requires admin, internet |
| Memory diagnostic | Requires reboot |
| Quick disk repair | Requires admin |
| Driver reinstall | Fix driver issues | Manual process |
以下修复/诊断命令会修改系统或需要重启。技能仅会提供说明,但不会自动执行:
| 命令 | 用途 | 注意事项 |
|---|---|---|
| 磁盘修复 | 系统盘需要重启 |
| 系统文件修复 | 需要管理员权限 |
| 系统镜像修复 | 需要管理员权限和网络连接 |
| 内存诊断 | 需要重启 |
| 快速磁盘修复 | 需要管理员权限 |
| 驱动程序重装 | 修复驱动问题 | 手动操作流程 |
Elevation Notes
权限提升说明
Some read-only operations require administrator privileges:
- (Security log)
Get-WinEvent -LogName Security - (even read-only scan)
Repair-Volume -Scan - Some WMI queries
The skill will note when elevation is needed and provide graceful degradation for non-admin scenarios.
部分只读操作需要管理员权限:
- (安全日志)
Get-WinEvent -LogName Security - (即使是只读扫描)
Repair-Volume -Scan - 部分WMI查询
技能会注明何时需要权限提升,并针对非管理员场景提供优雅降级方案。
Common Diagnostic Scenarios
常见诊断场景
Scenario: Computer Keeps Crashing/Rebooting
场景:计算机持续崩溃/重启
- Check uptime and recent restart events
- Look for Kernel-Power Event ID 41 (unexpected shutdown)
- Check for BSOD minidumps
- Review hardware errors (WHEA)
- Check disk and memory health
Key commands:
powershell
undefined- 检查运行时间和近期重启事件
- 查找Kernel-Power事件ID 41(意外关机)
- 检查BSOD小型转储
- 查看硬件错误(WHEA)
- 检查磁盘和内存健康状况
关键命令:
powershell
undefinedRecent restart events
近期重启事件
Get-WinEvent -FilterHashtable @{LogName='System';Id=41,1074,6008} -MaxEvents 20
Get-WinEvent -FilterHashtable @{LogName='System';Id=41,1074,6008} -MaxEvents 20
BSOD events
BSOD事件
Get-WinEvent -FilterHashtable @{LogName='System';ProviderName='Microsoft-Windows-WER-SystemErrorReporting'} -MaxEvents 10
Get-WinEvent -FilterHashtable @{LogName='System';ProviderName='Microsoft-Windows-WER-SystemErrorReporting'} -MaxEvents 10
Check for minidumps
检查小型转储
Get-ChildItem C:\Windows\Minidump -ErrorAction SilentlyContinue
undefinedGet-ChildItem C:\Windows\Minidump -ErrorAction SilentlyContinue
undefinedScenario: Slow Performance
场景:性能缓慢
- Check CPU/memory/disk utilization
- Identify resource-hungry processes
- Check for disk health issues
- Look for hardware throttling
Key commands:
powershell
undefined- 检查CPU/内存/磁盘使用率
- 识别资源占用高的进程
- 检查磁盘健康问题
- 查看硬件节流情况
关键命令:
powershell
undefinedCurrent resource usage
当前资源使用率
Get-Counter -Counter '\Processor(_Total)% Processor Time','\Memory% Committed Bytes In Use','\PhysicalDisk(_Total)% Disk Time'
Get-Counter -Counter '\Processor(_Total)% Processor Time','\Memory% Committed Bytes In Use','\PhysicalDisk(_Total)% Disk Time'
Top CPU consumers
CPU占用Top10进程
Get-Process | Sort-Object CPU -Descending | Select-Object -First 10 ProcessName, CPU, @{N='MB';E={[math]::Round($_.WorkingSet64/1MB)}}
undefinedGet-Process | Sort-Object CPU -Descending | Select-Object -First 10 ProcessName, CPU, @{N='MB';E={[math]::Round($_.WorkingSet64/1MB)}}
undefinedScenario: Disk Errors Suspected
场景:怀疑存在磁盘错误
- Check physical disk health status
- Review SMART reliability counters
- Look for disk-related events
- Check filesystem dirty bit
Key commands:
powershell
undefined- 检查物理磁盘健康状态
- 查看SMART可靠性计数器
- 查找磁盘相关事件
- 检查文件系统脏位
关键命令:
powershell
undefinedDisk health
磁盘健康
Get-PhysicalDisk | Select-Object FriendlyName, HealthStatus, OperationalStatus
Get-PhysicalDisk | Select-Object FriendlyName, HealthStatus, OperationalStatus
Reliability counters
可靠性计数器
Get-PhysicalDisk | Get-StorageReliabilityCounter | Select-Object DeviceId, Temperature, ReadErrorsTotal, WriteErrorsTotal
Get-PhysicalDisk | Get-StorageReliabilityCounter | Select-Object DeviceId, Temperature, ReadErrorsTotal, WriteErrorsTotal
Recent disk events
近期磁盘事件
Get-WinEvent -FilterHashtable @{LogName='System';ProviderName='disk','ntfs'} -MaxEvents 20
undefinedGet-WinEvent -FilterHashtable @{LogName='System';ProviderName='disk','ntfs'} -MaxEvents 20
undefinedScenario: Memory Issues
场景:内存问题
- Check current memory usage
- Identify memory-hungry processes
- Look for memory-related events
- Check for previous memory diagnostic results
Key commands:
powershell
undefined- 检查当前内存使用率
- 识别内存占用高的进程
- 查找内存相关事件
- 查看之前的内存诊断结果
关键命令:
powershell
undefinedMemory usage
内存使用率
Get-CimInstance Win32_OperatingSystem | Select-Object @{N='Used%';E={[math]::Round((1-$.FreePhysicalMemory/$.TotalVisibleMemorySize)*100,1)}}
Get-CimInstance Win32_OperatingSystem | Select-Object @{N='Used%';E={[math]::Round((1-$.FreePhysicalMemory/$.TotalVisibleMemorySize)*100,1)}}
Top memory processes
内存占用Top10进程
Get-Process | Sort-Object WorkingSet64 -Descending | Select-Object -First 10 ProcessName, @{N='MB';E={[math]::Round($_.WorkingSet64/1MB)}}
Get-Process | Sort-Object WorkingSet64 -Descending | Select-Object -First 10 ProcessName, @{N='MB';E={[math]::Round($_.WorkingSet64/1MB)}}
Memory diagnostic results
内存诊断结果
Get-WinEvent -FilterHashtable @{LogName='System';ProviderName='Microsoft-Windows-MemoryDiagnostics-Results'} -ErrorAction SilentlyContinue
undefinedGet-WinEvent -FilterHashtable @{LogName='System';ProviderName='Microsoft-Windows-MemoryDiagnostics-Results'} -ErrorAction SilentlyContinue
undefinedAnti-Patterns
反模式
Do NOT:
- Execute repair commands (chkdsk /f, sfc /scannow, etc.) - only suggest them
- Run commands that require reboot (mdsched.exe) without explicit user consent
- Assume admin privileges are available
- Ignore elevation errors - report them and suggest running as admin
- Make hardware recommendations without diagnostic evidence
Do:
- Start with quick health checks before deep dives
- Load references progressively based on investigation needs
- Report findings with severity (Critical, Warning, Info)
- Provide actionable next steps for the user
- Explain what each suggested repair command does
禁止:
- 执行修复命令(如chkdsk /f、sfc /scannow等)——仅提供建议
- 在未获得用户明确同意的情况下运行需要重启的命令(如mdsched.exe)
- 假设管理员权限可用
- 忽略权限提升错误——需报告并建议以管理员身份运行
- 在无诊断证据的情况下给出硬件建议
推荐:
- 在深度分析前先进行快速健康检查
- 根据调查需求逐步加载参考文档
- 按严重程度(严重、警告、信息)报告发现
- 为用户提供可操作的下一步建议
- 解释每个建议修复命令的作用
Version History
版本历史
- v1.0.0 (2025-12-03): Initial release with Windows 11 diagnostics
- v1.0.0(2025-12-03):初始版本,支持Windows 11诊断
Last Updated
最后更新
Date: 2025-12-03
Model: claude-opus-4-5-20251101
日期: 2025-12-03
模型: claude-opus-4-5-20251101