# ==============================================================================
# GET-EVENT-7026.PS1 - EXTRACTION COMPLETE EVENEMENT 7026
# ==============================================================================
# Extrait le message COMPLET de l'erreur 7026 (pilotes non charges)
# ==============================================================================

#Requires -Version 5.1
#Requires -RunAsAdministrator

Clear-Host
Write-Host "="*80 -ForegroundColor Cyan
Write-Host "  EXTRACTION EVENEMENT 7026 - PILOTES NON CHARGES" -ForegroundColor White
Write-Host "="*80 -ForegroundColor Cyan
Write-Host ""

try {
    $events = Get-WinEvent -FilterHashtable @{
        LogName = 'System'
        ID = 7026
        StartTime = (Get-Date).AddDays(-7)
    } -ErrorAction Stop
    
    Write-Host "Nombre d'evenements 7026 dans les 7 derniers jours: $($events.Count)" -ForegroundColor Yellow
    Write-Host ""
    
    foreach ($event in $events | Select-Object -First 3) {
        Write-Host "="*80 -ForegroundColor Cyan
        Write-Host "Date: $($event.TimeCreated)" -ForegroundColor White
        Write-Host "="*80 -ForegroundColor Cyan
        Write-Host ""
        Write-Host "MESSAGE COMPLET:" -ForegroundColor Yellow
        Write-Host $event.Message -ForegroundColor White
        Write-Host ""
        
        # Extraire la liste des pilotes
        if ($event.Message -match "suivants n'ont pas pu se charger\s*:\s*(.+)") {
            $drivers = $matches[1] -split "`n" | Where-Object { $_.Trim() -ne "" }
            Write-Host "PILOTES DETECTES:" -ForegroundColor Red
            foreach ($driver in $drivers) {
                Write-Host "  - $($driver.Trim())" -ForegroundColor Yellow
            }
        }
        Write-Host ""
    }
    
    # Chercher specifiquement les services en erreur
    Write-Host "="*80 -ForegroundColor Cyan
    Write-Host "VERIFICATION SERVICES DANS LE REGISTRE" -ForegroundColor Cyan
    Write-Host "="*80 -ForegroundColor Cyan
    Write-Host ""
    
    $servicesToCheck = @("SvThANSP", "dam")
    
    foreach ($svcName in $servicesToCheck) {
        $svcPath = "HKLM:\SYSTEM\CurrentControlSet\Services\$svcName"
        if (Test-Path $svcPath) {
            Write-Host "[TROUVE] Service: $svcName" -ForegroundColor Red
            $props = Get-ItemProperty -Path $svcPath
            Write-Host "  DisplayName: $($props.DisplayName)" -ForegroundColor White
            Write-Host "  Type: $($props.Type)" -ForegroundColor White
            Write-Host "  Start: $($props.Start) $(switch($props.Start){0{'(Boot)'}1{'(System)'}2{'(Auto)'}3{'(Manual)'}4{'(Disabled)'}})" -ForegroundColor White
            Write-Host "  ErrorControl: $($props.ErrorControl)" -ForegroundColor White
            if ($props.ImagePath) {
                Write-Host "  ImagePath: $($props.ImagePath)" -ForegroundColor White
            }
            Write-Host ""
            
            Write-Host "  [ACTION] Pour supprimer ce service:" -ForegroundColor Cyan
            Write-Host "    sc.exe config $svcName start= disabled" -ForegroundColor Gray
            Write-Host "    sc.exe delete $svcName" -ForegroundColor Gray
            Write-Host ""
        } else {
            Write-Host "[OK] Service $svcName n'existe pas dans le registre" -ForegroundColor Green
        }
    }
    
} catch {
    Write-Host "[ERREUR] Impossible de lire les evenements: $($_.Exception.Message)" -ForegroundColor Red
}

Write-Host "`nAppuyez sur une touche pour fermer..."
$null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")