Contact Info

contact@activexperts.com +31 74 8507807

Crumbtrail

ActiveXperts.com » Administration » Powershell » Powershell 1.0 » Get-Process

Get-Process - Powershell 1.0 CmdLet

Microsoft Windows PowerShell is a command-line shell and scripting tool based on the Microsoft .NET Framework. It is designed for system administrators, engineers and developers to control and automate the administration of Windows and applications.

More than hundred command-line tools (so called "cmdlets") can be used to perform system administration tasks and Windows Management Instrumentation (WMI). These cmdlets are easy to use, with standard naming conventions and common parameters, and standard tools for piping, sorting, filtering, and formatting data and objects.

Get-Process

Description
Get a list of processes on a machine

Usage


Options
-name 
       Process name(s)
       Separate multiple process names with commas or use wildcard characters. 
       The -Name is optional.
        
   -inputObject 
       Accept a process object as input to Get-Process.  
       A variable, command or expression that returns the process object(s)
        
   -id 
       Process ID(s) (PID). Use commas to separate multiple PIDs.
       To find the PID of a process, type "get-process".

   CommonParameters:
       -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutVariable.

Example(s)
 List all the processes running on the local PC:

PS C:>get-process

List all available data about Winword and Explorer processes on this computer:

PS C:>get-process winword, explorer | format-list *

List the available properties of process objects:

PS C:>Get-Process | Get-Member

List the top 5 processes using the most CPU time:

PS C:>Get-Process | sort CPU | select -last 5

Get all processes that have a working set greater than 20 MB.:

PS C:>get-process | where-object {$_.WorkingSet -gt 20000000}

List processes grouped by priority.:

PS C:>$a = get-process
get-process -inputobject $a | format-table -view priority

List all processes beginning with "s", and see when each running program was last updated. (This can be a handy way of discovering malware) This is done by piping the pathname of each executable into DIR and sorting by the last write time:

PS C:>get-process s*|where {s$_.Path} | dir | sort LastWriteTime |
format-table fullname, name,@{label="LastWriteTime";Expr={$_.LastWriteTime}