Get count of running processes on Powershell command line:
PS C:> @(Get-Process | ? { $_.ProcessName -eq “winlogon” }).Count
8
PS C:>
Get Detailed view of process explorer on Powershell command line:
PS C:> Get-WmiObject Win32_Process -Filter “Name like ‘%excel%'” | select-Object ProcessName, GetOwner, ProcessId, ParentProcessId, VirtualSize, CommandLine | Sort-Object $_.ProcessName -Descending | ft -auto
ProcessName GetOwner ProcessId ParentProcessId VirtualSize CommandLine
———– ——– ——— ————— ———– ———–
EXCEL.EXE 7780 2972 205893632 “C:Program Files (x86)Microsoft OfficeOffice12EXCEL.EXE” /e
PS C:>
Exporting/Saving the results to Excel:
PS C:> Get-WmiObject Win32_Process | select-Object ProcessName, GetOwner, ProcessId, ParentProcessId, VirtualSize, CommandLine | Sort-Object $_.ProcessName -Descending | Export-Csv C:TempProcess-Log.csv
PS C:>
All Possible Counters that you can use via WMI in Powershell:
| Name | MemberType | Definition |
| Handles | AliasProperty | Handles = Handlecount |
| ProcessName | AliasProperty | ProcessName = Name |
| VM | AliasProperty | VM = VirtualSize |
| WS | AliasProperty | WS = WorkingSetSize |
| AttachDebugger | Method | System.Management.ManagementBaseObject AttachDebugger() |
| GetOwner | Method | System.Management.ManagementBaseObject GetOwner() |
| GetOwnerSid | Method | System.Management.ManagementBaseObject GetOwnerSid() |
| SetPriority | Method | System.Management.ManagementBaseObject SetPriority(System.Int32 Priority) |
| Terminate | Method | System.Management.ManagementBaseObject Terminate(System.UInt32 Reason) |
| Caption | Property | System.String Caption {get;set;} |
| CommandLine | Property | System.String CommandLine {get;set;} |
| CreationClassName | Property | System.String CreationClassName {get;set;} |
| CreationDate | Property | System.String CreationDate {get;set;} |
| CSCreationClassName | Property | System.String CSCreationClassName {get;set;} |
| CSName | Property | System.String CSName {get;set;} |
| Description | Property | System.String Description {get;set;} |
| ExecutablePath | Property | System.String ExecutablePath {get;set;} |
| ExecutionState | Property | System.UInt16 ExecutionState {get;set;} |
| Handle | Property | System.String Handle {get;set;} |
| HandleCount | Property | System.UInt32 HandleCount {get;set;} |
| InstallDate | Property | System.String InstallDate {get;set;} |
| KernelModeTime | Property | System.UInt64 KernelModeTime {get;set;} |
| MaximumWorkingSetSize | Property | System.UInt32 MaximumWorkingSetSize {get;set;} |
| MinimumWorkingSetSize | Property | System.UInt32 MinimumWorkingSetSize {get;set;} |
| Name | Property | System.String Name {get;set;} |
| OSCreationClassName | Property | System.String OSCreationClassName {get;set;} |
| OSName | Property | System.String OSName {get;set;} |
| OtherOperationCount | Property | System.UInt64 OtherOperationCount {get;set;} |
| OtherTransferCount | Property | System.UInt64 OtherTransferCount {get;set;} |
| PageFaults | Property | System.UInt32 PageFaults {get;set;} |
| PageFileUsage | Property | System.UInt32 PageFileUsage {get;set;} |
| ParentProcessId | Property | System.UInt32 ParentProcessId {get;set;} |
| PeakPageFileUsage | Property | System.UInt32 PeakPageFileUsage {get;set;} |
| PeakVirtualSize | Property | System.UInt64 PeakVirtualSize {get;set;} |
| PeakWorkingSetSize | Property | System.UInt32 PeakWorkingSetSize {get;set;} |
| Priority | Property | System.UInt32 Priority {get;set;} |
| PrivatePageCount | Property | System.UInt64 PrivatePageCount {get;set;} |
| ProcessId | Property | System.UInt32 ProcessId {get;set;} |
| QuotaNonPagedPoolUsage | Property | System.UInt32 QuotaNonPagedPoolUsage {get;set;} |
| QuotaPagedPoolUsage | Property | System.UInt32 QuotaPagedPoolUsage {get;set;} |
| QuotaPeakNonPagedPoolUsage | Property | System.UInt32 QuotaPeakNonPagedPoolUsage {get;set;} |
| QuotaPeakPagedPoolUsage | Property | System.UInt32 QuotaPeakPagedPoolUsage {get;set;} |
| ReadOperationCount | Property | System.UInt64 ReadOperationCount {get;set;} |
| ReadTransferCount | Property | System.UInt64 ReadTransferCount {get;set;} |
| SessionId | Property | System.UInt32 SessionId {get;set;} |
| Status | Property | System.String Status {get;set;} |
| TerminationDate | Property | System.String TerminationDate {get;set;} |
| ThreadCount | Property | System.UInt32 ThreadCount {get;set;} |
| UserModeTime | Property | System.UInt64 UserModeTime {get;set;} |
| VirtualSize | Property | System.UInt64 VirtualSize {get;set;} |
| WindowsVersion | Property | System.String WindowsVersion {get;set;} |
| WorkingSetSize | Property | System.UInt64 WorkingSetSize {get;set;} |
| WriteOperationCount | Property | System.UInt64 WriteOperationCount {get;set;} |
| WriteTransferCount | Property | System.UInt64 WriteTransferCount {get;set;} |
| __CLASS | Property | System.String __CLASS {get;set;} |
| __DERIVATION | Property | System.String[] __DERIVATION {get;set;} |
| __DYNASTY | Property | System.String __DYNASTY {get;set;} |
| __GENUS | Property | System.Int32 __GENUS {get;set;} |
| __NAMESPACE | Property | System.String __NAMESPACE {get;set;} |
| __PATH | Property | System.String __PATH {get;set;} |
| __PROPERTY_COUNT | Property | System.Int32 __PROPERTY_COUNT {get;set;} |
| __RELPATH | Property | System.String __RELPATH {get;set;} |
| __SERVER | Property | System.String __SERVER {get;set;} |
| __SUPERCLASS | Property | System.String __SUPERCLASS {get;set;} |
| ConvertFromDateTime | ScriptMethod | System.Object ConvertFromDateTime(); |
| ConvertToDateTime | ScriptMethod | System.Object ConvertToDateTime(); |
| Path | ScriptProperty | System.Object Path {get=$this.ExecutablePath;} |
0 thoughts on “Powershell Process Explorer”
When using Sort-Object, all you need to do is specify the property name. You don’t need to reference it via the object place holder $_.
PS S:> get-wmiobject win32_process | select processname,processID,commandline | sort processname
I also see you trying to select GetOwner. That is a method. But you can use it with a hash table in Select-Object.
get-wmiobject win32_process | select processname,processID,commandline,@{Name=”owner”;Expression={($_.GetOwner()).User}} | sort Owner
Finally, if you know you intend to open the CSV file in Excel, use the -noteypeinformation parameter with Export-CSV. This will suppress the comment header which is used by PowerShell.
Thanks for the useful comments.
P.S. This article was a running notes of my trials. Will make it more right and tidy.