-
Notifications
You must be signed in to change notification settings - Fork 1
/
Get-Process.help.txt
396 lines (251 loc) · 34.8 KB
/
Get-Process.help.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
NAME
Get-Process
SYNOPSIS
Gets the processes that are running on the local computer or a remote computer.
SYNTAX
Get-Process [[-Name] <String[]>] [-ComputerName <String[]>] [-FileVersionInfo] [-Module]
[<CommonParameters>]
Get-Process [-ComputerName <String[]>] [-FileVersionInfo] [-Module] -InputObject <Process[]>
[<CommonParameters>]
Get-Process [-ComputerName <String[]>] [-FileVersionInfo] [-Module] -Id <Int32[]>
[<CommonParameters>]
Get-Process -Id <Int32[]> -IncludeUserName [<CommonParameters>]
Get-Process -IncludeUserName -InputObject <Process[]> [<CommonParameters>]
Get-Process [[-Name] <String[]>] -IncludeUserName [<CommonParameters>]
DESCRIPTION
The Get-Process cmdlet gets the processes on a local or remote computer.
Without parameters, Get-Process gets all of the processes on the local computer. You can also
specify a particular process by process name or process ID (PID) or pass a process object through
the pipeline to Get-Process.
By default, Get-Process returns a process object that has detailed information about the process
and supports methods that let you start and stop the process. You can also use the parameters of
Get-Process to get file version information for the program that runs in the process and to get the
modules that the process loaded.
PARAMETERS
-ComputerName <String[]>
Gets the processes running on the specified computers. The default is the local computer.
Type the NetBIOS name, an IP address, or a fully qualified domain name of one or more
computers. To specify the local computer, type the computer name, a dot (.), or "localhost".
This parameter does not rely on Windows PowerShell remoting. You can use the ComputerName
parameter of Get-Process even if your computer is not configured to run remote commands.
Required? false
Position? named
Default value Local computer
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-FileVersionInfo [<SwitchParameter>]
Gets the file version information for the program that runs in the process.
On Windows Vista and later versions of Windows, you must open Windows PowerShell with the "Run
as administrator" option to use this parameter on processes that you do not own.
You cannot use the FileVersionInfo and ComputerName parameters of the Get-Process cmdlet in the
same command. To get file version information for a process on a remote computer, use the
Invoke-Command cmdlet.
Using this parameter is equivalent to getting the MainModule.FileVersionInfo property of each
process object. When you use this parameter, Get-Process returns a FileVersionInfo object
(System.Diagnostics.FileVersionInfo), not a process object. So, you cannot pipe the output of
the command to a cmdlet that expects a process object, such as Stop-Process.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Id <Int32[]>
Specifies one or more processes by process ID (PID). To specify multiple IDs, use commas to
separate the IDs. To find the PID of a process, type "get-process".
Required? true
Position? named
Default value
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-IncludeUserName [<SwitchParameter>]
Specifies that the UserName value of the Process object is returned with results of the command.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-InputObject <Process[]>
Specifies one or more process objects. Enter a variable that contains the objects, or type a
command or expression that gets the objects.
Required? true
Position? named
Default value
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
-Module [<SwitchParameter>]
Gets the modules that have been loaded by the processes.
On Windows Vista and later versions of Windows, you must open Windows PowerShell with the "Run
as administrator" option to use this parameter on processes that you do not own.
You cannot use the Module and ComputerName parameters of the Get-Process cmdlet in the same
command. To get the modules that have been loaded by a process on a remote computer, use the
Invoke-Command cmdlet.
This parameter is equivalent to getting the Modules property of each process object. When you
use this parameter, Get-Process returns a ProcessModule object
(System.Diagnostics.ProcessModule), not a process object. So, you cannot pipe the output of the
command to a cmdlet that expects a process object, such as Stop-Process.
When you use both the Module and FileVersionInfo parameters in the same command, Get-Process
returns a FileVersionInfo object with information about the file version of all modules.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Name <String[]>
Specifies one or more processes by process name. You can type multiple process names (separated
by commas) and use wildcard characters. The parameter name ("Name") is optional.
Required? false
Position? 1
Default value
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? true
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.Diagnostics.Process
You can pipe a process object to Get-Process.
OUTPUTS
System.Diagnostics.Process, System.Diagnotics.FileVersionInfo, System.Diagnostics.ProcessModule
By default, Get-Process returns a System.Diagnostics.Process object. If you use the
FileVersionInfo parameter, it returns a System.Diagnotics.FileVersionInfo object. If you use
the Module parameter (without the FileVersionInfo parameter), it returns a
System.Diagnostics.ProcessModule object.
NOTES
You can also refer to Get-Process by its built-in aliases, "ps" and "gps". For more
information, see about_Aliases.
On computers that are running a 64-bit version of Windows, the 64-bit version of Windows
PowerShell gets only 64-bit process modules and the 32-bit version of Windows PowerShell gets
only 32-bit process modules.
You can use the properties and methods of the WMI Win32_Process object in Windows PowerShell.
For information, see T:Microsoft.PowerShell.Commands.Get-WmiObject and the Windows Management
Instrumentation (WMI) SDK.
The default display of a process is a table that includes the following columns. For a
description of all of the properties of process objects, see "Process Properties" on MSDN at
http://go.microsoft.com/fwlink/?LinkId=204482.
-- Handles: The number of handles that the process has opened.
-- NPM(K): The amount of non-paged memory that the process is using, in kilobytes.
-- PM(K): The amount of pageable memory that the process is using, in kilobytes.
-- WS(K): The size of the working set of the process, in kilobytes. The working set consists of
the pages of memory that were recently referenced by the process.
-- VM(M): The amount of virtual memory that the process is using, in megabytes. Virtual memory
includes storage in the paging files on disk.
-- CPU(s): The amount of processor time that the process has used on all processors, in seconds.
-- ID: The process ID (PID) of the process.
-- ProcessName: The name of the process.
For explanations of the concepts related to processes, see the Glossary in Help and Support
Center and the Help for Task Manager.
You can also use the built-in alternate views of the processes available with Format-Table,
such as "StartTime" and "Priority", and you can design your own views. For more information,
see T:Microsoft.PowerShell.Commands.Format-Table.
-------------------------- EXAMPLE 1 --------------------------
PS C:\>Get-Process
This command gets a list of all of the running processes running on the local computer. For a
definition of each column, see the "Additional Notes" section of the Help topic for Get-Help.
-------------------------- EXAMPLE 2 --------------------------
PS C:\>Get-Process winword, explorer | format-list *
This command gets all available data about the Winword and Explorer processes on the computer. It
uses the Name parameter to specify the processes, but it omits the optional parameter name. The
pipeline operator (|) passes the data to the Format-List cmdlet, which displays all available
properties (*) of the Winword and Explorer process objects.
You can also identify the processes by their process IDs. For example, "get-process -id 664, 2060".
-------------------------- EXAMPLE 3 --------------------------
PS C:\>get-process | where-object {$_.WorkingSet -gt 20000000}
This command gets all processes that have a working set greater than 20 MB. It uses the Get-Process
cmdlet to get all running processes. The pipeline operator (|) passes the process objects to the
Where-Object cmdlet, which selects only the object with a value greater than 20,000,000 bytes for
the WorkingSet property.
WorkingSet is one of many properties of process objects. To see all of the properties, type
"Get-Process | Get-Member". By default, the values of all amount properties are in bytes, even
though the default display lists them in kilobytes and megabytes.
-------------------------- EXAMPLE 4 --------------------------
PS C:\>$a = get-processPS C:\>get-process -inputobject $a | format-table -view priority
These commands list the processes on the computer in groups based on their priority class. The
first command gets all the processes on the computer and then stores them in the $a variable.
The second command uses the InputObject parameter to pass the process objects that are stored in
the $a variable to the Get-Process cmdlet. The pipeline operator passes the objects to the
Format-Table cmdlet, which formats the processes by using the Priority view. The Priority view, and
other views, are defined in the PS1XML format files in the Windows PowerShell home directory
($pshome).
-------------------------- EXAMPLE 5 --------------------------
PS C:\>get-process powershell -computername S1, localhost | ft
@{Label="NPM(K)";Expression={[int]($_.NPM/1024)}}, @{Label="PM(K)";Expression={[int]($_.PM/1024)}},@
{Label="WS(K)";Expression={[int]($_.WS/1024)}},@{Label="VM(M)";Expression={[int]($_.VM/1MB)}},
@{Label="CPU(s)";Expression={if ($_.CPU -ne $()) { $_.CPU.ToString("N")}}}, Id, MachineName,
ProcessName -auto
NPM(K) PM(K) WS(K) VM(M) CPU(s) Id MachineName ProcessName
------ ----- ----- ----- ------ -- ----------- -----------
6 23500 31340 142 1980 S1 powershell
6 23500 31348 142 4016 S1 powershell
27 54572 54520 576 4428 localhost powershell
This example provides a Format-Table (alias = ft) command that adds the MachineName property to the
standard Get-Process output display.
-------------------------- EXAMPLE 6 --------------------------
PS C:\>get-process powershell -fileversioninfo
ProductVersion FileVersion FileName
-------------- ----------- --------
6.1.6713.1 6.1.6713.1 (f... C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe
This command uses the FileVersionInfo parameter to get the version information for the
PowerShell.exe file that is the main module for the PowerShell process.
To run this command with processes that you do not own on Windows Vista and later versions of
Windows, you must open Windows PowerShell with the "Run as administrator" option.
-------------------------- EXAMPLE 7 --------------------------
PS C:\>get-process sql* -module
This command uses the Module parameter to get the modules that have been loaded by the process.
This command gets the modules for the processes that have names that begin with "sql".
To run this command on Windows Vista (and later versions of Windows) with processes that you do not
own, you must start Windows PowerShell with the "Run as administrator" option.
-------------------------- EXAMPLE 8 --------------------------
PS C:\>$p = get-wmiobject win32_process -filter "name='powershell.exe'"
PS C:\>$p.getowner()
__GENUS : 2
__CLASS : __PARAMETERS
__SUPERCLASS :
__DYNASTY : __PARAMETERS
__RELPATH :
__PROPERTY_COUNT : 3
__DERIVATION : {}
__SERVER :
__NAMESPACE :
__PATH :
Domain : DOMAIN01
ReturnValue : 0
User : user01
This command shows how to find the owner of a process. Because the System.Diagnostics.Process
object that Get-Process returns does not have a property or method that returns the process owner,
the command uses
the Get-WmiObject cmdlet to get a Win32_Process object that represents the same process.
The first command uses Get-WmiObject to get the PowerShell process. It saves it in the $p variable.
The second command uses the GetOwner method to get the owner of the process in $p. The command
reveals that the owner is Domain01\user01.
-------------------------- EXAMPLE 9 --------------------------
PS C:\>get-process powershell
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
308 26 52308 61780 567 3.18 5632 powershell
377 26 62676 63384 575 3.88 5888 powershellPS C:\>get-process -id $pid
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
396 26 56488 57236 575 3.90 5888 powershell
These commands show how to use the $pid automatic variable to identify the process that is hosting
the current Windows PowerShell session. You can use this method to distinguish the host process
from other Windows PowerShell processes that you might want to stop or close. The first command
gets all of the Windows PowerShell processes in the current session.
The second command gets the Windows PowerShell process that is hosting the current session.
-------------------------- EXAMPLE 10 --------------------------
PS C:\>get-process | where {$_.mainWindowTitle} | format-table id, name, mainwindowtitle -autosize
This command gets all the processes that have a main window title, and it displays them in a table
with the process ID and the process name.
The mainWindowTitle property is just one of many useful properties of the
System.Diagnostics.Process object that Get-Process returns. To view all of the properties, pipe the
results of a Get-Process command to the T:Microsoft.PowerShell.Commands.Get-Member cmdlet
(get-process | get-member).
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/p/?linkid=290498
Debug-Process
Get-Process
Start-Process
Stop-Process
Wait-Process