Powershell Process Explorer

Get count of running processes on Powershell command line:

PS C:> @(Get-Process | ? { $_.ProcessName -eq “winlogon” }).Count

8
PS C:>

Get Detailed view of process explorer on Powershell command line:

PS C:> Get-WmiObject Win32_Process -Filter “Name like ‘%excel%'” | select-Object ProcessName, GetOwner, ProcessId, ParentProcessId, VirtualSize, CommandLine | Sort-Object $_.ProcessName -Descending | ft -auto

ProcessName GetOwner ProcessId ParentProcessId VirtualSize CommandLine
———– ——– ——— ————— ———– ———–
EXCEL.EXE                 7780            2972   205893632 “C:Program Files (x86)Microsoft OfficeOffice12EXCEL.EXE” /e

PS C:>

Exporting/Saving the results to Excel:

PS C:> Get-WmiObject Win32_Process | select-Object ProcessName, GetOwner, ProcessId, ParentProcessId, VirtualSize, CommandLine | Sort-Object $_.ProcessName -Descending | Export-Csv C:TempProcess-Log.csv
PS C:>

All Possible Counters that you can use via WMI in Powershell:

Name MemberType Definition
Handles AliasProperty Handles = Handlecount
ProcessName AliasProperty ProcessName = Name
VM AliasProperty VM = VirtualSize
WS AliasProperty WS = WorkingSetSize
AttachDebugger Method System.Management.ManagementBaseObject AttachDebugger()
GetOwner Method System.Management.ManagementBaseObject GetOwner()
GetOwnerSid Method System.Management.ManagementBaseObject GetOwnerSid()
SetPriority Method System.Management.ManagementBaseObject SetPriority(System.Int32 Priority)
Terminate Method System.Management.ManagementBaseObject Terminate(System.UInt32 Reason)
Caption Property System.String Caption {get;set;}
CommandLine Property System.String CommandLine {get;set;}
CreationClassName Property System.String CreationClassName {get;set;}
CreationDate Property System.String CreationDate {get;set;}
CSCreationClassName Property System.String CSCreationClassName {get;set;}
CSName Property System.String CSName {get;set;}
Description Property System.String Description {get;set;}
ExecutablePath Property System.String ExecutablePath {get;set;}
ExecutionState Property System.UInt16 ExecutionState {get;set;}
Handle Property System.String Handle {get;set;}
HandleCount Property System.UInt32 HandleCount {get;set;}
InstallDate Property System.String InstallDate {get;set;}
KernelModeTime Property System.UInt64 KernelModeTime {get;set;}
MaximumWorkingSetSize Property System.UInt32 MaximumWorkingSetSize {get;set;}
MinimumWorkingSetSize Property System.UInt32 MinimumWorkingSetSize {get;set;}
Name Property System.String Name {get;set;}
OSCreationClassName Property System.String OSCreationClassName {get;set;}
OSName Property System.String OSName {get;set;}
OtherOperationCount Property System.UInt64 OtherOperationCount {get;set;}
OtherTransferCount Property System.UInt64 OtherTransferCount {get;set;}
PageFaults Property System.UInt32 PageFaults {get;set;}
PageFileUsage Property System.UInt32 PageFileUsage {get;set;}
ParentProcessId Property System.UInt32 ParentProcessId {get;set;}
PeakPageFileUsage Property System.UInt32 PeakPageFileUsage {get;set;}
PeakVirtualSize Property System.UInt64 PeakVirtualSize {get;set;}
PeakWorkingSetSize Property System.UInt32 PeakWorkingSetSize {get;set;}
Priority Property System.UInt32 Priority {get;set;}
PrivatePageCount Property System.UInt64 PrivatePageCount {get;set;}
ProcessId Property System.UInt32 ProcessId {get;set;}
QuotaNonPagedPoolUsage Property System.UInt32 QuotaNonPagedPoolUsage {get;set;}
QuotaPagedPoolUsage Property System.UInt32 QuotaPagedPoolUsage {get;set;}
QuotaPeakNonPagedPoolUsage Property System.UInt32 QuotaPeakNonPagedPoolUsage {get;set;}
QuotaPeakPagedPoolUsage Property System.UInt32 QuotaPeakPagedPoolUsage {get;set;}
ReadOperationCount Property System.UInt64 ReadOperationCount {get;set;}
ReadTransferCount Property System.UInt64 ReadTransferCount {get;set;}
SessionId Property System.UInt32 SessionId {get;set;}
Status Property System.String Status {get;set;}
TerminationDate Property System.String TerminationDate {get;set;}
ThreadCount Property System.UInt32 ThreadCount {get;set;}
UserModeTime Property System.UInt64 UserModeTime {get;set;}
VirtualSize Property System.UInt64 VirtualSize {get;set;}
WindowsVersion Property System.String WindowsVersion {get;set;}
WorkingSetSize Property System.UInt64 WorkingSetSize {get;set;}
WriteOperationCount Property System.UInt64 WriteOperationCount {get;set;}
WriteTransferCount Property System.UInt64 WriteTransferCount {get;set;}
__CLASS Property System.String __CLASS {get;set;}
__DERIVATION Property System.String[] __DERIVATION {get;set;}
__DYNASTY Property System.String __DYNASTY {get;set;}
__GENUS Property System.Int32 __GENUS {get;set;}
__NAMESPACE Property System.String __NAMESPACE {get;set;}
__PATH Property System.String __PATH {get;set;}
__PROPERTY_COUNT Property System.Int32 __PROPERTY_COUNT {get;set;}
__RELPATH Property System.String __RELPATH {get;set;}
__SERVER Property System.String __SERVER {get;set;}
__SUPERCLASS Property System.String __SUPERCLASS {get;set;}
ConvertFromDateTime ScriptMethod System.Object ConvertFromDateTime();
ConvertToDateTime ScriptMethod System.Object ConvertToDateTime();
Path ScriptProperty System.Object Path {get=$this.ExecutablePath;}

0 thoughts on “Powershell Process Explorer

  1. When using Sort-Object, all you need to do is specify the property name. You don’t need to reference it via the object place holder $_.

    PS S:> get-wmiobject win32_process | select processname,processID,commandline | sort processname

    I also see you trying to select GetOwner. That is a method. But you can use it with a hash table in Select-Object.

    get-wmiobject win32_process | select processname,processID,commandline,@{Name=”owner”;Expression={($_.GetOwner()).User}} | sort Owner

    Finally, if you know you intend to open the CSV file in Excel, use the -noteypeinformation parameter with Export-CSV. This will suppress the comment header which is used by PowerShell.

Leave a Reply

Your email address will not be published. Required fields are marked *