Поделиться через


Using the Get-Process Cmdlet

Retrieving Process Information

The Get-Process cmdlet provides a quick and easy way to retrieve information about the processes running on your computer. To get a quick overview of all the processes currently running on your machine simply call Get-Process without any parameters:

Get-Process

By default, you’ll get back data similar to this:

Believe it or not, that’s all it takes. Only interested in the instances of Microsoft Word that are running on your computer? Then call Get-Process followed by the executable file name (without the file extension). In other words:

Get-Process winword

That results in output similar to this:

Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id ProcessName
-------  ------    -----      ----- -----   ------     -- -----------
    565      25    48760      77744   537   241.34   3116 WINWORD

Want to get back more than one process? Then just specify more than one executable name, separating the names with commas:

Get-Process winword,explorer

This time around your output will return information about both Word and Windows Explorer:

Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id ProcessName
-------  ------    -----      ----- -----   ------     -- -----------
    497      16    18524      28264    96     8.30   1080 explorer
    565      25    48760      77744   537   241.34   3116 WINWORD

Alternatively, you can use a wildcards to retrieve information about, say, all the running processes whose executable file name starts with the letter w:

Get-Process w*

With this command you get back pretty much what you’d expect to get back:

Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id ProcessName
-------  ------    -----      ----- -----   ------     -- -----------
     65       2     1628       1836    15     0.03   2024 wdfmgr
    557      65     8184       3824    57     1.06   1220 winlogon
    569      26    48748      77912   542   282.86   3116 WINWORD
    149       4     2024       5288    37     0.17    808 wmiprvse
     48       2      916       3404    29     0.06   2820 WZQKPICK

Although the functionality of the Get-Process cmdlet overlaps with the functionality of the WMI class Win32_Process, Get-Process can retrieve additional information not exposed through WMI, including properties such as company, file version, and product version. For example, this command pipes Get-Process through the Select-Object cmdlet, filtering out everything except the process name and the properties just mentioned:

Get-Process | Select-Object name,fileversion,productversion,company

Here’s the kind of information you can expect to get back:

Name                FileVersion         ProductVersion      Company
----                -----------         --------------      -------
alg                 5.1.2600.2180 (x... 5.1.2600.2180       Microsoft Corpor...
apdproxy            3.0.0.53237         3.0.0.53237         Adobe Systems In...
asghost             1.5.0.035           1.5                 Cognizance Corpo...
ati2evxx            6.14.10.4118        6.14.10.4118.02     ATI Technologies...

Note. Because of the length of some of these property values, you might want to pipe the output through the Format-List cmdlet.

So how do you know which process properties are available through Get-Process? Probably the easiest way to determine that is to simply call Get-Process and then pipe the returned information through the Get-Member cmdlet:

Get-Process | Get-Member

That will return a list of all of the cmdlet’s properties and methods.

Get-Process Aliases
  • gps

  • ps