Windows - Process

Windows 95 Wallpaper Version

About

OS - Process (Main Thread) / Program in windows

Could be merged with Windows - Executable (Library/Program)

Management

Utilities/tools

The below section shows this two utilities:

PsTool

PsTools Suite

  • PsExec.exe
  • PsExec64.exe
  • psfile.exe
  • psfile64.exe
  • PsGetsid.exe
  • PsGetsid64.exe
  • PsInfo.exe
  • PsInfo64.exe
  • pskill.exe
  • pskill64.exe
  • pslist.exe
  • pslist64.exe
  • PsLoggedon.exe
  • PsLoggedon64.exe
  • psloglist.exe
  • pspasswd.exe
  • pspasswd64.exe
  • psping.exe
  • psping64.exe
  • PsService.exe
  • PsService64.exe
  • psshutdown.exe
  • pssuspend.exe
  • pssuspend64.exe

Process Explorer

Process Explorer

List

Get-Process

Get-Process

You can also custom which properties, you want to see. For a list of property, see get

Get-Process pwsh |
	ft @{Label = "NPM(K)"; Expression = {[int]($_.NPM / 1024)}},
	@{Label = "PM(K)"; Expression = {[int]($_.PM / 1024)}},
	@{Label = "WS(K)"; Expression = {[int]($_.WS / 1024)}},
	@{Label = "VM(M)"; Expression = {[int]($_.VM / 1MB)}},
	@{Label = "CPU(s)"; Expression = {if ($_.CPU) {$_.CPU.ToString("N")}}},
	Id, MachineName, ProcessName -Auto
# where ft is the alias of Format-Table

tasklist

tasklist command to list processes.

but cannot query the command line

Example:

  • List tasks running on hostname
tasklist /S hostname
REM ''/S'' stand forfor "system"
  • All Java process
tasklist /FI "IMAGENAME eq Java.exe"
Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
java.exe                     11656 Services                   0    111.536 K
java.exe                      9064 Console                    1     14.452 K
java.exe                     24060 Console                    1  1.891.704 K
java.exe                     15316 Console                    1    156.704 K

pslist

environment variable

  • With process explorer, you can list the environment variable. Example: environment variable of the Keepass process.

Process Explorer Environment

  • Powershell
(Get-Process chrome).StartInfo.EnvironmentVariables

Get

  • The format list shows all properties for a process
Get-Process  -id 9064 | Format-List *
Name                       : java
Id                         : 9064
PriorityClass              : Normal
FileVersion                : 8.0.1710.11
HandleCount                : 481
WorkingSet                 : 14237696
PagedMemorySize            : 459972608
PrivateMemorySize          : 459972608
VirtualMemorySize          : -1941905408
TotalProcessorTime         : 00:00:07.1406250
SI                         : 1
Handles                    : 481
VM                         : 2353061888
WS                         : 14237696
PM                         : 459972608
NPM                        : 27880
Path                       : C:\Java\jdk1.8.0_171\bin\java.exe
Company                    : Oracle Corporation
CPU                        : 7.140625
ProductVersion             : 8.0.1710.11
Description                : Java(TM) Platform SE binary
Product                    : Java(TM) Platform SE 8
__NounName                 : Process
BasePriority               : 8
ExitCode                   :
HasExited                  : False
ExitTime                   :
Handle                     : 3384
SafeHandle                 : Microsoft.Win32.SafeHandles.SafeProcessHandle
MachineName                : .
MainWindowHandle           : 0
MainWindowTitle            :
MainModule                 : System.Diagnostics.ProcessModule (java.exe)
MaxWorkingSet              : 1413120
MinWorkingSet              : 204800
Modules                    : {System.Diagnostics.ProcessModule (java.exe), System.Diagnostics.ProcessModule
                             (ntdll.dll), System.Diagnostics.ProcessModule (KERNEL32.DLL),
                             System.Diagnostics.ProcessModule (KERNELBASE.dll)...}
NonpagedSystemMemorySize   : 27880
NonpagedSystemMemorySize64 : 27880
PagedMemorySize64          : 459972608
PagedSystemMemorySize      : 226792
PagedSystemMemorySize64    : 226792
PeakPagedMemorySize        : 665038848
PeakPagedMemorySize64      : 665038848
PeakWorkingSet             : 168747008
PeakWorkingSet64           : 168747008
PeakVirtualMemorySize      : -1932460032
PeakVirtualMemorySize64    : 2362507264
PriorityBoostEnabled       : True
PrivateMemorySize64        : 459972608
PrivilegedProcessorTime    : 00:00:02.0156250
ProcessName                : java
ProcessorAffinity          : 255
Responding                 : True
SessionId                  : 1
StartInfo                  : System.Diagnostics.ProcessStartInfo
StartTime                  : 9/12/2018 8:54:37 PM
SynchronizingObject        :
Threads                    : {13340, 13724, 8496, 29176...}
UserProcessorTime          : 00:00:05.1250000
VirtualMemorySize64        : 2353061888
EnableRaisingEvents        : False
StandardInput              :
StandardOutput             :
StandardError              :
WorkingSet64               : 14237696
Site                       :
Container                  :

where:

Kill

the taskkill command to kill processes.

Monitor

View

with Performance - Perfmon (Performance monitor) - Windows

Perfmon Process Counter

Collect

Perfmon Counter Collector

  • with powershell, see Get-Counter
    • Get-counter - Gets real-time performance counter data from local and remote computers.
    • Import-counter - Imports performance counter log files and creates objects that represent each counter sample in the log.
    • Export-counter - Exports PerformanceCounterSampleSet objects as performance counter log (.blg, .csv, .tsv) files.
# displays processor Time until you press CTRL+C
Get-counter -Counter "\Processor(_Total)\% Processor Time" -SampleInterval 2 -MaxSamples 100 | %{$_.CounterSamples}
# export to file (every 2 seconds until it has max 100 values)
Get-counter "\Processor(*)\% Processor Time" -SampleInterval 2 -MaxSamples 100 | Export-counter -Path $home\data1.blg





Discover More
Process States
OS - Process (Main Thread) / Program

OS A process is the first thread started (called the main thread). It's the only thread that is authorized to start a new threads. A process is a unit of resources, while a thread is a unit of: scheduling...
Process States
Process / Thread - Environment Variable

environment variable of a process (Os, application,...) called also System variables. They are used mainly to configure the behavior of a process (installation, configuration, rule, ...) and are part...
Windows 95 Wallpaper Version
Process Explorer

process explorer is an application that permits to see and manage the process on windwos You may check : the cpu, the memory the socket used and more You may find out which process locks a...
Environment Variable
Windows - Environment Variable

An environment variable is an operating system variable that use the hosted application to set application parameters. They can be set on different scopes: for a shell thread with the set DOS command...
Windows 95 Wallpaper Version
Windows - Executable (Library/Program)

and in windows PE : Portable_Executable exe dll The extensions are also defined in the pathext environment variable started when the user login - started when the windows system...



Share this page:
Follow us:
Task Runner