About
OS - Process (Main Thread) / Program in windows
Could be merged with Windows - Executable (Library/Program)
Articles Related
Management
Utilities/tools
The below section shows this two utilities:
- PsTool: command line
- Process Explorer: GUI
PsTool
- PsExec.exe
- PsExec64.exe
- psfile.exe
- psfile64.exe
- PsGetsid.exe
- PsGetsid64.exe
- PsInfo.exe
- PsInfo64.exe
- pskill.exe
- pskill64.exe
- pslist.exe
- pslist64.exe
- PsLoggedon.exe
- PsLoggedon64.exe
- psloglist.exe
- pspasswd.exe
- pspasswd64.exe
- psping.exe
- psping64.exe
- PsService.exe
- PsService64.exe
- psshutdown.exe
- pssuspend.exe
- pssuspend64.exe
Process Explorer
List
Get-Process
- in PowerShell
Get-Process
You can also custom which properties, you want to see. For a list of property, see get
Get-Process pwsh |
ft @{Label = "NPM(K)"; Expression = {[int]($_.NPM / 1024)}},
@{Label = "PM(K)"; Expression = {[int]($_.PM / 1024)}},
@{Label = "WS(K)"; Expression = {[int]($_.WS / 1024)}},
@{Label = "VM(M)"; Expression = {[int]($_.VM / 1MB)}},
@{Label = "CPU(s)"; Expression = {if ($_.CPU) {$_.CPU.ToString("N")}}},
Id, MachineName, ProcessName -Auto
# where ft is the alias of Format-Table
tasklist
tasklist command to list processes.
but cannot query the command line
Example:
- List tasks running on hostname
tasklist /S hostname
REM ''/S'' stand forfor "system"
- All Java process
tasklist /FI "IMAGENAME eq Java.exe"
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
java.exe 11656 Services 0 111.536 K
java.exe 9064 Console 1 14.452 K
java.exe 24060 Console 1 1.891.704 K
java.exe 15316 Console 1 156.704 K
pslist
environment variable
- With process explorer, you can list the environment variable. Example: environment variable of the Keepass process.
- Powershell
(Get-Process chrome).StartInfo.EnvironmentVariables
Get
- The format list shows all properties for a process
Get-Process -id 9064 | Format-List *
Name : java
Id : 9064
PriorityClass : Normal
FileVersion : 8.0.1710.11
HandleCount : 481
WorkingSet : 14237696
PagedMemorySize : 459972608
PrivateMemorySize : 459972608
VirtualMemorySize : -1941905408
TotalProcessorTime : 00:00:07.1406250
SI : 1
Handles : 481
VM : 2353061888
WS : 14237696
PM : 459972608
NPM : 27880
Path : C:\Java\jdk1.8.0_171\bin\java.exe
Company : Oracle Corporation
CPU : 7.140625
ProductVersion : 8.0.1710.11
Description : Java(TM) Platform SE binary
Product : Java(TM) Platform SE 8
__NounName : Process
BasePriority : 8
ExitCode :
HasExited : False
ExitTime :
Handle : 3384
SafeHandle : Microsoft.Win32.SafeHandles.SafeProcessHandle
MachineName : .
MainWindowHandle : 0
MainWindowTitle :
MainModule : System.Diagnostics.ProcessModule (java.exe)
MaxWorkingSet : 1413120
MinWorkingSet : 204800
Modules : {System.Diagnostics.ProcessModule (java.exe), System.Diagnostics.ProcessModule
(ntdll.dll), System.Diagnostics.ProcessModule (KERNEL32.DLL),
System.Diagnostics.ProcessModule (KERNELBASE.dll)...}
NonpagedSystemMemorySize : 27880
NonpagedSystemMemorySize64 : 27880
PagedMemorySize64 : 459972608
PagedSystemMemorySize : 226792
PagedSystemMemorySize64 : 226792
PeakPagedMemorySize : 665038848
PeakPagedMemorySize64 : 665038848
PeakWorkingSet : 168747008
PeakWorkingSet64 : 168747008
PeakVirtualMemorySize : -1932460032
PeakVirtualMemorySize64 : 2362507264
PriorityBoostEnabled : True
PrivateMemorySize64 : 459972608
PrivilegedProcessorTime : 00:00:02.0156250
ProcessName : java
ProcessorAffinity : 255
Responding : True
SessionId : 1
StartInfo : System.Diagnostics.ProcessStartInfo
StartTime : 9/12/2018 8:54:37 PM
SynchronizingObject :
Threads : {13340, 13724, 8496, 29176...}
UserProcessorTime : 00:00:05.1250000
VirtualMemorySize64 : 2353061888
EnableRaisingEvents : False
StandardInput :
StandardOutput :
StandardError :
WorkingSet64 : 14237696
Site :
Container :
where:
- StandardInput, Standardoutput, StandardError: IO - Standard streams (stdin, stdout, stderr)
Kill
the taskkill command to kill processes.
Monitor
View
Collect
- with Performance - Perfmon (Performance monitor) - Windows It will dump the counter to the file system every minute
- with powershell, see Get-Counter
- Get-counter - Gets real-time performance counter data from local and remote computers.
- Import-counter - Imports performance counter log files and creates objects that represent each counter sample in the log.
- Export-counter - Exports PerformanceCounterSampleSet objects as performance counter log (.blg, .csv, .tsv) files.
# displays processor Time until you press CTRL+C
Get-counter -Counter "\Processor(_Total)\% Processor Time" -SampleInterval 2 -MaxSamples 100 | %{$_.CounterSamples}
# export to file (every 2 seconds until it has max 100 values)
Get-counter "\Processor(*)\% Processor Time" -SampleInterval 2 -MaxSamples 100 | Export-counter -Path $home\data1.blg