$global:svchost = get-wmiObject win32_process -filter "name='svchost.exe'"
$global:win32_handle = $svchost | foreach { gwmi -query "Select * from win32_service where processID = $($_.handle)" }
$global:Sort_handle = $win32_handle | sort processID, Name
$global:Sort_svchost = $svchost | sort processID
$Sort_handle | format-table processID,name,state, startmode,Started,AcceptStop,Description -AutoSize
$Sort_svchost | format-table ProcessID,ThreadCount,HandleCount,WS,VM,KernelModeTime,ReadOperationCount,ReadTransferCount,OtherTransferCount -Autosize
[Output]:
:.\Get-SvcHost_005.ps1
processID name state startmode Started AcceptStop Description
--------- ---- ----- --------- ------- ---------- -----------
840 SSDPSRV Running Manual True True Enables discovery of UPnP devices on your home network.
1168 stisvc Running Auto True True Provides image acquisition services for scanners and cameras.
1204 DcomLaunch Running Auto True False Provides launch functionality for DCOM services.
1292 RpcSs Running Auto True False Provides the endpoint mapper and other miscellaneous RPC services.
.....
ProcessID ThreadCount HandleCount WS VM KernelModeTime ReadOperationCount ReadTransferCount OtherTransferCount
--------- ----------- ----------- -- -- -------------- ------------------ ----------------- ------------------
840 9 236 6078464 39940096 468750 369 48936 129130
1168 5 210 6574080 41291776 11093750 438 53831 32770
1204 5 209 6381568 43548672 3125000 383 53947 330048
1292 10 457 7004160 45506560 24375000 506 465380 63666
.....
No comments:
Post a Comment