如何使用 PowerShell WMI 对象获取正在运行的进程?
要使用 WMI 对象获取正在运行的进程,需要使用类Win32_Process。使用此方法,你将获得比 Get-Process 命令更多的属性。
命令
Get-WmiObject –Class Win32_Process
输出
GENUS : 2 __CLASS : Win32_Process __SUPERCLASS : CIM_Process __DYNASTY : CIM_ManagedSystemElement __RELPATH : Win32_Process.Handle="0" __PROPERTY_COUNT : 45 __DERIVATION : {CIM_Process, CIM_LogicalElement, CIM_ManagedSystemElement} __SERVER : DESKTOP-9435KM9 __NAMESPACE : root\cimv2 __PATH : \DESKTOP-9435KM9\root\cimv2:Win32_Process.Handle="0" Caption : System Idle Process CommandLine : CreationClassName : Win32_Process CreationDate : 20191225011715.424076+330 CSCreationClassName : Win32_ComputerSystem CSName : DESKTOP-9435KM9 Description : System Idle Process ExecutablePath : ExecutionState : Handle : 0 HandleCount : 0 InstallDate : KernelModeTime : 5294149218750 MaximumWorkingSetSize : MinimumWorkingSetSize : Name : System Idle Process OSCreationClassName : Win32_OperatingSystem OSName : Microsoft Windows 10 Pro|C:\WINDOWS|\Device\Harddisk0\Partition4 OtherOperationCount : 0 OtherTransferCount : 0 PageFaults : 9 PageFileUsage : 60 ParentProcessId : 0 PeakPageFileUsage : 60 PeakVirtualSize : 8192 PeakWorkingSetSize : 12 Priority : 0 PrivatePageCount : 61440 ProcessId : 0 QuotaNonPagedPoolUsage : 1 QuotaPagedPoolUsage : 0 QuotaPeakNonPagedPoolUsage : 1 QuotaPeakPagedPoolUsage : 0 ReadOperationCount : 0 ReadTransferCount : 0 SessionId : 0 Status : TerminationDate : ThreadCount : 4 UserModeTime : 0 VirtualSize : 8192 WindowsVersion : 10.0.18362 WorkingSetSize : 8192 WriteOperationCount : 0 WriteTransferCount : 0 PSComputerName : DESKTOP-9435KM9 ProcessName : System Idle Process Handles : 0 VM : 8192 WS : 8192 Path :
广告