About

OS - Process (Main Thread) / Program in windows

Could be merged with Windows - Executable (Library/Program)

Management

Utilities/tools

The below section shows this two utilities:

PsTool

PsTools Suite

  • PsExec.exe
  • PsExec64.exe
  • psfile.exe
  • psfile64.exe
  • PsGetsid.exe
  • PsGetsid64.exe
  • PsInfo.exe
  • PsInfo64.exe
  • pskill.exe
  • pskill64.exe
  • pslist.exe
  • pslist64.exe
  • PsLoggedon.exe
  • PsLoggedon64.exe
  • psloglist.exe
  • pspasswd.exe
  • pspasswd64.exe
  • psping.exe
  • psping64.exe
  • PsService.exe
  • PsService64.exe
  • psshutdown.exe
  • pssuspend.exe
  • pssuspend64.exe

Process Explorer

Process Explorer

List

Get-Process

Get-Process

You can also custom which properties, you want to see. For a list of property, see get

Get-Process pwsh |
	ft @{Label = "NPM(K)"; Expression = {[int]($_.NPM / 1024)}},
	@{Label = "PM(K)"; Expression = {[int]($_.PM / 1024)}},
	@{Label = "WS(K)"; Expression = {[int]($_.WS / 1024)}},
	@{Label = "VM(M)"; Expression = {[int]($_.VM / 1MB)}},
	@{Label = "CPU(s)"; Expression = {if ($_.CPU) {$_.CPU.ToString("N")}}},
	Id, MachineName, ProcessName -Auto
# where ft is the alias of Format-Table

tasklist

tasklist command to list processes.

but cannot query the command line

Example:

  • List tasks running on hostname
tasklist /S hostname
REM ''/S'' stand forfor "system"
  • All Java process
tasklist /FI "IMAGENAME eq Java.exe"
Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
java.exe                     11656 Services                   0    111.536 K
java.exe                      9064 Console                    1     14.452 K
java.exe                     24060 Console                    1  1.891.704 K
java.exe                     15316 Console                    1    156.704 K

pslist

environment variable

  • With process explorer, you can list the environment variable. Example: environment variable of the Keepass process.

Process Explorer Environment

  • Powershell
(Get-Process chrome).StartInfo.EnvironmentVariables

Get

  • The format list shows all properties for a process
Get-Process  -id 9064 | Format-List *
Name                       : java
Id                         : 9064
PriorityClass              : Normal
FileVersion                : 8.0.1710.11
HandleCount                : 481
WorkingSet                 : 14237696
PagedMemorySize            : 459972608
PrivateMemorySize          : 459972608
VirtualMemorySize          : -1941905408
TotalProcessorTime         : 00:00:07.1406250
SI                         : 1
Handles                    : 481
VM                         : 2353061888
WS                         : 14237696
PM                         : 459972608
NPM                        : 27880
Path                       : C:\Java\jdk1.8.0_171\bin\java.exe
Company                    : Oracle Corporation
CPU                        : 7.140625
ProductVersion             : 8.0.1710.11
Description                : Java(TM) Platform SE binary
Product                    : Java(TM) Platform SE 8
__NounName                 : Process
BasePriority               : 8
ExitCode                   :
HasExited                  : False
ExitTime                   :
Handle                     : 3384
SafeHandle                 : Microsoft.Win32.SafeHandles.SafeProcessHandle
MachineName                : .
MainWindowHandle           : 0
MainWindowTitle            :
MainModule                 : System.Diagnostics.ProcessModule (java.exe)
MaxWorkingSet              : 1413120
MinWorkingSet              : 204800
Modules                    : {System.Diagnostics.ProcessModule (java.exe), System.Diagnostics.ProcessModule
                             (ntdll.dll), System.Diagnostics.ProcessModule (KERNEL32.DLL),
                             System.Diagnostics.ProcessModule (KERNELBASE.dll)...}
NonpagedSystemMemorySize   : 27880
NonpagedSystemMemorySize64 : 27880
PagedMemorySize64          : 459972608
PagedSystemMemorySize      : 226792
PagedSystemMemorySize64    : 226792
PeakPagedMemorySize        : 665038848
PeakPagedMemorySize64      : 665038848
PeakWorkingSet             : 168747008
PeakWorkingSet64           : 168747008
PeakVirtualMemorySize      : -1932460032
PeakVirtualMemorySize64    : 2362507264
PriorityBoostEnabled       : True
PrivateMemorySize64        : 459972608
PrivilegedProcessorTime    : 00:00:02.0156250
ProcessName                : java
ProcessorAffinity          : 255
Responding                 : True
SessionId                  : 1
StartInfo                  : System.Diagnostics.ProcessStartInfo
StartTime                  : 9/12/2018 8:54:37 PM
SynchronizingObject        :
Threads                    : {13340, 13724, 8496, 29176...}
UserProcessorTime          : 00:00:05.1250000
VirtualMemorySize64        : 2353061888
EnableRaisingEvents        : False
StandardInput              :
StandardOutput             :
StandardError              :
WorkingSet64               : 14237696
Site                       :
Container                  :

where:

Kill

the taskkill command to kill processes.

Monitor

View

with Performance - Perfmon (Performance monitor) - Windows

Perfmon Process Counter

Collect

Perfmon Counter Collector

  • with powershell, see Get-Counter
    • Get-counter - Gets real-time performance counter data from local and remote computers.
    • Import-counter - Imports performance counter log files and creates objects that represent each counter sample in the log.
    • Export-counter - Exports PerformanceCounterSampleSet objects as performance counter log (.blg, .csv, .tsv) files.
# displays processor Time until you press CTRL+C
Get-counter -Counter "\Processor(_Total)\% Processor Time" -SampleInterval 2 -MaxSamples 100 | %{$_.CounterSamples}
# export to file (every 2 seconds until it has max 100 values)
Get-counter "\Processor(*)\% Processor Time" -SampleInterval 2 -MaxSamples 100 | Export-counter -Path $home\data1.blg