I am running a python script using "python script.py arg1 arg2 ...". I wanted to use powershell to check memory consumption of this script (process). The below command can't catch the python process. Looks like it isn't a win32_process?
Get-WmiObject win32_process -Filter "name like '%python'"
In this blog by Raymond Chen, it is dealing with win32_process class. Looks like my python process is not win32_process, because the above command doesn't catch it.
You can use the win32_process wmi class for python, and the name has the .exe on the end, slightly different from get-process:
Get-WmiObject win32_process -Filter "name = 'python.exe'" | select name,commandline
name commandline
---- -----------
python.exe "C:\Program Files\emacs\bin\python.exe"
Or
Get-WmiObject win32_process | ? name -eq python.exe | select name,commandline
name commandline
---- -----------
python.exe "C:\Program Files\emacs\bin\python.exe"
Or in powershell 7, get-process has the commandline property:
get-process python | select name,commandline
Name CommandLine
---- -----------
python "C:\Program Files\emacs\bin\python.exe"
Related
I'm trying to get details on the marking technology my printer uses but upon running the "wmic printer get MarkingTechnology" command i just get a blank screen here's a picture of the command prompt displaying the command after being run
I don't know if this source How to get model of printer with POWERSHELL? can help you or not ?
get-wmiobject win32_printer -ComputerName localhost
or
get-wmiobject win32_printer | ft
get-wmiobject win32_printer | ?{$_.ShareName -eq "Printer01"} | fl *
get-wmiobject win32_printer | ft Name,ShareName,DriverName -Autosize
I'm trying to call a .PS1 using a batch file to produce a csv file with just the User Name and Other Telephone number details. I have the script to produce the csv file.
Get-ADUser -Filter * -Properties otherTelephone |
select name, #{L='otherTelephone'; E={$_.otherTelephone[0]}} | sort-object otherTelephone | select-object -last 1000 |
Export-Csv C:\Test.csv -NoTypeInformation
and I have the batch file to elevate the PowerShell
powershell -noprofile -command "&{ start-process powershell -ArgumentList '-noprofile -file C:\Test.ps1' -verb RunAs}"
The problem is when I try to import the system modules by adding
powershell.exe -ImportSystemModules
to the front of the powershell script, the CSV only returns the header information e.g. name and otherTelephone. The script works if I import the modules manually i.e right click import system modules, but not when I try to load modules before running the script.
Basically I need to run the PS script as admin, import the system modules and have the code output my data.
Any help as to where I am going wrong is appreciated.
powershell.exe -ImportSystemModules Get-ADUser -Filter * -Properties otherTelephone |
select name, #{L='otherTelephone'; E={$_.otherTelephone[0]}} | sort-object otherTelephone | select-object -last 10 |
Export-Csv C:\Test.csv -NoTypeInformation
If you need to load the modules inside your script use the following code:
Get-Module -ListAvailable | Where-Object {$_.Path -like "$PSHOME*"} | Import-Module
The -ImportSystemModules switch is a flag for powershell.exe. If you call powershell.exe -ImportSystemModules inside of your script it will start another powershell instance and load the modules inside of it.
You could also add the -ImportSystemModules to your powershell call inside the batch file. That should work too
Regards
I am trying to end a powershell window I spawned from a task running as SYSTEM. I don't have the ID of the process since I am launching it through psexec to be able to set the session id. The task and the target powershell process are in different sessions.
I thought it would be simple just to set a window title and then query on the window title but I am running to issues since processes running under the system don't seem to see the window title. For example when I run get-process powershell | format-table -property Name, MainWindowTitle as a user I get:
Name MainWindowTitle
---- ---------------
powershell Administrator: C:\Windows\System32\cmd.exe
powershell My Title
powershell
By when I run the same command under the system account I get:
Name MainWindowTitle
---- ---------------
powershell
powershell
powershell
I am not sure what is going on here. Is there a way to get the MainWindowTitle from the SYSTEM account? If not, is there something else I could query for that would return my powershell window and leave any other powershell processes running?
I am on Window 7 x64
Name Value
---- -----
CLRVersion 2.0.50727.5477
BuildVersion 6.1.7601.17514
PSVersion 2.0
WSManStackVersion 2.0
PSCompatibleVersions {1.0, 2.0}
SerializationVersion 1.1.0.1
PSRemotingProtocolVersion 2.1
If there is something unique about the command line of the process you'd like to kill, maybe you could use something like:
Get-CimInstance Win32_Process -Filter "Name='powershell.exe'" |
Where-Object { $_.CommandLine -match $commandLineToMatch } |
ForEach-Object { Stop-Process -WhatIf -Id $_.ProcessId }
I added -WhatIf for testing purposes.
You need to call the GetOwner() method on the Win32_Process object to get the user that started the process.
Get-WmiObject -Class Win32_Process -Filter "Name='powershell.exe'" | ForEach-Object {
if ($_.GetOwner().User -match 'system') {
$_.Terminate()
}
}
I use to run Python programs via the executable included in CygWin, for example:
c:\CygWin\bin\python2.7.exe /usr/local/bin/FunnyProgram.py
c:\CygWin\bin\python2.7.exe /usr/local/bin/BoringWordProcessor.py
Note that the /usr/local... stuff are the parameters part, not the executable program.
I am making a Windows shell script that pretends to close someone of them, for example "FunnyProgram.py". But I can not do:
taskkill /im "Funny*" /f
because all the operating system seems to see is:
C:\>tasklist | find "python" /i
python2.7.exe 5012 Console 1 13.240 KB
And there is no results at all if I do:
tasklist | find "Funny" /i
Neither can I find it by using SysInternals PSExec:
C:\>pslist python -x
pslist v1.3 - Sysinternals PsList
Copyright (C) 2000-2012 Mark Russinovich
Sysinternals - www.sysinternals.com
Process and thread information for KENOBI:
Name Pid VM WS Priv Priv Pk Faults NonP Page
python2.7 5012 588464 13240 13416 13556 3458 11 103
Tid Pri Cswtch State User Time Kernel Time Elapsed Time
580 10 316 Wait:UserReq 0:00:00.062 0:00:00.202 0:23:42.743
2760 11 4 Wait:Executive 0:00:00.000 0:00:00.000 0:23:42.741
616 8 4 Wait:UserReq 0:00:00.000 0:00:00.000 0:23:42.597
3164 11 49 Wait:UserReq 0:00:00.000 0:00:00.000 0:23:42.460
And mostly the same for SysInternals Handle:
C:\Windows\system32>handle -p "python"
Handle v3.51
Copyright (C) 1997-2013 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
python2.7.exe pid: 5012 KENOBI\Luis
60: Section \BaseNamedObjects\cygwin1S5-c5e39b7a9d22bafb\shared.5
64: Section \BaseNamedObjects\cygwin1S5-c5e39b7a9d22bafb\S-1-5-21-33151
06853-2407454319-848584108-1000.1
70: Section \BaseNamedObjects\cygwin1S5-c5e39b7a9d22bafb\cygpid.5012
C0: Section \BaseNamedObjects\cygwin1S5-c5e39b7a9d22bafb\c5e39b7a9d22ba
fb-cons0x240B0C.0
CC: Section \BaseNamedObjects\cygwin1S5-c5e39b7a9d22bafb\cygpid.5552
254: File (RWD) C:\Users\Luis
How can I detect the PID (in order to close it), or at least directly close, some specific program locating it by its parameters?
(I would like to do this in a Windows shell script, but additional command-line utilities are accepted if needed)
EDIT: Another method not working. If I do notepad test.txt, I can find it using PowerShell:
$process = "notepad.exe"
gwmi Win32_Process -Filter "name = '$process'" | select CommandLine
I save these two lines to "TestNotepad.ps1" and I do:
C:\>Powershell.exe -executionpolicy remotesigned -File TestNotepad.ps1
CommandLine
-----------
"C:\Windows\system32\notepad.exe"
"C:\Windows\system32\NOTEPAD.EXE" D:\test.txt
But for the file:
$process = "python2.7.exe"
gwmi Win32_Process -Filter "name = '$process'" | select CommandLine
I just get a simple:
C:\>Powershell.exe -executionpolicy remotesigned -File TestPython.ps1
CommandLine
-----------
"C:\CygWin\bin\python2.7.exe"
...with no parameters at all. Strange!
Windows shell:
C:\Python33\python.exe c:\helloworld.py
Powershell:
PS C:\Users\David> $process = "python.exe"
PS C:\Users\David> gwmi Win32_Process -Filter "name = '$process'" | select CommandLine
CommandLine
-----------
C:\Python33\python.exe C:\helloworld.py
from windows shell calling python in cygwin\bin:
c:\cygwin\bin\python3.2m.exe c:\helloworld.py
Powershell:
PS C:\Users\David> $process = "python3.2m.exe"
PS C:\Users\David> gwmi Win32_Process -Filter "name = '$process'" | select CommandLine
CommandLine
-----------
C:\cygwin\bin\python3.2m.exe C:\helloworld.py
This problem seems to come from the Python interpreter included in official CygWin repositories (as of today, v2.7.3).
Happily, the solution itself appears to be onto the own CygWin pgrep command.
Assuming this command line to run the Python process:
c:\CygWin\bin\python2.7.exe /usr/local/bin/FunnyProgram.py
--> To find the process we can use pgrep with the -f option (to search for full path):
$ pgrep -f -l FunnyProgram.py
2640 /usr/bin/python2.7 /usr/local/bin/FunnyProgram.py
--> To kill the process directly:
$ kill $(pgrep -f FunnyProgram.py)
I have no idea about why ps, tasklist or any other commands fail doing what pgrep does.
According to #DeveloperGuo, this isssue could be solved for v3 and laters.
Saddly, Python v2 and v3 scripts are not compatibles, so I hope this thread helps anyone arriving here in search of knowledge and wishdom :-) .
I need to pull Physical Execution paths of all the Windows Services on a Set of Servers, that run on Win 2k8. As, the powershell version that is shipped with this OS is 2.0, I wanted to use Get-service command instead of Get-WmiObject.
I know that I can pull the physical path using the command given below
$QueryApp = "Select * from Win32_Service Where Name='AxInstSV'"
$Path = (Get-WmiObject -ComputerName MyServer -Query $QueryApp).PathName
I donot want this command to pull the physical path but wanted to use Get-Service command that comes with PS Version 2.0.
Any help would be much appreciated.
Even with PowerShell 3, I don't see a way to get it with Get-Service.
This 1-liner will get you the pathname, albeit with a little less of the preferred "filter left" behavior:
gwmi win32_service|?{$_.name -eq "AxInstSV"}|select pathname
Or, if you want just the string itself:
(gwmi win32_service|?{$_.name -eq "AxInstSV"}).pathname
#alroc did good, but there's no reason to filter all services. Querying WMI is like querying a DB, and you can just ask WMI to do the filtering for you:
(Get-CimInstance Win32_Service -Filter 'Name = "AxInstSV"').PathName
To explore all of the meta available for that service:
Get-CimInstance Win32_Service -Filter 'Name = "AxInstSV"' | Select-Object *
I wanted to do something similar, but based on searching / matching the path of the process running under the service, so I used the classic WMI Query syntax, then passed the results through format-table:
$pathWildSearch = "orton";
gwmi -Query "select * from win32_service where pathname like '%$pathWildSearch%' and state='Running'" | Format-Table -Property Name, State, PathName -AutoSize -Wrap
You're welcome to turn this into a one-liner by skipping defining and passing $pathWildSearch, or you could just back gwmi statement up to continue after the semi-colon.
Perhaps little less verbose,
wmic service where "name='AxInstSV'" get PathName
This should work on command prompt as well, not just powershell.
Or else if you have process name itself you could do:
wmic process where "name='AxInstSV.exe'" get ExecutablePath
To read process path you would need permission, so mostly I have better luck with service name.
I was never able to do this through the Get-Service command but if your service runs as it's own process then you can use the Get-Process command for this via the following code:
(Get-Process -Name AxInstSV).path
Source:
https://blogs.technet.microsoft.com/heyscriptingguy/2014/09/15/powertip-use-powershell-to-find-path-for-processes/