-
-
Save pa-0/2005f716e9bc7d620cb4c1ff9d4ba5e5 to your computer and use it in GitHub Desktop.
Process monitor PowerShell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function ProcessMonitor { | |
| <# | |
| .SYNOPSIS | |
| Displays changes in the process list on this or a remote PC. | |
| .DESCRIPTION | |
| Great for monitoring logon/startup scripts, batch jobs, software installations, etc... Especially on terminal servers. | |
| .EXAMPLE | |
| ProcessMonitor | |
| Compares changes in the process list every second on the local computer. | |
| .EXAMPLE | |
| ProcessMonitor -Interval 30 | |
| Compares changes in the process list for every 30 seconds. | |
| .EXAMPLE | |
| ProcessMonitor -Computername ServerB | |
| Compares changes in the process list on ServerB. | |
| .NOTES | |
| Created by Dimitri Koens | |
| Version 1.3: display current time when results in compare are empty | |
| Version 1.4: commandlineWidth implemented | |
| Version 1.5: replaced Get-WmiObject with Get-CimInstance | |
| #> | |
| param( | |
| [int]$Interval=1, | |
| [string]$Computername=$Env:COMPUTERNAME | |
| ) | |
| Write-Host 'ProcessMonitor (interrupt with Ctrl-C)' -ForegroundColor Cyan | |
| $minimumWidth = 40 | |
| $refProcs = Get-CimInstance win32_process -ComputerName $Computername | |
| Do { | |
| Start-Sleep $Interval | |
| $diffProcs = Get-CimInstance win32_process -ComputerName $Computername | |
| $result = Compare-Object $refProcs $diffProcs -Property ProcessId -PassThru | |
| $result | ForEach-Object { | |
| # construct primary string | |
| $msg = "{0:hh:mm:ss} {1,5} pid {2,15} " -f (Get-Date) , $_.ProcessId, $_.Name | |
| # construct rest of string, .commandline also contains .path | |
| $commandlineWidth = $Host.UI.RawUI.WindowSize.Width - $msg.Length # measure everty time to address screen resize | |
| If ($commandlineWidth -lt $MinimumWidth) { $commandlineWidth = $MinimumWidth } | |
| If ($_.commandline.length -lt $commandlineWidth) { | |
| $msg = $msg + $_.commandline | |
| } else { | |
| $msg = $msg + $_.commandline.SubString(0,$commandlineWidth-1) | |
| } | |
| # new process running | |
| if ($_.sideIndicator -eq "=>") { Write-Host $msg -foregroundcolor green } | |
| # existing process stopped | |
| if ($_.sideIndicator -eq "<=") { Write-Host $msg -foregroundcolor yellow } | |
| } | |
| if ($null -eq $result) { | |
| $msg = "{0:hh:mm:ss}" -f (Get-Date) | |
| Write-Host -NoNewline $msg | |
| $Host.UI.RawUI.CursorPosition = New-Object System.Management.Automation.Host.Coordinates 0,($Host.UI.RawUI.CursorPosition.y) | |
| } | |
| $refProcs = $diffProcs | |
| } while (1) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment