过滤管道结果
使用Get-Process返回所有的当前进程 ,但是你可能并不对所有的进程感兴趣,然后通过每个Process对象的属性进行过滤。首先得知道每个对象支持那些属性。
PS C:Powershell> Get-Process | select -First 1 | fl *__NounName : Process Name : AcroRd32 Handles : 287 VM : 234819584 WS : 32616448 PM : 63488000 NPM : 14584 Path : C:Program FilesAdobeReader 10.0ReaderAcroRd32 .exe Company : Adobe Systems Incorporated CPU : 96.5334188 FileVersion : 10.1.2.45 ProductVersion : 10.1.2.45 Description : Adobe Reader Product : Adobe Reader Id : 4820 PriorityClass : Normal HandleCount : 287 WorkingSet : 32616448 PagedMemorySize : 63488000 PrivateMemorySize : 63488000 VirtualMemorySize : 234819584 TotalProcessorTime : 00:01:36.5334188 BasePriority : 8 ExitCode : HasExited : False ExitTime : Handle : 3568 MachineName : . MainWindowHandle : 198686 MainWindowTitle : Mastering PowerShell - Adobe Reader MainModule : System.Diagnostics.ProcessModule (AcroRd32.exe) MaxWorkingSet : 1413120 MinWorkingSet : 204800 Modules : {System.Diagnostics.ProcessModule (AcroRd32.exe), System.Diagnostics.ProcessModule (ntdll.dll), Syst em.Diagnostics.ProcessModule (kernel32.dll), Syste m.Diagnostics.ProcessModule (KERNELBASE.dll)...} NonpagedSystemMemorySize : 14584 NonpagedSystemMemorySize64 : 14584 PagedMemorySize64 : 63488000 PagedSystemMemorySize : 302460 PagedSystemMemorySize64 : 302460 PeakPagedMemorySize : 75399168 PeakPagedMemorySize64 : 75399168 PeakWorkingSet : 87871488 PeakWorkingSet64 : 87871488 PeakVirtualMemorySize : 257703936 PeakVirtualMemorySize64 : 257703936 PriorityBoostEnabled : True PrivateMemorySize64 : 63488000 PrivilegedProcessorTime : 00:00:27.7057776 ProcessName : AcroRd32 ProcessorAffinity : 3 Responding : True SessionId : 1 StartInfo : System.Diagnostics.ProcessStartInfo StartTime : 2012/1/13 10:25:34 SynchronizingObject : Threads : {4376, 6636, 8096, 5136...} UserProcessorTime : 00:01:08.8276412 VirtualMemorySize64 : 234819584 EnableRaisingEvents : False StandardInput : StandardOutput : StandardError : WorkingSet64 : 32616448 Site : Container :
根据进程名过滤所有记事本进程。
PS C:Powershell> Get-Process | Where-Object {$_.Name -eq "notepad"}
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
158 7 8800 37264 114 18.41 6204 notepad
根据进程名过滤所有IE进程。
PS C:Powershell> Get-Process | Where-Object {$_.Name -eq "iexplore"}
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
710 23 12832 18160 175 10.51 4204 iexplore
971 39 81000 107580 399 22.20 6764 iexplore
336 13 28516 20096 187 0.34 6792 iexplore
929 35 51020 46568 314 10.42 7192 iexplore
835 26 49200 32360 308 7.82 7952 iexplore
根据company过滤所有产品发布者以”Microsoft”打头的进程:
PS C:Powershell> Get-Process | Where-Object {$_.company -like '*Microsoft*' }|
select Name,Description,Company
msseces Microsoft Security Clie... Microsoft Corporation
notepad 记事本 Microsoft Corporation
ONENOTEM Microsoft OneNote Quick... Microsoft Corporation
OUTLOOK Microsoft Outlook Microsoft Corporation
powershell Windows PowerShell Microsoft Corporation
prevhost Preview Handler Surroga... Microsoft Corporation
RDCMan RDCMan Microsoft Corporation
SearchProtocolHost Microsoft Windows Searc... Microsoft Corporation
taskhost Windows 任务的主机进程 Microsoft Corporation
使用别名
因为Where-Object的使用概率比较高,所以有一个很形象的别名 ? 可以使用:
PS C:Powershell> Get-Service | ? {$_.Name -like "B*"}
Status Name DisplayName
------ ---- -----------
Running BDESVC BitLocker Drive Encryption Service
Running BFE Base Filtering Engine
Running BITS Background Intelligent Transfer Ser...
Stopped Browser Computer Browser
Stopped bthserv Bluetooth Support Service