Get-Process 를 통해 실행 중인 프로세스의 상태 정보를 얻을 수 있고 Where-Object 의 조합으로 필요한 정보를 필터링 할 수 있습니다. Get-Process 를 사용해서 시스템 정보를 얻을 수 있는 몇 가지 방법에 대해서 아래와 같이 정리하였습니다.
1. 현재 실행 중인 프로세스 중에서 핸들 카운터 값이 800개 이상인 프로세스를 핸들 기준으로 정렬합니다.
가. 실행 명령
PS> Get-Process | Where-Object {$_.handles -ge 800} | Sort Handles
나. 실행 결과
다. 필터 사용 시 Comparison operator (비교 연산자) 정보
-lt -- Less than
-le -- Less than or equal to
-gt -- Greater than
-ge -- Greater than or equal to
-eq -- Equal to
-ne -- Not equal to
-like - Like; uses wildcards for pattern matching
-le -- Less than or equal to
-gt -- Greater than
-ge -- Greater than or equal to
-eq -- Equal to
-ne -- Not equal to
-like - Like; uses wildcards for pattern matching
2. 실행 중인 프로세스 파일 버전, 경로 정보 보기
가. 실행 명령
PS> Get-Process EXCEL -fileversioninfo
나. 실행 결과
3. 실행 중인 파일의 상세 프로세스 정보 확인
가. 실행 명령 및 결과
PS> Get-Process NOTEPAD | format-list *
__NounName : Process
Name : notepad
Handles : 353
VM : 147177472
WS : 29425664
PM : 10993664
NPM : 24552
Path : C:\Windows\system32\NOTEPAD.exe
Company : Microsoft Corporation
CPU : 1.0608068
FileVersion : 6.1.7600.16385 (win7_rtm.090713-1255)
ProductVersion : 6.1.7600.16385
Description : Notepad
Product : Microsoft® Windows® Operating System
Id : 5052
PriorityClass : Normal
HandleCount : 353
WorkingSet : 29425664
PagedMemorySize : 10993664
PrivateMemorySize : 10993664
VirtualMemorySize : 147177472
TotalProcessorTime : 00:00:01.0608068
BasePriority : 8
ExitCode :
HasExited : False
ExitTime :
Handle : 1488
MachineName : .
MainWindowHandle : 986240
MainWindowTitle : 라이고님 킹왕짱.txt - Notepad
MainModule : System.Diagnostics.ProcessModule (NOTEPAD.exe)
MaxWorkingSet : 1413120
MinWorkingSet : 204800
Modules : {System.Diagnostics.ProcessModule (NOTEPAD.exe), System.Diagnostics.ProcessModule (ntdll.d
ll), System.Diagnostics.ProcessModule (kernel32.dll), System.Diagnostics.ProcessModule (KE
RNELBASE.dll)...}
NonpagedSystemMemorySize : 24552
NonpagedSystemMemorySize64 : 24552
PagedMemorySize64 : 10993664
PagedSystemMemorySize : 273112
PagedSystemMemorySize64 : 273112
PeakPagedMemorySize : 12898304
PeakPagedMemorySize64 : 12898304
PeakWorkingSet : 32116736
PeakWorkingSet64 : 32116736
PeakVirtualMemorySize : 244559872
PeakVirtualMemorySize64 : 244559872
PriorityBoostEnabled : True
PrivateMemorySize64 : 10993664
PrivilegedProcessorTime : 00:00:00.7176046
ProcessName : notepad
ProcessorAffinity : 3
Responding : True
SessionId : 1
StartInfo : System.Diagnostics.ProcessStartInfo
StartTime : 2010-04-20 오후 2:53:56
SynchronizingObject :
Threads : {4888, 4692, 3000, 740...}
UserProcessorTime : 00:00:00.3432022
VirtualMemorySize64 : 147177472
EnableRaisingEvents : False
StandardInput :
StandardOutput :
StandardError :
WorkingSet64 : 29425664
Site :
Container :
__NounName : Process
Name : notepad
Handles : 353
VM : 147177472
WS : 29425664
PM : 10993664
NPM : 24552
Path : C:\Windows\system32\NOTEPAD.exe
Company : Microsoft Corporation
CPU : 1.0608068
FileVersion : 6.1.7600.16385 (win7_rtm.090713-1255)
ProductVersion : 6.1.7600.16385
Description : Notepad
Product : Microsoft® Windows® Operating System
Id : 5052
PriorityClass : Normal
HandleCount : 353
WorkingSet : 29425664
PagedMemorySize : 10993664
PrivateMemorySize : 10993664
VirtualMemorySize : 147177472
TotalProcessorTime : 00:00:01.0608068
BasePriority : 8
ExitCode :
HasExited : False
ExitTime :
Handle : 1488
MachineName : .
MainWindowHandle : 986240
MainWindowTitle : 라이고님 킹왕짱.txt - Notepad
MainModule : System.Diagnostics.ProcessModule (NOTEPAD.exe)
MaxWorkingSet : 1413120
MinWorkingSet : 204800
Modules : {System.Diagnostics.ProcessModule (NOTEPAD.exe), System.Diagnostics.ProcessModule (ntdll.d
ll), System.Diagnostics.ProcessModule (kernel32.dll), System.Diagnostics.ProcessModule (KE
RNELBASE.dll)...}
NonpagedSystemMemorySize : 24552
NonpagedSystemMemorySize64 : 24552
PagedMemorySize64 : 10993664
PagedSystemMemorySize : 273112
PagedSystemMemorySize64 : 273112
PeakPagedMemorySize : 12898304
PeakPagedMemorySize64 : 12898304
PeakWorkingSet : 32116736
PeakWorkingSet64 : 32116736
PeakVirtualMemorySize : 244559872
PeakVirtualMemorySize64 : 244559872
PriorityBoostEnabled : True
PrivateMemorySize64 : 10993664
PrivilegedProcessorTime : 00:00:00.7176046
ProcessName : notepad
ProcessorAffinity : 3
Responding : True
SessionId : 1
StartInfo : System.Diagnostics.ProcessStartInfo
StartTime : 2010-04-20 오후 2:53:56
SynchronizingObject :
Threads : {4888, 4692, 3000, 740...}
UserProcessorTime : 00:00:00.3432022
VirtualMemorySize64 : 147177472
EnableRaisingEvents : False
StandardInput :
StandardOutput :
StandardError :
WorkingSet64 : 29425664
Site :
Container :
4. 프로세스에서 로드한 모듈의 정보를 가져옵니다.
가. 실행 명령 및 결과
PS> Get-Process note*
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
---------------------------------------------------------------------------------
306 22 10032 28332 137 1.06 5052 notepad
PS> Get-Process note* -module
Size(K) ModuleName FileName
---------------------------------------------------------------------------------------------
212 NOTEPAD.exe C:\Windows\system32\NOTEPAD.exe
1708 ntdll.dll C:\Windows\SYSTEM32\ntdll.dll
1148 kernel32.dll C:\Windows\system32\kernel32.dll
428 KERNELBASE.dll C:\Windows\system32\KERNELBASE.dll
876 ADVAPI32.dll C:\Windows\system32\ADVAPI32.dll
636 msvcrt.dll C:\Windows\system32\msvcrt.dll
124 sechost.dll C:\Windows\SYSTEM32\sechost.dll
1208 RPCRT4.dll C:\Windows\system32\RPCRT4.dll
412 GDI32.dll C:\Windows\system32\GDI32.dll
1000 USER32.dll C:\Windows\system32\USER32.dll
56 LPK.dll C:\Windows\system32\LPK.dll
808 USP10.dll C:\Windows\system32\USP10.dll
608 COMDLG32.dll C:\Windows\system32\COMDLG32.dll
452 SHLWAPI.dll C:\Windows\system32\SHLWAPI.dll
2000 COMCTL32.dll C:\Windows\WinSxS\amd64_microsoft.windows.common-contr...
13848 SHELL32.dll C:\Windows\system32\SHELL32.dll
448 WINSPOOL.DRV C:\Windows\system32\WINSPOOL.DRV
2052 ole32.dll C:\Windows\system32\ole32.dll
860 OLEAUT32.dll C:\Windows\system32\OLEAUT32.dll
48 VERSION.dll C:\Windows\system32\VERSION.dll
184 IMM32.DLL C:\Windows\system32\IMM32.DLL
1060 MSCTF.dll C:\Windows\system32\MSCTF.dll
60 CRYPTBASE.dll C:\Windows\system32\CRYPTBASE.dll
344 uxtheme.dll C:\Windows\system32\uxtheme.dll
348 apphelp.dll C:\Windows\system32\apphelp.dll
480 IMKR12.IME C:\Windows\system32\IMKR12.IME
804 MSVCR80.dll C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e...
1060 MSVCP80.dll C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e...
96 dwmapi.dll C:\Windows\system32\dwmapi.dll
612 CLBCatQ.DLL C:\Windows\system32\CLBCatQ.DLL
952 IMKRTIP.DLL C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRTIP.DLL
1472 IMETIP.DLL C:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMETIP.DLL
252 IMKRAPI.DLL C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRAPI.DLL
308 IMJKAPI.DLL C:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMJKAPI.DLL
1832 explorerframe.dll C:\Windows\system32\explorerframe.dll
268 DUser.dll C:\Windows\system32\DUser.dll
968 DUI70.dll C:\Windows\system32\DUI70.dll
1192 WindowsCodecs.dll C:\Windows\system32\WindowsCodecs.dll
212 EhStorShell.dll C:\Windows\system32\EhStorShell.dll
1884 SETUPAPI.dll C:\Windows\system32\SETUPAPI.dll
216 CFGMGR32.dll C:\Windows\system32\CFGMGR32.dll
104 DEVOBJ.dll C:\Windows\system32\DEVOBJ.dll
1200 PROPSYS.dll C:\Windows\system32\PROPSYS.dll
504 cscui.dll C:\Windows\System32\cscui.dll
48 CSCDLL.dll C:\Windows\System32\CSCDLL.dll
60 CSCAPI.dll C:\Windows\system32\CSCAPI.dll
512 ntshrui.dll C:\Windows\system32\ntshrui.dll
140 srvcli.dll C:\Windows\system32\srvcli.dll
44 slc.dll C:\Windows\system32\slc.dll
236 msls31.dll C:\Windows\system32\msls31.dll
508 tiptsf.dll C:\Program Files\Common Files\microsoft shared\ink\tip...
180 ntmarta.dll C:\Windows\system32\ntmarta.dll
320 WLDAP32.dll C:\Windows\system32\WLDAP32.dll
60 profapi.dll C:\Windows\system32\profapi.dll
212 xmllite.dll C:\Windows\system32\xmllite.dll
92 CRYPTSP.dll C:\Windows\system32\CRYPTSP.dll
284 rsaenh.dll C:\Windows\system32\rsaenh.dll
80 RpcRtRemote.dll C:\Windows\system32\RpcRtRemote.dll
492 StructuredQuery.dll C:\Windows\System32\StructuredQuery.dll
44 Secur32.dll C:\Windows\System32\Secur32.dll
148 SSPICLI.DLL C:\Windows\System32\SSPICLI.DLL
952 actxprxy.dll C:\Windows\system32\actxprxy.dll
456 ieproxy.dll C:\Program Files\Internet Explorer\ieproxy.dll
852 SearchFolder.dll C:\Windows\system32\SearchFolder.dll
124 thumbcache.dll C:\Windows\system32\thumbcache.dll
28 PSAPI.DLL C:\Windows\system32\PSAPI.DLL
204 SHDOCVW.dll C:\Windows\system32\SHDOCVW.dll
12092 ieframe.DLL C:\Windows\system32\ieframe.DLL
336 OLEACC.dll C:\Windows\system32\OLEACC.dll
2400 iertutil.dll C:\Windows\system32\iertutil.dll
80 samcli.dll C:\Windows\system32\samcli.dll
116 SAMLIB.dll C:\Windows\system32\SAMLIB.dll
48 netutils.dll C:\Windows\system32\netutils.dll
96 MPR.dll C:\Windows\system32\MPR.dll
40 drprov.dll C:\Windows\System32\drprov.dll
244 WINSTA.dll C:\Windows\System32\WINSTA.dll
136 ntlanman.dll C:\Windows\System32\ntlanman.dll
108 davclnt.dll C:\Windows\System32\davclnt.dll
40 DAVHLPR.dll C:\Windows\System32\DAVHLPR.dll
1648 NetworkExplorer.dll C:\Windows\system32\NetworkExplorer.dll
84 wkscli.dll C:\Windows\system32\wkscli.dll
236 WINMM.dll C:\Windows\system32\WINMM.dll
756 PortableDeviceApi.dll C:\Windows\system32\PortableDeviceApi.dll
228 WINTRUST.dll C:\Windows\system32\WINTRUST.dll
1432 CRYPT32.dll C:\Windows\system32\CRYPT32.dll
60 MSASN1.dll C:\Windows\system32\MSASN1.dll
156 EhStorAPI.dll C:\Windows\system32\EhStorAPI.dll
48 LINKINFO.dll C:\Windows\system32\LINKINFO.dll
248 cscobj.dll C:\Windows\System32\cscobj.dll
120 USERENV.dll C:\Windows\System32\USERENV.dll
1504 urlmon.dll C:\Windows\system32\urlmon.dll
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
---------------------------------------------------------------------------------
306 22 10032 28332 137 1.06 5052 notepad
PS> Get-Process note* -module
Size(K) ModuleName FileName
---------------------------------------------------------------------------------------------
212 NOTEPAD.exe C:\Windows\system32\NOTEPAD.exe
1708 ntdll.dll C:\Windows\SYSTEM32\ntdll.dll
1148 kernel32.dll C:\Windows\system32\kernel32.dll
428 KERNELBASE.dll C:\Windows\system32\KERNELBASE.dll
876 ADVAPI32.dll C:\Windows\system32\ADVAPI32.dll
636 msvcrt.dll C:\Windows\system32\msvcrt.dll
124 sechost.dll C:\Windows\SYSTEM32\sechost.dll
1208 RPCRT4.dll C:\Windows\system32\RPCRT4.dll
412 GDI32.dll C:\Windows\system32\GDI32.dll
1000 USER32.dll C:\Windows\system32\USER32.dll
56 LPK.dll C:\Windows\system32\LPK.dll
808 USP10.dll C:\Windows\system32\USP10.dll
608 COMDLG32.dll C:\Windows\system32\COMDLG32.dll
452 SHLWAPI.dll C:\Windows\system32\SHLWAPI.dll
2000 COMCTL32.dll C:\Windows\WinSxS\amd64_microsoft.windows.common-contr...
13848 SHELL32.dll C:\Windows\system32\SHELL32.dll
448 WINSPOOL.DRV C:\Windows\system32\WINSPOOL.DRV
2052 ole32.dll C:\Windows\system32\ole32.dll
860 OLEAUT32.dll C:\Windows\system32\OLEAUT32.dll
48 VERSION.dll C:\Windows\system32\VERSION.dll
184 IMM32.DLL C:\Windows\system32\IMM32.DLL
1060 MSCTF.dll C:\Windows\system32\MSCTF.dll
60 CRYPTBASE.dll C:\Windows\system32\CRYPTBASE.dll
344 uxtheme.dll C:\Windows\system32\uxtheme.dll
348 apphelp.dll C:\Windows\system32\apphelp.dll
480 IMKR12.IME C:\Windows\system32\IMKR12.IME
804 MSVCR80.dll C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e...
1060 MSVCP80.dll C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e...
96 dwmapi.dll C:\Windows\system32\dwmapi.dll
612 CLBCatQ.DLL C:\Windows\system32\CLBCatQ.DLL
952 IMKRTIP.DLL C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRTIP.DLL
1472 IMETIP.DLL C:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMETIP.DLL
252 IMKRAPI.DLL C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRAPI.DLL
308 IMJKAPI.DLL C:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMJKAPI.DLL
1832 explorerframe.dll C:\Windows\system32\explorerframe.dll
268 DUser.dll C:\Windows\system32\DUser.dll
968 DUI70.dll C:\Windows\system32\DUI70.dll
1192 WindowsCodecs.dll C:\Windows\system32\WindowsCodecs.dll
212 EhStorShell.dll C:\Windows\system32\EhStorShell.dll
1884 SETUPAPI.dll C:\Windows\system32\SETUPAPI.dll
216 CFGMGR32.dll C:\Windows\system32\CFGMGR32.dll
104 DEVOBJ.dll C:\Windows\system32\DEVOBJ.dll
1200 PROPSYS.dll C:\Windows\system32\PROPSYS.dll
504 cscui.dll C:\Windows\System32\cscui.dll
48 CSCDLL.dll C:\Windows\System32\CSCDLL.dll
60 CSCAPI.dll C:\Windows\system32\CSCAPI.dll
512 ntshrui.dll C:\Windows\system32\ntshrui.dll
140 srvcli.dll C:\Windows\system32\srvcli.dll
44 slc.dll C:\Windows\system32\slc.dll
236 msls31.dll C:\Windows\system32\msls31.dll
508 tiptsf.dll C:\Program Files\Common Files\microsoft shared\ink\tip...
180 ntmarta.dll C:\Windows\system32\ntmarta.dll
320 WLDAP32.dll C:\Windows\system32\WLDAP32.dll
60 profapi.dll C:\Windows\system32\profapi.dll
212 xmllite.dll C:\Windows\system32\xmllite.dll
92 CRYPTSP.dll C:\Windows\system32\CRYPTSP.dll
284 rsaenh.dll C:\Windows\system32\rsaenh.dll
80 RpcRtRemote.dll C:\Windows\system32\RpcRtRemote.dll
492 StructuredQuery.dll C:\Windows\System32\StructuredQuery.dll
44 Secur32.dll C:\Windows\System32\Secur32.dll
148 SSPICLI.DLL C:\Windows\System32\SSPICLI.DLL
952 actxprxy.dll C:\Windows\system32\actxprxy.dll
456 ieproxy.dll C:\Program Files\Internet Explorer\ieproxy.dll
852 SearchFolder.dll C:\Windows\system32\SearchFolder.dll
124 thumbcache.dll C:\Windows\system32\thumbcache.dll
28 PSAPI.DLL C:\Windows\system32\PSAPI.DLL
204 SHDOCVW.dll C:\Windows\system32\SHDOCVW.dll
12092 ieframe.DLL C:\Windows\system32\ieframe.DLL
336 OLEACC.dll C:\Windows\system32\OLEACC.dll
2400 iertutil.dll C:\Windows\system32\iertutil.dll
80 samcli.dll C:\Windows\system32\samcli.dll
116 SAMLIB.dll C:\Windows\system32\SAMLIB.dll
48 netutils.dll C:\Windows\system32\netutils.dll
96 MPR.dll C:\Windows\system32\MPR.dll
40 drprov.dll C:\Windows\System32\drprov.dll
244 WINSTA.dll C:\Windows\System32\WINSTA.dll
136 ntlanman.dll C:\Windows\System32\ntlanman.dll
108 davclnt.dll C:\Windows\System32\davclnt.dll
40 DAVHLPR.dll C:\Windows\System32\DAVHLPR.dll
1648 NetworkExplorer.dll C:\Windows\system32\NetworkExplorer.dll
84 wkscli.dll C:\Windows\system32\wkscli.dll
236 WINMM.dll C:\Windows\system32\WINMM.dll
756 PortableDeviceApi.dll C:\Windows\system32\PortableDeviceApi.dll
228 WINTRUST.dll C:\Windows\system32\WINTRUST.dll
1432 CRYPT32.dll C:\Windows\system32\CRYPT32.dll
60 MSASN1.dll C:\Windows\system32\MSASN1.dll
156 EhStorAPI.dll C:\Windows\system32\EhStorAPI.dll
48 LINKINFO.dll C:\Windows\system32\LINKINFO.dll
248 cscobj.dll C:\Windows\System32\cscobj.dll
120 USERENV.dll C:\Windows\System32\USERENV.dll
1504 urlmon.dll C:\Windows\system32\urlmon.dll
[참고자료]
Get-Process
http://technet.microsoft.com/ko-kr/library/dd347630.aspx
Using the Where-Object Cmdlet
http://technet.microsoft.com/en-us/library/ee177028.aspx
작성자 : Lai Go / 작성일자 : 2010.04.20
