Get-Process Info is a PowerShell function, which provides information about processes and DLLs running or found on Windows PCs.
This PowerShell function queries a process listing database with over 40000 records and returns extra information about a computer process:
[Process Name] [Description] [Additional Info] [Reported as a virus]
[Reported as a trojan] [Reported as a spyware] [Safe to end the process]
Features
-Accepts pipeline input
-Accepts wildcard characters:
% A substitute for zero or more characters
_ A substitute for a single character
[charlist] Sets and ranges of characters to match
Examples
Example 1
|
1 |
Get-ProcessInfo -process spoolvlc.exe |
Description:
Returns extended information about spoolvlc.exe process.
Output:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
Connection to database established. Showing information for spoolvlc.exe Process Name : spoolvlc.exe Description : Process SPOOLVLC.EXE named Troj/Sdbot-HD is harmful application of Troj/Sdbot-HD software. Process SPOOLVLC.EXE is repor ted as a virus and trojan horse. This variant of SPOOLVLC.EXE is very harmful and should be removed from operating syste m as soon as possible. Additional Info : SPOOLVLC.EXE is process associated with malicious software Troj/Sdbot-HD. Troj/Sdbot-HD is a backdoor Trojan that allows unauthorised remote access to the infected computer via IRC channels while running in the background as a service proce ss. Reported as a virus : No Reported as a trojan : Yes Reported as a spyware : No Safe to end the process : N/A |
Example 2
|
1 |
Get-Process * | Sort-Object -Unique | % {Get-ProcessInfo $_.ProcessName} |
Shows additional information for all processes currently runing on the local machine.
Output:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
Process Name : powershell_ise.exe Description : The powershell_ise.exe is a Windows PowerShell ISE. This file is part of Microsoft Windows Operating System. Powershell_ise.exe is developed by Microsoft Corporation. It's a system and hidden file. Powershell_ise.exe is usually located in the %SYSTEM% sub-folder and its usual size is 204,800 bytes. Additional Info : The powershell_ise.exe process is safe and disabling it can be dangerous, because programs on your computer need it to work correctly. Process Name : powershell_ise.resources.dll Description : This file is part of Microsoft (R) Windows (R) Operating System. Powershell_ise.resources.dll is developed by Microsoft Corporation. It's a system and hidden file. Powershell_ise.resources.dll is usually located in the %SYSTEM% sub-folder and its usual size is 4,096 bytes. Additional Info : The powershell_ise.resources.dll process is safe and disabling it can be dangerous, because programs on your computer need it to work correctly. |
Example 3
|
1 |
(get-process notepad).Modules | select -expand ModuleName |% {Get-ProcessInfo $_} |
Gets additional information for dll files and modules loaded by notepad process.
Example 4
|
1 2 |
$module = get-process * |% {$_.modules | select -expand modulename} foreach ($m in $module) {Get-ProcessInfo $m} |
Gets additional information for dll files and modules loaded by all currently running processes.
Example 5
|
1 |
Get-Process * -ComputerName COMPUTER01 | Sort-Object -Unique | % {Get-ProcessInfo $_.ProcessName} |
Gathers processes information for a remote machine.
Example 6
|
1 |
Get-ProcessInfo vc% |
Returns information for all recorded processes starting with vc.
