Home > Back-end >  Identify process with powershell -Query option satisfying CommandLine like '%pattern%'
Identify process with powershell -Query option satisfying CommandLine like '%pattern%'

Time:10-05

Recently I discovered that one can issue sql queries to WmiObject like this:

Get-WmiObject -Query "SELECT * FROM Win32_Process WHERE Name='java.exe'"

I would like to further limit the output containing the CommandLine arguments, something like:

Get-WmiObject -Query "SELECT * FROM Win32_Process WHERE Name='java.exe' AND CommandLine like '%glassfish%'"

or

Get-WmiObject -Query "SELECT * FROM Win32_Process WHERE Name='java.exe' AND CommandLine like '*glassfish*'"

However this does not return any answers back. How can I formulate approximate match queries there? Sure I can do

Get-WmiObject -Query "SELECT * FROM Win32_Process WHERE Name='java.exe'" | Where-Object { $_.CommandLine -match "glassfish" }

But that does not look elegant.

EDIT: There's a glassfish running among my processes (if I remove "CommandLine like ...": enter image description here

CodePudding user response:

This one:

Get-WmiObject -Query "SELECT * FROM Win32_Process WHERE Name='java.exe' AND CommandLine like '%glassfish%'"

... uses the correct syntax, the wildcard char in WQL is indeed %.

If you want to pass a variable substring to the query, make sure you escape quotation marks and backslashes with another backslash:

# define substring to looks for
$cmdLineSubstring = 'glassfish'

# escape quotes and backslashes
$cmdLineSubstring = $cmdLineSubstring -replace '[\\\p{Pi}\p{Pf}''"]','\$0'

$query = "SELECT * FROM Win32_Process WHERE Name = 'java.exe' AND CommandLine LIKE '%${cmdLineSubstring}%'"

Page link:https//www.codepudding.com/Backend/139449.html

Prev:Creating a computed Int column in SQL Server from a text column
Next:Creating multiple new rows using data from other rows
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding