Could anyone helps me to fetch the Apps name and all the Processes opened by the App? Just like the Task Manager shows.
Can you give me an example in Java, Python or Powershell? I have tried the ways from internet, but I can only fetch the processes name, I also want to get the apps name as well.
These are what I tried:
- Powershell: Get-Process
- Python:
import psutil
# Define the app group name
app_group = 'Visual Studio Code'
# Get a list of all running processes
processes = psutil.process_iter()
for process in processes:
print(f'Process ID: {process.pid}')
print(f'Process Name: {process.name()}')
CodePudding user response:
Is PS, you can just do this.
Clear-Host
Get-Process |
Where-Object {$PSItem.ProcessName -eq 'Code'} |
Select-Object -Property Id, Name, ProcessName
Update
Grouping
Clear-Host
Get-Process |
Select-Object -Property Id, Name, ProcessName |
Group-Object -Property ProcessName
Update
Process details
Clear-Host
Get-Process |
Where-Object {$PSItem.ProcessName -eq 'Code'} |
Select-Object -Property '*' -First 1
# Results
<#
Name : Code
Id : 6228
PriorityClass : Normal
FileVersion : 1.72.2
HandleCount : 196
WorkingSet : 82386944
PagedMemorySize : 25554944
PrivateMemorySize : 25554944
VirtualMemorySize : 532230144
TotalProcessorTime : 00:00:00.5312500
SI : 1
Handles : 196
VM : 2225325289472
WS : 82386944
PM : 25554944
NPM : 14048
Path : C:\Users\Daniel\AppData\Local\Programs\Microsoft VS Code\Code.exe
Company : Microsoft Corporation
CPU : 0.53125
ProductVersion : 1.72.2
Description : Visual Studio Code
Product : Visual Studio Code
__NounName : Process
BasePriority : 8
ExitCode :
HasExited : False
ExitTime :
Handle : 3940
SafeHandle : Microsoft.Win32.SafeHandles.SafeProcessHandle
MachineName : .
MainWindowHandle : 0
MainWindowTitle :
MainModule : System.Diagnostics.ProcessModule (Code.exe)
MaxWorkingSet : 1413120
MinWorkingSet : 204800
Modules : {System.Diagnostics.ProcessModule (Code.exe),...
NonpagedSystemMemorySize64 : 14048
PagedMemorySize64 : 25554944
PagedSystemMemorySize : 490896
PagedSystemMemorySize64 : 490896
PeakPagedMemorySize : 34410496
PeakPagedMemorySize64 : 34410496
PeakWorkingSet : 87883776
PeakWorkingSet64 : 87883776
PeakVirtualMemorySize : 637603840
PeakVirtualMemorySize64 : 2225430663168
PriorityBoostEnabled : True
PrivateMemorySize64 : 25554944
PrivilegedProcessorTime : 00:00:00.0625000
ProcessName : Code
ProcessorAffinity : 255
Responding : True
SessionId : 1
StartInfo : System.Diagnostics.ProcessStartInfo
StartTime : 02-Jan-23 20:11:26
SynchronizingObject :
Threads : {11556, 21344, 18128, 21444, 14468, 9144, 18068, 17528, 20796, 13064, 17536, 18828, 19724, 18900}
UserProcessorTime : 00:00:00.4687500
VirtualMemorySize64 : 2225325289472
EnableRaisingEvents : False
StandardInput :
StandardOutput :
StandardError :
WorkingSet64 : 82386944
Site :
Container :
#>
Update
Clear-Host
Get-Process |
Where-Object {$PSItem.ProcessName -eq 'Code'} |
Select-Object -Property Id, Name, ProcessName, Description, Product
# Results
<#
Id : 6228
Name : Code
ProcessName : Code
Description : Visual Studio Code
Product : Visual Studio Code
...
#>
Group data and details.
Clear-Host
Get-Process |
Select-Object -Property Id, Name, ProcessName, Description, Product |
Group-Object -Property ProcessName
# Results
<#
Count Name Group
----- ---- -----
...
12 Code {@{Id=6228; Name=Code; ProcessName=Code; Description=Visual Studio Code; Product=Visual Studio Code}, @{Id=9308; Name=Code; ProcessName=Code; Descri...
...
#>
Clear-Host
(
Get-Process |
Select-Object -Property Id, Name, ProcessName, Description, Product |
Group-Object -Property ProcessName
).Group
# Results
<#
...
Id : 6228
Name : Code
ProcessName : Code
Description : Visual Studio Code
Product : Visual Studio Code
Id : 9308
Name : Code
ProcessName : Code
Description : Visual Studio Code
Product : Visual Studio Code
Id : 9448
Name : Code
ProcessName : Code
Description : Visual Studio Code
Product : Visual Studio Code
...
#>
Update as per my comment about the child-parent resolution approach.
Clear-host
# The environment this code is being executed from
Get-Process -Name powershell_ise
# Some external command thing
$PingCommand = cmd.exe /c where ping
'https://stackoverflow.com/', 'www.google.com', 'www.yahoo.com' |
ForEach-Object {Start-Process -FilePath $PingCommand $PSItem}
# Get parent and child details
Get-CimInstance -Class Win32_Process -Filter "name ='ping.exe'" |
Select-Object -Property @{
Name = 'ParentProcessName'
Expression = {(Get-Process -Id $($PSItem.ParentProcessId)).Description}
}, ParentProcessId, ProcessName, ProcessId, CommandLine
# Results
<#
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
1008 70 308036 366812 294.80 19824 1 powershell_ise
ParentProcessName : Windows PowerShell ISE
ParentProcessId : 19824
ProcessName : PING.EXE
ProcessId : 18248
CommandLine : "C:\Windows\System32\PING.EXE" www.google.com
ParentProcessName : Windows PowerShell ISE
ParentProcessId : 19824
ProcessName : PING.EXE
ProcessId : 5824
CommandLine : "C:\Windows\System32\PING.EXE" www.yahoo.com
#>
Or even this way.
($Process = Get-Process powershell_ise)
Start-Process 'cmd' '/C notepad.exe'
Get-CimInstance win32_process -Filter "ParentProcessId = $($Process.id)" |
Select-Object -Property @{
Name = 'ParentProcessName'
Expression = {(Get-Process -Id $($PSItem.ParentProcessId)).Description}
}, ParentProcessId, ProcessName, ProcessId, CommandLine
# Results
<#
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
975 71 324604 385188 397.77 19824 1 powershell_ise
ParentProcessName : Windows PowerShell ISE
ParentProcessId : 19824
ProcessName : conhost.exe
ProcessId : 4888
CommandLine : \??\C:\Windows\system32\conhost.exe 0x4
ParentProcessName : Windows PowerShell ISE
ParentProcessId : 19824
ProcessName : cmd.exe
ProcessId : 17180
CommandLine : "C:\Windows\system32\cmd.exe" /C notepad.exe
#>
Then of course use the Group-Object cmdlet already shown earlier.
CodePudding user response:
I find out 2 solution so far:
We can use pslist64.exe -t from Sysinternals.
Solution Result 2 - powershell
function Get-ProcessAndChildProcesses($Level, $Process) {
"{0}[{1,-5}] [{2}]" -f (" " * $Level), $Process.ProcessId, $Process.Name
$Children = $Global:Processes | where-object {$_.ParentProcessId -eq $Process.ProcessId -and $_.CreationDate -ge $Process.CreationDate}
if ($Children -ne $null) {
foreach ($Child in $Children) {
Get-ProcessAndChildProcesses ($Level 1) $Child
}
}
}
$Global:Processes = Get-WMIObject -Class Win32_Process
$RootProcesses = @()
# Process "System Idle Process" is processed differently, as ProcessId and ParentProcessId are 0
# $Global:Processes is sliced from index 1 to the end of the array
foreach ($Process in $Global:Processes[1..($Global:Processes.length-1)]) {
$Parent = $global:Processes | where-object {$_.ProcessId -eq $Process.ParentProcessId -and $_.CreationDate -lt $Process.CreationDate}
if ($Parent -eq $null) {
$RootProcesses = $Process
}
}
#Process the "System Idle process" separately
"[{0,-5}] [{1}]" -f $Global:Processes[0].ProcessId, $Global:Processes[0].Name
foreach ($Process in $RootProcesses) {
Get-ProcessAndChildProcesses 0 $Process
}
Solution Result 2 - powershell
[25488] [Code.exe]
[15040] [Code.exe]
[23652] [Code.exe]
[13024] [Code.exe]
[3800 ] [Code.exe]
[29312] [Code.exe]
[24024] [Code.exe]
[20220] [Code.exe]
[3888 ] [Code.exe]
[31408] [Code.exe]
[3976 ] [Code.exe]
[1348 ] [TabNine.exe]
[39240] [conhost.exe]
[30688] [TabNine.exe]
[41152] [TabNine-deep-local.exe]
[23768] [Code.exe]
[31400] [Code.exe]
[33528] [Code.exe]
[7504 ] [TabNine.exe]
[11088] [conhost.exe]
[38000] [TabNine.exe]
[3892 ] [WD-TabNine.exe]
[28860] [Code.exe]
[32068] [Code.exe]
[32316] [Code.exe]
[33768] [Code.exe]
[33124] [Code.exe]
[33160] [Code.exe]
[33708] [Code.exe]
[37204] [Code.exe]
[30968] [TabNine.exe]
[28224] [conhost.exe]
[40740] [TabNine.exe]
[24716] [Code.exe]
[32776] [Code.exe]
[32740] [Code.exe]
[32132] [python.exe]
[37124] [conhost.exe]
[33344] [Code.exe]
[36212] [Code.exe]
[1100 ] [TabNine.exe]
[38124] [conhost.exe]
[28104] [TabNine.exe]
[27296] [Code.exe]
[30732] [Code.exe]
[27844] [conhost.exe]
[32736] [powershell.exe]
[28736] [conhost.exe]
[36304] [powershell.exe]
[30308] [conhost.exe]
[37160] [powershell.exe]
[11316] [conhost.exe]
[39156] [powershell.exe]
[31036] [Code.exe]
[31056] [Code.exe]
[31184] [Code.exe]
[31272] [Code.exe]
[38408] [CodeSetup-stable-e8a3071ea4344d9d48ef8a4df2c097372b0c5161.exe]
[38552] [CodeSetup-stable-e8a3071ea4344d9d48ef8a4df2c097372b0c5161.tmp]