Get a list of processes running on a machine
Syntax
Get-Process [[-name] string[]] [CommonParameters]
Get-Process -id Int32[] [CommonParameters]
Get-Process -inputObject Process[] [CommonParameters]
Key
-name
Process name(s)
Separate multiple process names with commas or use wildcard characters.
The -Name is optional.
-inputObject
Accept a process object as input to Get-Process.
A variable, command or expression that returns the process object(s)
-id
Process ID(s) (PID). Use commas to separate multiple PIDs.
To find the PID of a process, type "get-process".
CommonParameters:
-Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutVariable.
Examples
List all the processes running on the local PC:
PS C:>get-process
List all available data about Winword and Explorer processes on this computer:
PS C:>get-process winword, explorer | format-list *
List the available properties of process objects:
PS C:>Get-Process | Get-Member
List the top 5 processes using the most CPU time:
PS C:>Get-Process | sort CPU | select -last 5
Get all processes that have a working set greater than 20 MB.:
PS C:>get-process | where-object {$_.WorkingSet -gt 20000000}
List processes grouped by priority.:
PS C:>$a = get-process
get-process -inputobject $a | format-table -view priority
List all processes beginning with "s", and see when each running program was last updated. (This can be a handy way of discovering malware) This is done by piping the pathname of each executable into DIR and sorting by the last write time:
PS C:>get-process s*|where {s$_.Path} | dir | sort LastWriteTime |
format-table fullname, name,@{label="LastWriteTime";Expr={$_.LastWriteTime}
Related:
Stop-Process - Stop a running process (kill)
Equivalent bash command:
ps - Process status
