Powershell - Process List with arguments

Question

I am trying to find a way to list processes with;

PID
Process Name
CPU Usage
Execution Path
Port Number (TCP and UDP)
Description

and export it in a csv file.

Is it possible? If not, can this list be configured to search the process name as "like process_name" ?

For example, list multiple process names (as I specify) with other arguments.

So far, I've found this one but it doesn't include the port numbers;

Get-Process | select id, processname,cpu,path,description | where {$_.path -like "*postgre*"} | Export-Csv -Path C:\temp\process.csv -Delimiter ',' -NoTypeInformation

Thanks.

You need to explore what information is available from the [`Get-Process` cmdlet](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-process?view=powershell-7.1), or from the [`Win32_Process` WMI class](https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-process). You may find the [`Get-Member` cmdlet](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-member?view=powershell-7.1) to be of interest for such explorations. — Jeff Zeitlin, Nov 25 '20 at 15:49
You may find [this question here on StackOverflow](https://stackoverflow.com/questions/48198/how-can-you-find-out-which-process-is-listening-on-a-port-on-windows) to be of interest as well, though it comes at the information from the other direction. — Jeff Zeitlin, Nov 25 '20 at 15:51
Hi, thanks for the comment. Unfortunately, I couldn't find a way from these links to develop this script. I am not a powershell spec. as well. If you can help on this, I am appreciated. — Melih, Nov 25 '20 at 16:00
The best way to learn is by doing. There are plenty of people who will be willing to assist you if you show your efforts; you will get very little help if you are perceived as asking us to write the script for you. One cmdlet that every PowerShell script-writer finds indispensible is [`Where-Object`](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/where-object?view=powershell-7.1). — Jeff Zeitlin, Nov 25 '20 at 16:09
Can you expand on what you want from `Port Number (TCP and UDP)`, is it the ports a process is listening on or any active connections it has? — PMental, Nov 25 '20 at 16:49

score 1 · Accepted Answer · answered Nov 26 '20 at 18:44

Here's a new function I whipped together called Get-ProcessPlus. It supports calling with process name(s) or process id(s) or without any parameters (will return all processes).

Example of output:

ProcessName   : NVIDIA Web Helper
Id            : 10184
Description   : NVIDIA Web Helper Service
Path          : C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
CPU usage (s) : 0,59375
TCP Addresses : 127.0.0.1
TCP Ports     : 13549
UDP Addresses : 127.0.0.1
UDP Ports     : 10010

Either run this code in ISE or VSCode, save it and dot source it (eg. . c:\path\to\Get-ProcessPlus.ps1 or maybe add it to your profile.

Then just call it with Get-ProcessPlus. Using a parameter name is optional, just providing one or more process ids or names will work, eg. Get-ProcessPlus chrome,firefox or Get-ProcessPlus 1044,894,432.

Finally, here's the code:

function Get-ProcessPlus {
    [CmdletBinding(DefaultParameterSetName = 'Default')]
    param (
        [Parameter(ParameterSetName='ProcessName',Position = 0)]
        [string[]]
        $Name,
        [Parameter(ParameterSetName='PID',Position = 0)]
        [int[]]
        $Id

    )
    # Check which parameter set is in use and get our processes
    switch ($PSCmdlet.ParameterSetName) {
        'ProcessName' {
            $AllProcesses = Get-Process -Name $Name
            break
        }
        'PID' {
            $AllProcesses = Get-Process -Id $Id
            break
        }
        default { $AllProcesses = Get-Process }
    }
    foreach ($Process in $AllProcesses) {
        # Retrieve TCP and UDP Connection information for the current process (if any)
        $UDPConnections = Get-NetUDPEndpoint -OwningProcess $Process.Id -ErrorAction Ignore |
            Select-Object LocalAddress,LocalPort
        $TCPConnections = Get-NetTCPConnection -OwningProcess $Process.Id -State Listen -ErrorAction Ignore |
            Select-Object LocalAddress,LocalPort
        $TCPPorts = $TCPConnections.LocalPort | Where-Object { $null -ne $_} | Select-Object -Unique
        $UDPPorts = $UDPConnections.LocalPort | Where-Object { $null -ne $_} | Select-Object -Unique
        $TCPAddresses = $TCPConnections.LocalAddress | Select-Object -Unique
        $UDPAddresses = $UDPConnections.LocalAddress | Select-Object -Unique
        # Collect and output all information about the current process
        [PSCustomObject] @{
            'ProcessName'   = $Process.ProcessName
            'Id'            = $Process.Id
            'Description'   = $Process.Description
            'Path'          = $Process.Path
            'CPU usage (s)' = $Process.CPU
            'TCP Addresses' = $TCPAddresses
            'TCP Ports'     = $TCPPorts
            'UDP Addresses' = $UDPAddresses
            'UDP Ports'     = $UDPPorts
        }
    }
}

Hi, Thank you for your help and time. This was definitely what I was looking for. Thanks again — Melih, Nov 27 '20 at 07:15

Powershell - Process List with arguments

1 Answers1