-
Notifications
You must be signed in to change notification settings - Fork 3
/
get_pid_services_from_perfmon.vbs
118 lines (93 loc) · 3.95 KB
/
get_pid_services_from_perfmon.vbs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
Dim processName, processNameForPerfmon
Dim computerName
If Wscript.Arguments.Count = 0 Then
Wscript.Echo "INVALID SYNTAX: Specify a process instance name, e.g. ""svchost#1"""
Wscript.Echo
Wscript.Echo "Usage: getPerfmonProcessPid.vbs PROCESS COMPUTER (optional)"
Wscript.Echo "Example: getPerfmonProcessPid.vbs svchost#3"
Wscript.Echo "Example: getPerfmonProcessPid.vbs svchost#3 SRV001"
Wscript.Echo
Wscript.Echo "Script prints the PID of the process. If process is associated with a"
Wscript.Echo "one or more services, then all associated services will be shown as well"
Wscript.Quit
End If
' Set remote computer if specified
If Wscript.Arguments.Count = 2 Then
computerName = WScript.Arguments.Item(1)
Else
computerName = "."
End If
processName = GetProcessNameWithoutInstance(WScript.Arguments.Item(0))
processNameForPerfmon = WScript.Arguments.Item(0)
' Used simply for easier sorting, requires .NET to be installed
Set processArray = CreateObject("System.Collections.ArrayList")
' Connect to WMI and execute query
Set objWMIService = GetObject("winmgmts:\\" & computerName & "\root\cimv2")
Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process WHERE Name='" & processName & ".exe'")
' Add minimum required data to array list
For Each objProcess in colProcessList
dtmStartTime = objProcess.CreationDate
If Not IsNull(objProcess.CreationDate) Then
identifier = objProcess.CreationDate & "|" & objProcess.ProcessId
processArray.Add identifier
End If
Next
' WMI already appears to return processes sorted, but we do this just be sure
processArray.Sort()
Dim counter
counter = 0
' Display the data
For Each processData in processArray
processIdPos = InStr(processData, "|")
If processIdPos > 0 Then
processNameWithInstance = processName
If counter > 0 Then
processNameWithInstance = processNameWithInstance & "#" & counter
End If
If processNameWithInstance = processNameForPerfmon Then
Dim servicesList
Wscript.Stdout.Write "Details for " & processNameForPerfmon & vbCRLF & vbCRLF
pid = Mid(processData, processIdPos + 1)
Wscript.Stdout.Write "Process ID: " & pid & vbCRLF & vbCRLF
' Get service(s) associated with this PID
servicesList = GetServiceNameFromPid(pid)
If UBound(servicesList) > 0 Then
Wscript.Stdout.Write "Associated Services:" & vbCRLF & "--------------------" & vbCRLF
For Each service in servicesList
Wscript.Stdout.Write service & vbCRLF
Next
End If
Exit For
End If
End If
counter = counter + 1
Next
' Returns 1 if "fileName" includes an extension (e.g. "notepad.exe"),
' otherwise 0
Function HasInstance(processName)
HasInstance = 0
If InStr(processName, "#") > 0 Then
HasInstance = 1
End If
End Function
' Returns the process name with an ".exe" extension, regardless of how it was passed in (svchost#3, notepad, ...)
Function GetProcessNameWithoutInstance(processName)
If HasInstance(processName) = 0 Then
GetProcessNameWithoutInstance = processName
Else
GetProcessNameWithoutInstance = Left(processName, InStr(processName, "#") - 1)
End If
End Function
' Returns the name of the service which is associated with this PID
Function GetServiceNameFromPid(pid)
Set colServices = objWMIService.ExecQuery("Select * from Win32_Service WHERE ProcessId=" & pid)
Dim myServicesList()
Dim arrayIndex
arrayIndex = 0
For Each objService in colServices
ReDim Preserve myServicesList(arrayIndex + 1)
myServicesList(arrayIndex) = objService.Name & " (" & objService.DisplayName & ")"
arrayIndex = arrayIndex + 1
Next
GetServiceNameFromPid = myServicesList
End Function