powershell PowerShell：Get-Handles

Posted 2021-05-22

function Get-Handles {
	[CmdletBinding(SupportsShouldProcess=$True,DefaultParameterSetName="None")]
	PARAM(
	    [Parameter(Mandatory = $false, Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
		[ValidateScript({Test-Path $_ -PathType 'Leaf'})]
		[string]
		$PathToHandle = "$PSScriptRoot\handle.exe"
		,
		[Parameter(Mandatory = $false, Position = 1, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName="p1")]
		[string]
		$Pattern
		,
		[Parameter(Mandatory = $false, Position = 1, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName="p2")]
		[string]
		$Name
	)
	
	begin {
        Write-Verbose "PathToHandle: $PathToHandle"
        Write-Verbose "Pattern: $Pattern"
        Write-Verbose "Name: $Name"
	}

	process {
		# Get the console output of HANDLE.EXE from Sysinternals into a Powershell Variable
        if ($Name) {
        	$RegExPattern1 = "^(?<process>\S*) pid: (?<pid>\S*) (?<owner>.*)$"
        	$RegExPattern2 = "^\s*(?<handle>\S*):\s*(?<type>\S*)\s*\((?<access>\S*)\)\s*(?<fullname>.*)$"
            Write-Verbose "RegExPattern1: $RegExPattern1"
            Write-Verbose "RegExPattern2: $RegExPattern2"
		    & $PathToHandle -accepteula -p "$Name" 2>&1 | % {
                if ($_) {
			        if ($_ -match $RegExPattern1) {
                        $_process = $Matches.process
                        $_pid = $Matches.pid
                        $_owner = $Matches.owner
                    }
			        if ($_ -match $RegExPattern2) {
                        $_handle = $Matches.handle
                        $_type = $Matches.type
                        if ($Matches.access) {
                            $_access = @()
                            if ($Matches.access.ToLower().contains('r')) {$_access += "Read"}
                            if ($Matches.access.ToLower().contains('w')) {$_access += "Write"}
                            if ($Matches.access.ToLower().contains('d')) {$_access += "Delete"}
                        }
                        $_fullname = $Matches.fullname
                    }
                    if ($_process) {
				        $handle = @{}
				        $handle.process = $_process
				        $handle.pid = $_pid
                        $handle.owner = $_owner
				        $handle.handle = $_handle
				        $handle.type = $_type
				        $handle.access = $_access
				        $handle.fullname = $_fullname
				        New-Object -TypeName PSObject -Property $handle
                    }
                }
            }
        } else {
        	$RegExPattern = "^(?<process>\S*)\s*pid: (?<pid>\S*)\s*type: (?<type>\S*)\s*(?<handle>\S*): (?<fullname>.*)$"
            Write-Verbose "RegExPattern: $RegExPattern"
		    & $PathToHandle -accepteula "$Pattern" 2>&1 | % {
			    if ($_ -match $RegExPattern) {
				    $handle = @{}
				    $handle.process = $Matches.process
				    $handle.pid = $Matches.pid
				    $handle.type = $Matches.type
				    $handle.handle = $Matches.handle
				    $handle.fullname = $Matches.fullname
				    New-Object -TypeName PSObject -Property $handle
                }
            }
		}
	}
	
	end {
        Write-Verbose "Exiting"
	}
}