Powershell：获取所有挂起的任务

Posted 2023-02-26

【中文标题】Powershell：获取所有挂起的任务

【英文标题】：Powershell: Get all suspended tasks

【发布时间】：2018-03-14 18:26:42

【问题描述】：

我正在尝试从运行 windows server 2012 的终端服务器获取所有挂起的任务。

我曾尝试使用带有 wmi 对象的 powershell，如下所示：

Get-WmiObject -Class Win32_Process -ComputerName computername -Property status

但是所有进程的status属性都是空的，但它在任务管理器的详细视图中显示如下：

我还尝试了以下代码来尝试获取正在运行的线程的状态：

$processes = Get-Process * -ComputerName ppivts | select name,threads

foreach ($process in $processes)

   foreach ($thread in $process.Threads)
   
       if($thread.ThreadState -ne "Wait")
           $process.Name
           $thread.ThreadState
       
   

这也不起作用。如何获取进程的状态，更具体地说是暂停的状态？

【问题讨论】：

@Persistent13 我已经查看了该解决方案，正如您从上面的代码中看到的那样，它不会返回暂停或正在运行的任务。它不反映在任务管理器中看到的内容。

@Persistent13 抱歉，我能够在 waitreason 枚举中找到暂停成员名称。所以，我应该可以查询。谢谢。

【参考方案1】：

你可以对后面的代码 sn-p 进行如下改进：

$processes = Get-Process *
$processHt = @                                 # empty hash table
foreach ($process in $processes) 
  foreach ($thread in $process.Threads)    
    if($thread.ThreadState -eq "Wait") 
      if ( $processHt.Containskey( $process.Name ) ) 
        if ( $processHt[$process.Name] -match $($thread.WaitReason.ToString()) ) 
         else 
          $processHt[$process.Name] += ",$($thread.WaitReason.ToString())"
        
       else 
        $processHt.Add( $process.Name , $thread.WaitReason.ToString() )
      
    
  


"`n=== all threads suspended ==="
$processHt.Keys | Where-Object  $processHt[$_] -eq 'Suspended' 
"`n=== some thread suspended ==="
$processHt.Keys | Where-Object  $processHt[$_] -match 'Suspended'  | 
  ForEach-Object  @ $_ = $processHt[$_]   |
  Format-Table -AutoSize -HideTableHeaders       # merely for simple output look 

样本输出：

PS D:\PShell> D:\PShell\SO\46546587.ps1

=== all threads suspended ===
WWAHost

=== some thread suspended ===

System   FreePage,Executive,EventPairLow,Suspended,VirtualMemory,LpcReceive,ExecutionDelay
WWAHost  Suspended                                                                        
explorer UserRequest,Executive,EventPairLow,Suspended                                     



PS D:\PShell> 

对应的任务管理器截图：

【参考方案2】：

此 Powershell WMI 代码可在本地和远程 PC 上运行

    $fname = "csrss.exe"
    $ComputerName = "Server"
    Get-WmiObject -ComputerName $ComputerName Win32_Process | where Name -eq $fname |
        Foreach
            $processHandle = $_.handle
            echo "processHandle=$processHandle"
            $Threads = Get-WmiObject -ComputerName $ComputerName -Class Win32_Thread | Where-Object  $_.ProcessHandle -eq $processHandle 
            "The $name process has $($threads.count) threads"
            $threads | Format-Table -Property priority, Handle, ProcessHandle, thread*, ProcessCreation, ClassName, User*Time, kernel*Time
    
    # ThreadStates:
    #  0 - Initialized. It is recognized by the microkernel.
    #  1 - Ready. It is prepared to run on the next available processor.
    #  2 - Running. It is executing.
    #  3 - Standby. It is about to run. Only one thread may be in this state at a time.
    #  4 - Terminated. It is finished executing.
    #  5 - Waiting. It is not ready for the processor. When ready, it will be rescheduled.
    #  6 - Transition. The thread is waiting for resources other than the processor.
    #  7 - Unknown. The thread state is unknown.
    # ThreadWaitReason:
    #  0 - Executive
    #  1 - FreePage
    #  2 - PageIn
    #  3 - PoolAllocation
    #  4 - ExecutionDelay
    #  5 - FreePage
    #  6 - PageIn
    #  7 - Executive
    #  8 - FreePage
    #  9 - PageIn
    # 10 - PoolAllocation
    # 11 - ExecutionDelay
    # 12 - FreePage
    # 13 - PageIn 
    # 14 - EventPairHigh
    # 15 - EventPairLow
    # 16 - LPCReceive
    # 17 - LPCReply
    # 18 - VirtualMemory
    # 19 - PageOut
    # 20 - Unknown