2

I am trying to get all the suspended tasks from a terminal server running windows server 2012.

I have tried using powershell with wmi object like so:

Get-WmiObject -Class Win32_Process -ComputerName computername -Property status

But the status property of all the processes is empty, yet it shows up in the details view of the task manager like so:

enter image description here

I have also tried the following code to try and get the status of the running threads:

$processes = Get-Process * -ComputerName ppivts | select name,threads

foreach ($process in $processes)
{
   foreach ($thread in $process.Threads)
   {
       if($thread.ThreadState -ne "Wait"){
           $process.Name
           $thread.ThreadState
       }
   }

}

This does not work either. How do I get the status of the process and more specifically the suspended ones?

4

2 回答 2

3

You could improve the latter code snippet as follows:

$processes = Get-Process *
$processHt = @{}                                 # empty hash table
foreach ($process in $processes) {
  foreach ($thread in $process.Threads) {   
    if($thread.ThreadState -eq "Wait") {
      if ( $processHt.Containskey( $process.Name ) ) {
        if ( $processHt[$process.Name] -match $($thread.WaitReason.ToString()) ) {
        } else {
          $processHt[$process.Name] += ",$($thread.WaitReason.ToString())"
        }
      } else {
        $processHt.Add( $process.Name , $thread.WaitReason.ToString() )
      }
    }
  }
}

"`n=== all threads suspended ==="
$processHt.Keys | Where-Object { $processHt[$_] -eq 'Suspended' }
"`n=== some thread suspended ==="
$processHt.Keys | Where-Object { $processHt[$_] -match 'Suspended' } | 
  ForEach-Object { @{ $_ = $processHt[$_] } } |
  Format-Table -AutoSize -HideTableHeaders       # merely for simple output look

Sample output:

PS D:\PShell> D:\PShell\SO\46546587.ps1

=== all threads suspended ===
WWAHost

=== some thread suspended ===

System   FreePage,Executive,EventPairLow,Suspended,VirtualMemory,LpcReceive,ExecutionDelay
WWAHost  Suspended                                                                        
explorer UserRequest,Executive,EventPairLow,Suspended                                     



PS D:\PShell>

Corresponding Task Manager screenshot:

Corresponding Task Manager screenshot

于 2017-10-05T08:52:15.200 回答
0

This Powershell WMI code will work on both local and remote PC

    $fname = "csrss.exe"
    $ComputerName = "Server"
    Get-WmiObject -ComputerName $ComputerName Win32_Process | where Name -eq $fname |
        Foreach{
            $processHandle = $_.handle
            echo "processHandle=$processHandle"
            $Threads = Get-WmiObject -ComputerName $ComputerName -Class Win32_Thread | Where-Object { $_.ProcessHandle -eq $processHandle }
            "The $name process has $($threads.count) threads"
            $threads | Format-Table -Property priority, Handle, ProcessHandle, thread*, ProcessCreation, ClassName, User*Time, kernel*Time
    }
    # ThreadStates:
    #  0 - Initialized. It is recognized by the microkernel.
    #  1 - Ready. It is prepared to run on the next available processor.
    #  2 - Running. It is executing.
    #  3 - Standby. It is about to run. Only one thread may be in this state at a time.
    #  4 - Terminated. It is finished executing.
    #  5 - Waiting. It is not ready for the processor. When ready, it will be rescheduled.
    #  6 - Transition. The thread is waiting for resources other than the processor.
    #  7 - Unknown. The thread state is unknown.
    # ThreadWaitReason:
    #  0 - Executive
    #  1 - FreePage
    #  2 - PageIn
    #  3 - PoolAllocation
    #  4 - ExecutionDelay
    #  5 - FreePage
    #  6 - PageIn
    #  7 - Executive
    #  8 - FreePage
    #  9 - PageIn
    # 10 - PoolAllocation
    # 11 - ExecutionDelay
    # 12 - FreePage
    # 13 - PageIn 
    # 14 - EventPairHigh
    # 15 - EventPairLow
    # 16 - LPCReceive
    # 17 - LPCReply
    # 18 - VirtualMemory
    # 19 - PageOut
    # 20 - Unknown
于 2020-05-18T20:16:53.767 回答