这是我的 powershell 命令:powershell -noprofile -NonInteractive -Command "(gwmi win32_process | select ProcessID,ParentProcessID,@{e={$_.GetOwner().User}}, CommandLine) | ft -AutoSize"
当我运行它时我得到以下输出
C:\Users\Administrator>powershell -noprofile -NonInteractive -Command "(gwmi win32_process | select ProcessID,ParentProcessID,@{e={$_.GetOwner().User}}, CommandLine) | ft -AutoSize"
ProcessID ParentProcessID $_.GetOwner().User CommandLine
--------- --------------- ------------------ -----------
0 0
4 0
236 4 SYSTEM
332 320 SYSTEM
384 320 SYSTEM wininit.exe
392 376 SYSTEM
420 376 SYSTEM winlogon.exe
476 384 SYSTEM
484 384 SYSTEM C:\Windows\system32\lsass.exe
544 476 SYSTEM C:\Windows\system32\svchost.exe -k DcomLaunch
584 476 NETWORK SERVICE C:\Windows\system32\svchost.exe -k RPCSS
680 420 DWM-1 "dwm.exe"
...
1256 1176 Administrator "C:\cygwin64\bin\mintty.exe" -i /Cygwin-Terminal.ico -
3052 3000 Administrator \??\C:\Windows\system32\conhost.exe 0x4
2760 2856 Administrator "C:\cygwin64\bin\bash.exe"
2104 1176 Administrator "C:\Windows\system32\cmd.exe"
1504 2104 Administrator \??\C:\Windows\system32\conhost.exe 0x4
2440 1108 Administrator "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
1268 2440 Administrator "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2440.0.15...
2472 2440 Administrator "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image...
1496 2440 Administrator "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image...
2640 2840 user001 C:\Windows\system32\cmd.exe /c c:\windows\temp\tmpyaoyv0.bat
1040 2640 user001 \??\C:\Windows\system32\conhost.exe 0x4
我希望能够过滤user001流程
如果我使用对象位置,我收到此错误:
+ ... where-object {$.e -eq user001} | ft -AutoSize
+ ~~~
+ CategoryInfo : ObjectNotFound: ($.e:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
如果我使用在哪里, 我懂了:
}}, CommandLine) | where $_.GetOwner().User -eq 'user001' | ft -AutoSize"
You cannot call a method on a null-valued expression.
At line:1 char:1
+ (gwmi win32_process | select ProcessID,ParentProcessID,@{e={$_.GetOwner().User}} ..
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
那么正确的过滤方法是什么$_.GetOwner().User?
答案1
你的错误只是由于未使用 而导致的标准语法错误$_。如果你确实使用了 propper,$_.attribute你会因为未引用 而收到另一个错误user001。
忽略语法错误,您可能需要做的是为 Select-Object 表达式中的值设置一个名称。这样您以后就可以轻松使用它。
(gwmi win32_process | `
Select-Object ProcessID, ParentProcessID, `
@{Name='Owner';
Expression={$_.GetOwner().User}}, `
CommandLine) | `
Where-Object {$_.Owner -eq 'user001'}