Search

Get-Process

[- Disclaimer -] 아래 내용은 정보보안 공부 목적으로 작성된 것이나, 이를 토대로 허가되지 않은 대상에 실습을 진행할 경우 해킹 시도로 간주하여 법적 처벌을 받을 수 있음을 알려 드립니다.
Get-Process
✦ 현재 Process 확인
PS C:\> Get-Process Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName ------- ------ ----- ----- ------ -- -- ----------- 390 22 13084 28748 0.42 9308 3 ApplicationFrameHost 693 42 140240 15916 3836 0 ASDSvc 553 14 16496 22684 1.95 8064 0 audiodg 508 26 18988 1848 2.06 4080 3 Calculator 102 7 6224 2092 3320 0 conhost 221 14 4292 17432 7.78 11388 3 conhost 671 50 27740 28756 3.94 11240 3 Cortana 152 13 1744 7928 0.67 9528 3 CrossEXService 772 24 2396 4180 660 0 csrss 593 24 2424 6596 11248 3 csrss 416 16 4008 19732 5.06 9176 3 ctfmon 358 17 4028 8956 10404 0 dasHost 965 45 65968 58212 5044 3 dwm 2253 93 75780 129152 77.25 9980 3 explorer 32 6 2400 992 308 0 fontdrvhost 32 10 7460 9456 10344 3 fontdrvhost 174 12 2508 3512 3908 0 Goji 90 6 1108 2320 3412 0 ibtsiva 0 0 60 8 0 0 Idle 174 10 1704 4040 1924 0 igfxCUIService 223 15 3568 13272 1.06 5920 3 igfxEM 168 10 3208 4276 3708 0 IniClientSvc_x64 165 14 2768 7788 1.27 7352 3 INISAFEAdminUtil 377 33 14116 13080 2.63 7136 3 INISAFECrossWebEXSvc 171 9 1560 2460 3432 0 IntelCpHDCPSvc 250 15 3412 3468 3876 0 IntelCpHeciSvc 147 10 1320 7440 0.06 1628 3 jusched 355 22 18564 11796 2.59 10744 3 keysharpnxbiz 1384 27 7668 14572 908 0 lsass 0 0 1004 31432 1460 0 Memory Compression 209 13 1888 344 1252 0 MicrosoftEdgeUpdate 1435 59 41756 109552 103.33 3584 3 msedge 213 13 7248 15828 0.19 4456 3 msedge 314 18 7560 20668 2.11 8012 3 msedge 574 29 128592 135992 106.94 8564 3 msedge 221 13 6908 17084 0.31 8656 3 msedge 310 17 13028 32752 11.22 9356 3 msedge 161 9 1956 7288 0.03 10668 3 msedge 418 27 256068 245800 573.20 11196 3 msedge 848 87 371364 297164 7116 0 MsMpEng 212 13 3464 9640 216 0 NisSrv 1234 119 73300 14036 10708 3 nosstarter.npe 338 31 12720 1460 3868 0 nossvc 843 38 51020 94576 68.56 1636 3 Notion 280 17 25412 54372 0.88 1880 3 Notion 281 17 25348 67856 0.69 4836 3 Notion 448 25 15604 43584 6.17 5984 3 Notion 408 27 114056 246800 173.13 6168 3 Notion 259 38 19540 43872 1.95 6904 3 Notion 234 12 9788 24456 0.14 6920 3 Notion 260 16 32500 70972 10.72 7976 3 Notion 510 27 188520 250172 81.03 10036 3 Notion 264 17 31368 70204 6.33 10488 3 Notion 363 23 69432 157172 25.33 11684 3 Notion 189 7 1508 2112 3852 0 ObCrossEXService 114 9 1264 2700 0.13 1000 3 oCamTask 690 28 13840 26440 10364 0 officeclicktorun 532 31 12212 1556 3.53 12120 3 OneDrive 577 31 61776 77020 9.19 10948 3 powershell 242 28 24304 3768 4380 0 PresentationFontCache 232 17 2840 1896 3924 0 PTMFire 356 15 3984 13456 0.53 11032 3 RAVCpl64 0 16 6828 42560 92 0 Registry 287 14 3664 14784 0.97 1640 3 RuntimeBroker 202 11 2716 16104 0.39 4136 3 RuntimeBroker 322 17 4100 20100 9.52 4644 3 RuntimeBroker 478 22 7152 27644 3.20 6736 3 RuntimeBroker 306 17 6432 25868 5.11 8412 3 RuntimeBroker 118 7 1580 6980 0.11 9912 3 RuntimeBroker 1039 72 81132 49960 7.61 7476 3 SearchApp 591 19 6392 14440 9548 0 SecurityHealthService 161 9 1768 9276 0.14 3088 3 SecurityHealthSystray 724 12 6232 7848 888 0 services 105 7 5228 4900 3172 0 SgrmBroker 555 26 14648 46980 1.84 6308 3 ShellExperienceHost 533 17 5800 25260 12.20 7628 3 sihost 325 27 6648 8868 4016 0 smmgr 53 3 1080 440 408 0 smss 520 27 6832 6776 3152 0 spoolsv 591 28 23864 66888 3.88 1792 3 StartMenuExperienceHost 539 27 16824 3092 54.03 9456 3 StSess 176 15 3196 2468 12.70 7872 3 StSess32 1445 25 14180 23668 64 0 svchost 470 14 11792 14472 832 0 svchost 1255 18 10200 13220 928 0 svchost 221 11 2040 6996 960 0 svchost 321 11 2872 5732 1052 0 svchost 256 13 2752 6052 1208 0 svchost 175 13 1712 2416 1236 0 svchost 276 19 2848 6976 1244 0 svchost 171 10 1840 4504 1256 0 svchost 328 9 2044 4816 1344 0 svchost 404 24 5376 12672 1396 0 svchost 338 11 2644 4176 1408 0 svchost 137 10 1560 2200 1432 0 svchost 430 13 14648 13108 1604 0 svchost 255 14 3444 7760 1688 0 svchost 254 15 88508 76820 1696 0 svchost 172 9 1832 4576 1704 0 svchost 224 7 1300 1948 1724 0 svchost 242 19 2404 3844 1772 0 svchost 134 20 4268 4268 1864 0 svchost 179 13 1996 5308 1888 0 svchost 284 10 2504 4160 1932 0 svchost 300 18 5044 12312 1996 0 svchost 182 9 1800 4020 2008 0 svchost 169 10 2108 6156 2016 0 svchost 178 9 1632 3404 2044 0 svchost 411 18 5404 9020 2088 0 svchost 506 20 6184 10996 2200 0 svchost 437 12 3256 6424 2268 0 svchost 431 20 6340 10076 2280 0 svchost 400 14 3720 9940 2348 0 svchost 143 11 1660 3088 2568 0 svchost 316 15 3984 6648 2576 0 svchost 382 15 2728 5652 2584 0 svchost 231 14 2644 8540 2680 0 svchost 399 12 3612 11860 2780 0 svchost 278 10 2820 7448 2844 0 svchost 232 16 11840 14792 2920 0 svchost 228 12 2524 5604 3168 0 svchost 441 32 12980 15516 3208 0 svchost 184 11 1992 3084 3256 0 svchost 161 7 1608 2280 3392 0 svchost 299 29 7224 12868 3404 0 svchost 417 31 29364 30492 3424 0 svchost 387 18 13768 17828 3468 0 svchost 133 9 1552 1692 3532 0 svchost 286 13 4828 7196 3568 0 svchost 182 10 1884 3604 3592 0 svchost 125 7 1256 1944 3608 0 svchost 106 7 1352 1360 3632 0 svchost 376 18 4468 14104 3688 0 svchost 220 11 2444 4576 3980 0 svchost 365 17 2832 6568 4108 0 svchost 205 11 2288 4404 4264 0 svchost 381 24 3332 5708 4312 0 svchost 191 15 6040 3396 4804 0 svchost 215 11 2744 6076 4848 0 svchost 141 9 1504 2072 5180 0 svchost 124 8 1432 3108 5452 0 svchost 124 8 1648 7884 5528 0 svchost 110 8 1568 2568 5532 0 svchost 350 18 5720 18868 0.84 6100 3 svchost 198 12 2896 7036 6212 0 svchost 177 9 1540 3468 6336 0 svchost 172 9 1840 7608 6660 0 svchost 336 16 6720 19652 5.67 6912 3 svchost 112 7 1244 5448 7480 0 svchost 259 13 3276 18516 1.02 7564 3 svchost 149 14 40900 41288 9084 0 svchost 296 17 4096 10840 10016 0 svchost 270 15 2884 4712 10332 0 svchost 249 14 2816 11712 0.36 10452 3 svchost 472 23 8192 33600 3.13 10640 3 svchost 190 10 1852 8608 11824 0 svchost 537 17 6316 18112 4.05 10692 3 SynTPEnh 250 6 1188 2552 3600 0 SynTPEnhService 75 7 1056 4856 0.03 988 3 SynTPHelper 3655 0 248 16492 4 0 System 740 35 19576 2204 2.83 8916 3 SystemSettings 263 27 5392 14836 1.34 9172 3 taskhostw 607 24 11668 42708 1.97 1716 3 TextInputHost 137 10 1996 9960 0.20 12124 3 UserOOBEBroker 214 14 3272 12660 1.09 5440 3 veraport-x64 354 43 20612 15544 3.77 6460 3 VestCert 126 11 2056 2908 3884 0 vmnat 81 8 4540 884 3860 0 vmnetdhcp 332 17 6120 5840 1120 0 vmware-authd 470 36 33984 13668 5748 0 vmware-hostd 191 17 3604 10804 0.09 7328 3 vmware-tray 225 13 2772 5332 4100 0 vmware-usbarbitrator64 167 12 1516 3716 768 0 wininit 278 12 2440 10604 10300 3 winlogon 105 7 1132 2448 3288 0 wlanext 253 21 7868 6812 3892 0 wpmsvc 147 52 5208 3424 4024 0 WSLocalServer PS C:\>
Plain Text
복사
Process 관련 명령어 확인
PS C:\> Get-Command *process* CommandType Name Version Source ----------- ---- ------- ------ Function Get-AppvVirtualProcess 1.0.0.0 AppvClient Function Start-AppvVirtualProcess 1.0.0.0 AppvClient Cmdlet ConvertTo-ProcessMitigationPolicy 1.0.12 ProcessMitigations Cmdlet Debug-Process 3.1.0.0 Microsoft.PowerShell.Management Cmdlet Enter-PSHostProcess 3.0.0.0 Microsoft.PowerShell.Core Cmdlet Exit-PSHostProcess 3.0.0.0 Microsoft.PowerShell.Core Cmdlet Get-Process 3.1.0.0 Microsoft.PowerShell.Management Cmdlet Get-ProcessMitigation 1.0.12 ProcessMitigations Cmdlet Get-PSHostProcessInfo 3.0.0.0 Microsoft.PowerShell.Core Cmdlet Set-ProcessMitigation 1.0.12 ProcessMitigations Cmdlet Start-Process 3.1.0.0 Microsoft.PowerShell.Management Cmdlet Stop-Process 3.1.0.0 Microsoft.PowerShell.Management Cmdlet Wait-Process 3.1.0.0 Microsoft.PowerShell.Management Application qprocess.exe 10.0.19... C:\WINDOWS\system32\qprocess.exe PS C:\>
Plain Text
복사
Cmdlet Type의 Process 관련 명령어 확인
PS C:\> Get-Command -Commandtype Cmdlet *process* CommandType Name Version Source ----------- ---- ------- ------ Cmdlet ConvertTo-ProcessMitigationPolicy 1.0.12 ProcessMitigations Cmdlet Debug-Process 3.1.0.0 Microsoft.PowerShell.Management Cmdlet Enter-PSHostProcess 3.0.0.0 Microsoft.PowerShell.Core Cmdlet Exit-PSHostProcess 3.0.0.0 Microsoft.PowerShell.Core Cmdlet Get-Process 3.1.0.0 Microsoft.PowerShell.Management Cmdlet Get-ProcessMitigation 1.0.12 ProcessMitigations Cmdlet Get-PSHostProcessInfo 3.0.0.0 Microsoft.PowerShell.Core Cmdlet Set-ProcessMitigation 1.0.12 ProcessMitigations Cmdlet Start-Process 3.1.0.0 Microsoft.PowerShell.Management Cmdlet Stop-Process 3.1.0.0 Microsoft.PowerShell.Management Cmdlet Wait-Process 3.1.0.0 Microsoft.PowerShell.Management PS C:\>
Plain Text
복사
Get-Process 옵션 상세 확인
PS C:\> Get-Help Get-Process -detailed 이름 Get-Process 구문 Get-Process [[-Name] <string[]>] [<CommonParameters>] Get-Process [[-Name] <string[]>] [<CommonParameters>] Get-Process [<CommonParameters>] Get-Process [<CommonParameters>] Get-Process [<CommonParameters>] Get-Process [<CommonParameters>] 매개 변수 -ComputerName <string[]> -FileVersionInfo -Id <int[]> -IncludeUserName -InputObject <Process[]> -Module -Name <string[]> <CommonParameters> 이 cmdlet은 Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable 및 OutVariable과 같은 일반 매개 변수를 지원합니다. 자세한 내용은 about_CommonParameters(https://go.microsoft.com/fwlink/?LinkID=113216)를 참조하십시오. 별칭 gps ps 설명 Get-Help가 이 컴퓨터에서 이 cmdlet에 대한 도움말 파일을 찾을 수 없습니다. 일부 도움말만 표시합니다. -- 이 cmdlet을 포함하는 모듈에 대한 도움말 파일을 다운로드하여 설치하려면 Update-Help를 사용하십시오. -- 이 cmdlet에 대한 도움말 항목을 온라인으로 보려면 "Get-Help Get-Process -Online"을 입력하거나 https://go.microsoft.com/fwlink/?LinkID=113324(으)로 이동하십시오. PS C:\>
Plain Text
복사
Get-Process 사용 예시 확인 ?? - Ex)
✦ -detaild 말고도 확인 가능한 방법
// 안 나오네... PS C:\> Get-Help Get-Process -examples 이름 Get-Process 별칭 gps ps 설명 Get-Help가 이 컴퓨터에서 이 cmdlet에 대한 도움말 파일을 찾을 수 없습니다. 일부 도움말만 표시합니다. -- 이 cmdlet을 포함하는 모듈에 대한 도움말 파일을 다운로드하여 설치하려면 Update-Help를 사용하십시오. -- 이 cmdlet에 대한 도움말 항목을 온라인으로 보려면 "Get-Help Get-Process -Online"을 입력하거나 https://go.microsoft.com/fwlink/?LinkID=113324(으)로 이동하십시오. PS C:\>
Plain Text
복사