Common Commands Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 43 minutes
Difficulty
Intermediate
CEU/CPE
2
Video Transcription
00:00
Hello, everyone. I'm instructor Gerry Roberts, and this is Power Shell Scripting
00:06
video. We're gonna learn about managing processes using get process
00:10
we're gonna learn about stop process and start process.
00:16
Get process
00:18
is a C M D lit that allows you to manage local and remote processes in power shot.
00:23
If you don't specify a computer name, it automatically assumes that you're looking at your local process, so it'll find everything that's on your local machine.
00:33
Stop process is another committed you can use to manage processes, and it allows you to kill a process.
00:41
Start process is similar. Only it allows you to start a stopped process.
00:49
Now let's actually take a look at what that will look like when we run it in power show.
00:58
So in power show
01:00
we could do a couple different things with processes.
01:03
The 1st 1 we talked about was get process. Now we can do
01:10
just get process.
01:12
It shows us a huge less
01:15
and you'd be a real scroll through.
01:18
See the different processes,
01:21
you know. I'll tell you if it's running,
01:23
what kind of CPU memory, all that good stuff that it's using?
01:30
Yeah, that's obviously a lot
01:32
so If you want to try to find a process,
01:37
Bye. Say I D. Which is this
01:42
column right here.
01:45
You would find the process that you're looking for.
01:49
So let's say, for example, we wanted to bring up for the Firefox is we have to go to eight is a Firefox process
02:00
so we could go back down.
02:02
Let's go ahead. Clearer screen. Just a little bit easier to read.
02:06
And when you do get that process,
02:09
look up by I d. We have to go to eight. Is our i d.
02:15
And there that's much better looking. You can see Oh, there's our process and you could see the information about the process.
02:22
You could also look up a process by name so you could get
02:27
process
02:29
and then name.
02:30
And you just had been Firefox.
02:32
And there you go. You got your list. Now this one
02:36
gives you a little more results because it's buying name, so there's gonna be usually more than one
02:45
of each name, or you might have
02:47
quite a few by a similar name. So say, for example, I wasn't sure exactly what the name of something waas, but I knew
02:59
for a fact that it started E X so I could have e X. And then we can actually use a wild card here. So we do the wildcard asterisk
03:08
enter, and it'll pop up the name of the item in the process. Now, if there's more than one, you would get a list just like you did with Firefox.
03:20
Yeah, you can also do multiple values in the name parameter said you wanted to get process.
03:27
That name,
03:30
we could say
03:32
I'm gonna do
03:34
e x p
03:37
because I think one of them starts with the X p and then I'm gonna do
03:40
power. Remember, in an earlier video, he said, If there are multiple values inside of a parameter, you use a comma here you can see I'm gonna do a comma between e x, p and power to try to find the processes that start with the XB and some processes that sort of power.
03:59
I love it that I've got Explorer starts the Expedia and now I have power point in power Shell that start with power so you can do that as well. That's pretty useful.
04:11
Um, and does help you find things instead of having to poke around that giant list that you saw earlier. If you do just get process now, another thing you can do
04:21
is used computer name to get the process of a process at a remote computer.
04:28
Now,
04:29
I am not connected to her book of Peter. So if I tried to get air about computer, I wouldn't get anything. But I'm gonna show you what that might look like. You do get
04:39
process
04:41
and then you do the name or I d or whatever you want to know the process or all of them just gonna get power. Shell
04:47
Computer name would be the actual parameter that you would use to find that computer. But I'm gonna do local post.
04:57
But whatever the computer dame is,
05:00
you can use that. Look, if it's a server, what not just put that name there. And as long as it's able to communicate with that computer, you'll be able to pull those processes So local host just stands for your local computer.
05:15
No. Notice that what I put it in, I get an air that's okay. It happens. So we're gonna try with our actual computer name to see if we can find it
05:26
So you're computer name.
05:30
I'm gonna put my computer's name
05:33
very PC to cause I don't have anything connected to
05:40
and you could see that it pops it up.
05:43
So if you were using a remote computer, you could put another computer name there. And as long as you can connect to that computer, you can go ahead and pull of information about that computer you could do, get process and not put a name or an I D and have all of the processes or you put a name or even an I D.
06:00
But the important part is if you're doing remote, use a computer named Parameter to actually connect to that computer and get that information.
06:12
So the next command that you're gonna look at is he stopped. Process command.
06:16
Now, once you have your list of processes, if you find that one is using up too many resource is or if it has for some breeze and locked up, you can use the stock process command to essentially kill that particular process.
06:30
This is similar to the kill command, and Lennox is also similar to the end task button you get in Task manager and Windows
06:40
So the first thing you want to do is you want to find your process. So we're gonna use note Paddison example, because that's an easy one to find. So we do get
06:50
dash presses.
06:53
Do name on a note pad.
06:57
You see there there's our process.
07:00
Now, when using stop process, you usually use the name switch.
07:05
So what we do as we do stop
07:11
for us this
07:13
I know you
07:15
new path.
07:16
You notice you don't get anything a lot times with power show you don't necessarily get a confirmation, but we can tell that this process has been completely stopped because we try
07:27
and we get the process again. And this time oh, read text it can't find it. That's because it's not running anymore is God It's disappeared.
07:35
So once we Saba process, if we do want to start it again or if we have a process that maybe didn't start properly for, like sequel server or something like that, we can restart that process using the start process command.
07:53
Now the difference with start process versus get processes stop process is with start process. You actually need to know where
08:01
that particular process is located for our purposes here. No pads. Pretty easy to find.
08:09
Did the system 32 folder. Now, the reason we need to know where it's located is thief, file, path, string that we need to put in is actually required it to required parameter,
08:20
Um and that allows us to find the particular process. So you do start
08:28
process,
08:30
and then you could do file path,
08:33
and then you tell it, Word is
08:35
so System 32 is going to be see Windows System 32. So see who goes
08:46
system
08:48
32
08:48
and are no pad is note pad at sea,
08:56
and then note pad will pop up.
09:01
You get so bad
09:05
you got cause it normally. So stop process. Easy start process. Not so easy. You have to kind of find where that particular item is using file path.
09:20
If it's a normal process, it's usually in that system 32 folder.
09:28
But if you don't know, you can search for easy window search.
09:33
Ah, and you can find it and be able to restart it again.
09:39
So that is your stop process and your start process.
09:45
Okay, now that we've gone through our demo, forget process, start process and stop process. It's time for a quiz. Are post a suspect question.
09:54
What command would you use to find a process? Need win log in?
09:58
Would you do get dash process Dash I d When Logan would you do get dash Process Dash name When Logan.
10:09
But you do get dash process win log in.
10:11
Or would you do get dash process Dash I d. 000
10:16
I'll go ahead to give you a second to think about that, you can also positive you up.
10:24
The answer is B get dash process Dash Name win Logan. Remember, whenever we're using a name, we used the dash name parameter to locate it.
10:37
Today's lecture. We talked about getting processes using the get processed command as well some other commands we could use to work with processes.
Up Next