开始时间,运行 Windows 中 PID 应用程序的持续时间和位置
Start Time, Run Duration & location of application by PID in Windows
有没有什么方法可以通过使用 CMD 或 VBS 在 windows 下使用其 PID 值来获取 运行 应用程序的开始时间(含日期)、总 运行 时间和位置?如果是这样,如何?提前致谢。
不是这样(时间 - 路径可用)。
您可以监控进程启动和退出并自行计算。
因此 Tasklist /v 为您提供包含路径的命令行。
在 VBS 中也是如此。
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\.\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * From Win32_Process")
For Each objItem in colItems
msgbox objItem.ProcessID & " " & objItem.Caption
Next
这是一个监控进程启动和退出的 VBS 脚本。
Set WshShell = WScript.CreateObject("WScript.Shell")
Set objWMIService = GetObject("winmgmts:\.\root\CIMV2")
Set objEvents = objWMIService.ExecNotificationQuery _
("SELECT * FROM Win32_ProcessTrace")
Do
Set objReceivedEvent = objEvents.NextEvent
msgbox objReceivedEvent.ProcessName
Loop
没有 StartTime 这样的东西
class Win32_Process : CIM_Process
{
string Caption;
string CommandLine;
string CreationClassName;
datetime CreationDate;
string CSCreationClassName;
string CSName;
string Description;
string ExecutablePath;
uint16 ExecutionState;
string Handle;
uint32 HandleCount;
datetime InstallDate;
uint64 KernelModeTime;
uint32 MaximumWorkingSetSize;
uint32 MinimumWorkingSetSize;
string Name;
string OSCreationClassName;
string OSName;
uint64 OtherOperationCount;
uint64 OtherTransferCount;
uint32 PageFaults;
uint32 PageFileUsage;
uint32 ParentProcessId;
uint32 PeakPageFileUsage;
uint64 PeakVirtualSize;
uint32 PeakWorkingSetSize;
uint32 Priority;
uint64 PrivatePageCount;
uint32 ProcessId;
uint32 QuotaNonPagedPoolUsage;
uint32 QuotaPagedPoolUsage;
uint32 QuotaPeakNonPagedPoolUsage;
uint32 QuotaPeakPagedPoolUsage;
uint64 ReadOperationCount;
uint64 ReadTransferCount;
uint32 SessionId;
string Status;
datetime TerminationDate;
uint32 ThreadCount;
uint64 UserModeTime;
uint64 VirtualSize;
string WindowsVersion;
uint64 WorkingSetSize;
uint64 WriteOperationCount;
uint64 WriteTransferCount;
};
您可以使用 VBScript 查询 Win32_Process WMI class 以获取可执行路径和进程的启动时间。持续时间可以从开始时间得出:
pid = 23
Set wmi = GetObject("winmgmts://./root/cimv2")
Set convert = CreateObject("WbemScripting.SWbemDateTime")
qry = "SELECT * FROM Win32_Process WHERE ProcessId = " & pid
For Each p In wmi.ExecQuery(qry)
If IsNull(p.CreationDate) Then
'leave start time and duration empty if CreationDate can't be read
startTime = ""
duration = ""
Else
'convert start time from a string yyyyMMddHHmmss.ffffff±zzz to a date
convert.Value = p.CreationDate
startTime = convert.GetVarDate(True)
'calculate duration in minutes
duration = DateDiff("n", startTime, Now)
End If
WScript.Echo startTime & vbTab & duration & vbTab & p.ExecutablePath
Next
请注意,您需要SeDebugPrivilege权限(管理员默认拥有)才能看到其他用户进程的可执行路径。如果没有该权限,p.ExecutablePath 将 Null 用于当前用户上下文中不是 运行 的进程。
有没有什么方法可以通过使用 CMD 或 VBS 在 windows 下使用其 PID 值来获取 运行 应用程序的开始时间(含日期)、总 运行 时间和位置?如果是这样,如何?提前致谢。
不是这样(时间 - 路径可用)。
您可以监控进程启动和退出并自行计算。
因此 Tasklist /v 为您提供包含路径的命令行。
在 VBS 中也是如此。
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\.\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * From Win32_Process")
For Each objItem in colItems
msgbox objItem.ProcessID & " " & objItem.Caption
Next
这是一个监控进程启动和退出的 VBS 脚本。
Set WshShell = WScript.CreateObject("WScript.Shell")
Set objWMIService = GetObject("winmgmts:\.\root\CIMV2")
Set objEvents = objWMIService.ExecNotificationQuery _
("SELECT * FROM Win32_ProcessTrace")
Do
Set objReceivedEvent = objEvents.NextEvent
msgbox objReceivedEvent.ProcessName
Loop
没有 StartTime 这样的东西
class Win32_Process : CIM_Process
{
string Caption;
string CommandLine;
string CreationClassName;
datetime CreationDate;
string CSCreationClassName;
string CSName;
string Description;
string ExecutablePath;
uint16 ExecutionState;
string Handle;
uint32 HandleCount;
datetime InstallDate;
uint64 KernelModeTime;
uint32 MaximumWorkingSetSize;
uint32 MinimumWorkingSetSize;
string Name;
string OSCreationClassName;
string OSName;
uint64 OtherOperationCount;
uint64 OtherTransferCount;
uint32 PageFaults;
uint32 PageFileUsage;
uint32 ParentProcessId;
uint32 PeakPageFileUsage;
uint64 PeakVirtualSize;
uint32 PeakWorkingSetSize;
uint32 Priority;
uint64 PrivatePageCount;
uint32 ProcessId;
uint32 QuotaNonPagedPoolUsage;
uint32 QuotaPagedPoolUsage;
uint32 QuotaPeakNonPagedPoolUsage;
uint32 QuotaPeakPagedPoolUsage;
uint64 ReadOperationCount;
uint64 ReadTransferCount;
uint32 SessionId;
string Status;
datetime TerminationDate;
uint32 ThreadCount;
uint64 UserModeTime;
uint64 VirtualSize;
string WindowsVersion;
uint64 WorkingSetSize;
uint64 WriteOperationCount;
uint64 WriteTransferCount;
};
您可以使用 VBScript 查询 Win32_Process WMI class 以获取可执行路径和进程的启动时间。持续时间可以从开始时间得出:
pid = 23
Set wmi = GetObject("winmgmts://./root/cimv2")
Set convert = CreateObject("WbemScripting.SWbemDateTime")
qry = "SELECT * FROM Win32_Process WHERE ProcessId = " & pid
For Each p In wmi.ExecQuery(qry)
If IsNull(p.CreationDate) Then
'leave start time and duration empty if CreationDate can't be read
startTime = ""
duration = ""
Else
'convert start time from a string yyyyMMddHHmmss.ffffff±zzz to a date
convert.Value = p.CreationDate
startTime = convert.GetVarDate(True)
'calculate duration in minutes
duration = DateDiff("n", startTime, Now)
End If
WScript.Echo startTime & vbTab & duration & vbTab & p.ExecutablePath
Next
请注意,您需要SeDebugPrivilege权限(管理员默认拥有)才能看到其他用户进程的可执行路径。如果没有该权限,p.ExecutablePath 将 Null 用于当前用户上下文中不是 运行 的进程。