Another WMI archive

Started by spl, May 31, 2024, 09:25:11 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

spl

May 31, 2024, 09:25:11 AM
I originally wanted to create a script using WMI to iterate the top 10 Processes using memory. I soon realized that processes like svchost.exe would span multiple rows from WQL query. So I was stuck trying to figure out how to both group my process/memory for top 10. I'm sure this post will get a reply that the WB process extender can already do that, so no harm no foul. Anyway, the code below does at least try to summarize total memory [uses svchost.exe as default]. Might be nice to play with
Code Select
;Winbatch - UDS for capturing Process memory
;Stan Littlefield v.1 - 10/1/2016
;========================================================================================
IntControl(73,1,0,0,0)
gosub udfs
strComputer = "."
oWMI = GetObject( "winmgmts:\\" : strComputer : "\root\cimv2")
While @True
   prcs = AskLine("Query", "WMI Process or Cancel to Quit", "svchost.exe", 0)
   WQLquery(prcs)
Endwhile
 
oP=0
oWMI=0
Exit

:WBERRORHANDLER
geterror()
Message("Error Encountered",errmsg)
Exit

:CANCEL
Display(2,"Operation Canceled","Terminating Script")

Exit
;========================================================================================
:udfs
#DefineSubRoutine geterror()
   wberroradditionalinfo = wberrorarray[6]
   lasterr = wberrorarray[0]
   handlerline = wberrorarray[1]
   textstring = wberrorarray[5]
   linenumber = wberrorarray[8]
   errmsg = "Error: ":lasterr:@LF:textstring:@LF:"Line (":linenumber:")":@LF:wberroradditionalinfo
   Return(errmsg)
#EndSubRoutine

#DefineSubRoutine WQLquery(prcs)
IntControl(73,1,0,0,0)
WQL = "SELECT * FROM Win32_Process WHERE Name = '":prcs:"'"
oP= oWMI.ExecQuery(WQL)
totmem = 0
path = ""
ForEach p in oP
      path =  p.ExecutablePath
      totmem += (p.WorkingSetSize / 1000000)     
Next 
If path<>""
   Message(path,"Current Memory: ":totmem:"mb")
Else
   Message(prcs,"Current Memory: ":totmem:"mb")
Endif
Return

:WBERRORHANDLER
geterror()
Message("Error Encountered",errmsg)
Exit

#EndSubRoutine

Return
;========================================================================================
Stan - formerly stanl [ex-Pundit]

spl

#1
June 02, 2024, 04:50:43 AM
Got over the archived code nostalgia. Just ran a PS quickie into the StdOut UDF I posted earlier, got the top 25 grouped by memory usage and including number of instances. Curious as to how much both DuckDuckGo and Edge consume without even active browsing.
Stan - formerly stanl [ex-Pundit]
Print
Go Up Pages1
User actions