Cmdlet列出System.Management.ManagementEventWatcher的所有实例

时间:2014-09-19 21:42:37

标签: powershell

如果有一个为命名进程创建进程观察器的函数,就像这样

function New-Watcher {
    param ([string] $processname)

    $alarm = New-Object System.Management.EventQuery
    $alarm.QueryString = "Select * from __InstanceCreationEvent WITHIN 1 WHERE targetinstance ISA 'Win32_Process' AND targetinstance.name = '$processname'"
    New-Object System.Management.ManagementEventWatcher $alarm
}

我创造了像这样的多个观察者

$mywatcher1 = New-Watcher "notepad.exe"
$mywatcher2 = New-Watcher "cmd.exe"
# all the way down to...
$mywatcherxxx = New-Watcher "powershell.exe"

是否有一个cmdlet,列出了所有已创建的实例?

适用于Register-WmiEvent的Get-EventSubscriber。

1 个答案:

答案 0 :(得分:1)

如果要将每个变量分配给变量,则可以始终执行以下操作:

Get-Variable|Where{$_.Value -is [System.Management.ManagementEventWatcher]}

那会输出:

Name                           Value                                                                
----                           -----                                                                
mywatcher1                     System.Management.ManagementEventWatcher                             
mywatcher2                     System.Management.ManagementEventWatcher

或者如果你想让它变得更好,你可以通过ForEach运行数据并使自定义对象解析出每个人正在观看的内容:

Get-Variable mywatch*|
    Where{$_.Value -is [System.Management.ManagementEventWatcher]}|
        ForEach{
            $QString = $_.value.query.querystring
            [pscustomobject][ordered]@{
                Variable=$_.Name
                Watching=$Qstring.substring(($QString.lastindexof("= "))+2).trim("'")
            }
        }

反过来会反击:

Variable                                           Watching                                         
--------                                           --------                                         
mywatcher1                                         notepad.exe                                      
mywatcher2                                         cmd.exe