# kernelzeit_privilegedprocessortime.ps1 # # get a list of all processes with 1 Minute gap and calculate the used processor time. # https://www.msxfaq.de [CmdletBinding()] param ( [string]$filter="Name LIKE '%%'", # Filter for the process list. Use WMI Syntax # '%%' for all or '%processname%' for a specific process [int]$interval = 60, # Interval in seconds [int]$repeat = 0, # Repeat the monitoring [string]$csvfile = ".\kernelzeit_privilegedprocessortime.csv", [string]$lastrunfile = ".\kernelzeit_privilegedprocessortime.lastrun.csv" ) Write-Verbose "kernelzeit_privilegedprocessortime START" Write-Verbose "Interval : $($interval) seconds" Write-Verbose "Repeat : $($repeat) times" Write-Verbose "CSVFile : $($csvfile)" if ($lastrunfile) { if (Test-Path $lastrunfile) { Write-Verbose "Loading list of processes from File $($lastrunfile)" $proclistold = Import-Csv -Path $lastrunfile } else { Write-Verbose "Get initial list of processes:Start" $proclistold = Get-CimInstance Win32_Process -filter $filter| select-object timestamp,ProcessID, ProcessName,Servicename,TotalTimeDelta,KernelModeTimeDelta,UserModeTimeDelta,TotalKernelRelative,KerneltoUserMode, KernelModeTime, UserModeTime, Commandline,CreationDate } } Write-Verbose "Get list of Services with Commandline" $services = get-service -erroraction SilentlyContinue | Select-Object Name,DisplayName,BinaryPathName do { Write-Verbose "Waiting $($interval) seconds" Start-Sleep -Seconds $interval Write-Verbose "Get list of processes Start" $proclistnew = Get-CimInstance Win32_Process -filter $filter | select-object timestamp,ProcessID, ProcessName,Servicename,TotalTimeDelta,KernelModeTimeDelta,UserModeTimeDelta,TotalKernelRelative,KerneltoUserMode, KernelModeTime, UserModeTime,Commandline,CreationDate $timestamp = ([System.DateTime]::UtcNow).tostring("u") #$TotalProcessorTicks = (Get-CimInstance Win32_PerfFormattedData_PerfOS_Processor | where-object {$_.Name -eq "_Total"}).PercentProcessorTime $TotalProcessorTicks = ($proclistnew.KernelModeTime | Measure-Object -sum).sum + ($proclistnew.UserModeTime | Measure-Object -sum).sum foreach ($processnew in $proclistnew) { $processold = $proclistold | where-object {$_.ProcessID -eq $processnew.ProcessID} if (!$processold) { Write-Verbose "Process $($processnew.ProcessName) not found in old list" } else { $processnew = $processnew[0] $processnew.timestamp = $timestamp if ($processnew.Processname -eq "w3wp.exe") { $processnew.Commandline -match ".* -ap ""(.*?)"" .*" $processnew.Servicename = "IIS" + $matches[1] } else { $servicename = $services.where({$_.BinaryPathName -eq $processnew.Commandline}) if ($servicename.count -eq 1) { $processnew.Servicename = $servicename.Name } else { $processnew.Servicename = "Unknown" } } $processnew.KernelModeTimeDelta = $processnew.KernelModeTime - $processold.KernelModeTime $processnew.UserModeTimeDelta = $processnew.UserModeTime - $processold.UserModeTime $processnew.TotalKernelRelative = $processnew.KernelModeTimeDelta / $TotalProcessorTicks * 100 $processnew.TotalTimeDelta = $processnew.KernelModeTimeDelta + $processnew.UserModeTimeDelta if ($processnew.TotalTimeDelta -gt 0) { $processnew.KerneltoUserMode = $processnew.KernelModeTimeDelta / $processnew.TotalTimeDelta *100 } else { $processnew.KerneltoUserMode = 0 } Write-Output $processnew } } $proclistold = $proclistnew if ($csvfile) { Write-Verbose "Write Results to File $($csvfile)" $proclistnew | Export-Csv -Path $csvfile -NoTypeInformation -Append } if ($lastrunfile) { Write-Verbose "Save last run list of processes to File $($lastrunfile)" $proclistnew | Export-Csv -Path $lastrunfile -Force } $repeat-- } while ($repeat -gt 0) Write-Verbose "kernelzeit_privilegedprocessortime DONE"