Some code worth publishing (from some work I am doing over at RMF Network Security on Conficker, worm detection, etc: ):
$Global:ps = ps
$ps_count = $ps.count
write "Process Count = $ps_count"
$Global:all_modules = 0..$ps_count |%{$ps[$_].Modules} | Select Size,ModuleName,FileName,FileVersion
$allmod_count = $all_modules.count
write "All instances of loaded modules = $allmod_count"
$Global:unique_all_modules = $all_modules | Select -property ModuleName | Sort -Unique -property ModuleName
$uniqmod_count = $unique_all_modules.count
write "All uniq module names = $uniqmod_count"
$Global:all_modules_memory = $all_modules | Select -property ModuleName,Size | Sort -property Size
$Global:MO_all_mod_mem = $all_modules_memory | measure-object -property Size -sum
$Global:CountModMem = $MO_all_mod_mem.count
$Global:SumModMem = $MO_all_mod_mem.sum
$SumModMemMB = ( ( $SumModMem * 1000)/ 1GB)
write "Sum of $CountModMem modules memory size = $SumModMemMB GB"
Output:
.\AllModules.ps1
Process Count = 69
All instances of loaded modules = 2943
All uniq module names = 526
Sum of 2943 modules memory size = 1.75315514206886 GB
The error below is something I will have to look into:
:$a = ps -Module
Get-Process : cannot enumerate the modules of process 'Idle'
At line:1 char:8
+ $a = ps <<<< -Module
+ CategoryInfo : PermissionDenied: (System.Diagnostics.Process (Idle):Process) [Get-Process], ProcessCommandException
+ FullyQualifiedErrorId : CouldnotEnumerateModules,Microsoft.PowerShell.Commands.GetProcessCommand
Get-Process : cannot enumerate the modules of process 'System'
At line:1 char:8
+ $a = ps <<<< -Module
+ CategoryInfo : PermissionDenied: (System.Diagnostics.Process (System):Process) [Get-Process], ProcessCommandException
+ FullyQualifiedErrorId : CouldnotEnumerateModules,Microsoft.PowerShell.Commands.GetProcessCommand
:$a.count
2940
No comments:
Post a Comment