-
Notifications
You must be signed in to change notification settings - Fork 1
/
Show-ProcessTree.ps1
40 lines (34 loc) · 1.12 KB
/
Show-ProcessTree.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
$IdLookup = @{}
$ParentLookup = @{}
$Orphans = @()
$Processes = Get-WMIObject -Class Win32_Process
foreach ($Process in $Processes)
{
$IdLookup[$Process.ProcessId] = $Process
if (($Process.ParentProcessId -eq 0) -or (!$IdLookup.ContainsKey($Process.ParentProcessId)))
{
$Orphans += $Process
continue
}
if (!$ParentLookup.ContainsKey($Process.ParentProcessId))
{
$ParentLookup[$Process.ParentProcessId] = @()
}
$Siblings = $ParentLookup[$Process.ParentProcessId]
$Siblings += $Process
$ParentLookup[$Process.ParentProcessId] = $Siblings
}
function Show-ProcessTree($ProcessId, $IndentLevel)
{
$Process = $IdLookup[$ProcessId]
$Indent = "-" * $IndentLevel
Write-Output ("{1}-| {0} PID: {2} PPID: {3}" -f $Process.ProcessName, $Indent, $Process.ProcessId, $Process.ParentProcessId)
foreach ($Child in ($ParentLookup[$ProcessId] | Sort-Object CreationDate))
{
Show-ProcessTree $Child.ProcessId ($IndentLevel + 1)
}
}
foreach ($Process in ($Orphans | Sort-Object CreationDate))
{
Show-ProcessTree $Process.ProcessId 1
}