Cygwinのps
Windowsでpsコマンドを利用する場合は普通のUNIX系のpsとはオプションが異なる ps auwwxとかしてもまともに出てこないので。
ps -W
これが正解。結果は以下のようなかんじ
$ ps -W |head
PID PPID PGID WINPID TTY UID STIME COMMAND
4 0 0 4 ? 0 04:24:48 *** unknown ***
628 0 0 628 ? 0 Nov 25 \SystemRoot\System32\smss.exe
700 0 0 700 ? 0 Nov 25 \??\C:\WINDOWS\system32\winlogon.exe
744 0 0 744 ? 0 Nov 25 C:\WINDOWS\system32\services.exe
756 0 0 756 ? 0 Nov 25 C:\WINDOWS\system32\lsass.exe
928 0 0 928 ? 0 Nov 25 C:\WINDOWS\system32\svchost.exe
1084 0 0 1084 ? 0 Nov 25 C:\WINDOWS\System32\svchost.exe
1264 0 0 1264 ? 0 Nov 25 C:\WINDOWS\system32\spoolsv.exe
1516 0 0 1516 ? 0 Nov 25 C:\WINDOWS\Explorer.EXE
tasklist.exe
XPではtasklist.exeで出てくる内容と比較してみよう
タスクリスト詳細表示
$ tasklist /V|headイメージ名 PID セッション名 セッション# メモリ使用量 状態 ユーザー名 CPU 時間 ウィンドウ タイトル
========================= ====== ================ ======== ============ =============== ================================================== ============ ========================================================================
System Idle Process 0 RDP-Tcp#3 0 28 K Running NT AUTHORITY\SYSTEM 67:48:14 N/A
System 4 RDP-Tcp#3 0 64 K Running NT AUTHORITY\SYSTEM 0:18:48 N/A
smss.exe 628 RDP-Tcp#3 0 64 K Running NT AUTHORITY\SYSTEM 0:00:00 N/A
csrss.exe 676 RDP-Tcp#3 0 45,140 K Running NT AUTHORITY\SYSTEM 0:52:12 N/A
winlogon.exe 700 RDP-Tcp#3 0 4,328 K Running NT AUTHORITY\SYSTEM 0:00:03 N/A
services.exe 744 RDP-Tcp#3 0 1,416 K Running NT AUTHORITY\SYSTEM 0:00:40 N/A
lsass.exe 756 RDP-Tcp#3 0 2,196 K Running NT AUTHORITY\SYSTEM 0:30:14 N/A
モジュール表示
SVC表示
$ tasklist /M|head -40イメージ名 PID モジュール
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 628 ntdll.dll
csrss.exe 676 ntdll.dll, CSRSRV.dll, basesrv.dll,
winsrv.dll, GDI32.dll, KERNEL32.dll,
USER32.dll, LPK.DLL, USP10.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, sxs.dll,
WINSTA.dll, NETAPI32.dll
winlogon.exe 700 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, AUTHZ.dll, msvcrt.dll,
CRYPT32.dll, USER32.dll, GDI32.dll,
MSASN1.dll, NDdeApi.dll, PROFMAP.dll,
NETAPI32.dll, USERENV.dll, PSAPI.DLL,
REGAPI.dll, Secur32.dll, SETUPAPI.dll,
VERSION.dll, WINSTA.dll, WINTRUST.dll,
IMAGEHLP.dll, WS2_32.dll, WS2HELP.dll,
IMM32.DLL, LPK.DLL, USP10.dll, MSGINA.dll,
SHELL32.dll, SHLWAPI.dll, COMCTL32.dll,
ODBC32.dll, comdlg32.dll, comctl32.dll,
odbcint.dll, SHSVCS.dll, sfc.dll,
sfc_os.dll, ole32.dll, Apphelp.dll,
msctfime.ime, uxtheme.dll, WINSCARD.DLL,
WTSAPI32.dll, sxs.dll, WINMM.dll,
cscdll.dll, WlNotify.dll, WINSPOOL.DRV,
$ tasklist /SVC |head -30イメージ名 PID サービス
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 628 N/A
csrss.exe 676 N/A
winlogon.exe 700 N/A
services.exe 744 Eventlog, PlugPlay
lsass.exe 756 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 928 DcomLaunch, TermService
svchost.exe 996 RpcSs
svchost.exe 1084 AudioSrv, CryptSvc, Dhcp, dmserver, ERSvc,
EventSystem, helpsvc, lanmanserver,
lanmanworkstation, Netman, Nla, Schedule,
seclogon, SENS, SharedAccess,
ShellHWDetection, srservice, Themes, TrkWks,
W32Time, winmgmt, wscsvc, wuauserv
svchost.exe 1168 Dnscache
svchost.exe 1212 LmHosts, RemoteRegistry, SSDPSRV, WebClient
spoolsv.exe 1264 Spooler
explorer.exe 1516 N/A
igfxtray.exe 1648 N/A
hkcmd.exe 1656 N/A
igfxpers.exe 1692 N/A
ctfmon.exe 1712 N/A
wdfmgr.exe 2020 UMWdf
alg.exe 1036 ALG
wscntfy.exe 1064 N/A
conime.exe 1768 N/A
/U /M /P で他のマシンの認証ありのタスクも出力可能
STIME(開始時間)が必要だったので結局psになった。
見るだけだったGUIで
表示するだけだったら、定番のProcessWalkerで
http://www.vector.co.jp/soft/winnt/util/se221254.html
結果はGUIです。
Idle Process 0 N/A 16,384 0 1070:43:24.953 N/A 2 0 N/A
System 8 NT AUTHORITY\SYSTEM 28,672 28,672 7:39:41.328 N/A 43 423 N/A
LSASS.EXE 136 NT AUTHORITY\SYSTEM 1,241,088 2,600,960 0:00:41.312 2006/11/4 3:07:08.296 12 295 C:\WINNT\system32\lsass.exe
SMSS.EXE 172 NT AUTHORITY\SYSTEM 176,128 159,744 0:00:00.968 2006/11/4 3:06:39.765 6 33 \SystemRoot\System32\smss.exe
CSRSS.EXE 200 NT AUTHORITY\SYSTEM 7,647,232 3,047,424 0:08:34.406 2006/11/4 3:07:01.343 12 618 \??\C:\WINNT\system32\csrss.exe
WINLOGON.EXE 220 NT AUTHORITY\SYSTEM 2,789,376 7,094,272 0:00:07.687 2006/11/4 3:07:05.125 16 418 \??\C:\WINNT\system32\winlogon.exe
SERVICES.EXE 248 NT AUTHORITY\SYSTEM 10,665,984 5,496,832 0:13:54.624 2006/11/4 3:07:08.250 39 720 C:\WINNT\system32\services.exe
svchost.exe 440 NT AUTHORITY\SYSTEM 2,699,264 2,269,184 0:00:03.609 2006/11/4 3:07:14.734 10 416 C:\WINNT\system32\svchost.exe
spoolsv.exe 472 NT AUTHORITY\SYSTEM 1,703,936 3,031,040 0:00:00.359 2006/11/4 3:07:15.640 10 139 C:\WINNT\system32\spoolsv.exe
