{"id":54763,"date":"2008-12-03T11:31:00","date_gmt":"2008-12-03T11:31:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2008\/12\/03\/hey-scripting-guy-how-can-i-kill-processes\/"},"modified":"2008-12-03T11:31:00","modified_gmt":"2008-12-03T11:31:00","slug":"hey-scripting-guy-how-can-i-kill-processes","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/hey-scripting-guy-how-can-i-kill-processes\/","title":{"rendered":"Hey, Scripting Guy! How Can I Kill Processes?"},"content":{"rendered":"

\"Hey, <\/H2>\n

Hey, Scripting Guy! It seems that every single piece of software I install adds a stub application that starts automatically. I know software makers do not do it out of maliciousness, but good grief these people act as if theirs is the most important software on my computer. In the old days, it was pretty easy. I\u2019d go to the Startup folder and delete their icon. Now they start hiding their stuff in 25 different places in the registry. When people started finding their software in those locations, these software makers began masquerading as services with obscure names. It is enough to make a person remove patches of their own hair. Can you provide a low-stress, low-hair-loss way of controlling these offending applications?

– JB<\/P>\"Spacer\"\"Hey, \n

Hi JB,<\/P>\n

I can definitely sympathize with follicly challenged<\/A> individuals, and do not wish to do anything that would cause you to remove more of the precious stuff. If you take a look at the script below, you will see that we read a text file that has a list of processes we wish to kill. We total the memory being consumed by the processes and ask if you, the user, wish to terminate them. For a similar VBScript, you can refer to this Dr. Scripto article<\/A>. For more information about WMI, you may want to look at the WMI Secrets page<\/A> or check out the Microsoft Press book, Microsoft Windows Scripting with WMI: Self-Paced Learning Guide<\/A>. Here’s the script:<\/P>

$mem = 0\n$procFile = “c:\\FSO\\annoyingProcesses.txt” \nGet-process -name (Get-Content $procFile) -ErrorAction continue |\nForeach-Object { $mem += $_.WorkingSet }\n“{0:N2}”-f ($mem\/1MB) +” meg of ram is being consumed by $procFile Processes” \n$rtnPrompt = Read-Host -Prompt `\n  ” \n   would like to kill $procfile processes? \n   <y \/ n>\n  ”\nswitch($rtnPrompt) \n{\n “y”     { \n          Write-Host -BackgroundColor green “$procfile processes will be killed…” \n          stop-process -name $(Get-Content $procFile) -ErrorAction continue \n         }\n “n”     { \n          Write-Host -BackgroundColor yellow “$procfile processes will not be killed” \n         }\n default { \n           Write-Host -BackgroundColor red “Response y or n expected. exiting…” ;\n           exit\n         }\n} #end switch\n<\/PRE>\n
The script uses a text file for input. Working with text files in VBScript is covered here<\/A>. The first thing it does is initialize two variables. The first variable, $mem<\/B>, is used to hold the amount of memory that will be saved by deleting the processes. The second variable, $procFile<\/B>, is used to hold the path to the text file with the processes to kill:<\/P>
$mem = 0\n$procFile = “c:\\FSO\\annoyingProcesses.txt”\n<\/PRE>\n
The text file is simply a list of process names:<\/P>\"Image \n
 <\/P>\n
Next it is time to read the text file and retrieve the process information for each of the processes. This can be done on a single line. The trick is that the Get-Process<\/B> cmdlet will accept an array of process names for the \u2013name<\/B> parameter. To provide this array of process names, we use the Get-Content<\/B> cmdlet and have it read the content from the file. Because we have the Get-Content<\/B> cmdlet in parentheses, this forces it to be read first. The \u2013ErrorAction<\/B> continue is the same as placing On Error Resume Next<\/B> in a script. It causes error messages to be ignored. After we have the process information for each of the processes, we pipeline the results to the next command. This line of code is seen here:<\/P>
Get-Process -name (Get-Content $procFile) -ErrorAction continue |<\/PRE>\n
Because we have a stream of process information, we want to work with each process individually. To do this, we use the Foreach-Object<\/B> cmdlet. We wish to tally up the WorkingSet<\/B> property of each of the processes. To do this, we use the $_<\/B> variable, which refers to the individual process object that is currently residing on the pipeline. We then query the WorkingSet<\/B> value and add it to the current total of $mem<\/B>. The +=<\/B> construction is the same as saying $mem = $mem + $_.WorkingSet<\/B>. This line of code is seen here:<\/P>
Foreach-Object { $mem += $_.WorkingSet }<\/PRE>\n
The next line of code is used to print out the amount of memory that is being consumed. {0:N2}<\/SPAN> is a .NET framework format specifier that says we want to display numbers with two decimal places. The strange thing is that it appears in front of the \u2013f<\/B> instead of behind it. 1MB<\/B> is called an administrative constant, and it is used to convert bytes to megabytes: <\/P>
“{0:N2}”-f ($mem\/1MB) +” meg of ram is being consumed by $procFile Processes”<\/PRE>\n
Here is how memory being consumed is displayed:<\/P>\"Image \n
 <\/P>\n
It is now time to show a prompt, so we can ensure the user intended to stop all the processes. To do this, we use the Read-Host<\/B> cmdlet. This code is shown here (the prompt itself can be seen in the previous image):<\/P>
$rtnPrompt = Read-Host -Prompt `\n  ” \n   would like to kill $procfile processes? \n   <y \/ n>\n  ”\n<\/PRE>\n
Now we need to evaluate the user\u2019s response. To do this, we use the switch<\/B> statement, which is similar to the Select<\/B> case command from VBScript. The switch is used to determine what was handed to the Read-Host<\/B> cmdlet. This value was stored in the $rtnPrompt<\/B> variable. If it is equal to y<\/B>, we print in green the processes that will be deleted, and then we call the Stop-Process<\/B> cmdlet to stop each process. If the variable is equal to n<\/B>, the message is printed in yellow to say that nothing will be stopped. If an invalid response is typed, the message is displayed in red that a y<\/B> or n<\/B> response was expected:<\/P>
switch($rtnPrompt) \n{\n “y”     { \n          Write-Host -BackgroundColor green “$procfile processes will be killed…” \n          stop-process -name $(Get-Content $procFile) -ErrorAction continue \n         }\n “n”     { \n          Write-Host -BackgroundColor yellow “$procfile processes will not be killed” \n         }\n default { \n           Write-Host -BackgroundColor red “Response y or n expected. exiting…” ;\n           exit\n         }\n} #end switch\n<\/PRE>\n
Here is what the display looks like when processes will be killed:<\/P>\"Image \n
 <\/P>\n
Well, JB, hopefully this script will alleviate some of your hair loss problems. If not, consult your general practitioner. Script you tomorrow.<\/P>\n
Ed Wilson and Craig Liebendorfer, Scripting Guys<\/B><\/B><\/SPAN><\/FONT><\/P><\/B><\/FONT><\/p>\n","protected":false},"excerpt":{"rendered":"
Hey, Scripting Guy! It seems that every single piece of software I install adds a stub application that starts automatically. I know software makers do not do it out of maliciousness, but good grief these people act as if theirs is the most important software on my computer. In the old days, it was pretty […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[31,87,26,3,45],"class_list":["post-54763","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-operating-system","tag-processes","tag-registry","tag-scripting-guy","tag-windows-powershell"],"acf":[],"blog_post_summary":"
Hey, Scripting Guy! It seems that every single piece of software I install adds a stub application that starts automatically. I know software makers do not do it out of maliciousness, but good grief these people act as if theirs is the most important software on my computer. In the old days, it was pretty […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/54763","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=54763"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/54763\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=54763"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=54763"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=54763"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}