(imported topic written by TommyG91)
I’ve scoured around the board, but can’t find the syntax I’m looking for. I did find this, if (exists wmi) then (sum of ((string values of selects “WorkingSetSize from win32_process” of wmi) as integer) / (1024*1024)) as string & " MB" else “Not available”.
Can someone get me started on code to find out how much memory a certain ap is using? For example, I want to know how much non paged pool memory and handles mcshield is using.
Thanks in advance!
(imported comment written by BenKus)
Try a “where” clause in your wmi:
q: if (exists wmi) then ( ((string value of selects “WorkingSetSize from win32_process where Name = ‘besclient.exe’” of wmi) as integer) / (1024*1024)) as string & " MB" else "Not available"
A: 9 MB
Ben
(imported comment written by TommyG91)
Ben,
Thanks for getting me started. This is helpful for us, as we have a particular application that runs high on handles and NPP memory, and I need to identify these. I worked on this today and came up with something I thought I would share for all to use. I don’t know much about WMI, but apparently there are different versions, because I had to use a combo of the two statements below to get what I wanted on different machines.
Q: if exist running application “mcshield.exe” then (if (exists wmi) then (((string value of selects “QuotaNonPagedPoolUsage from win32_process where Name = ‘mcshield.exe’” of wmi) as integer) / (1*1024)) as string & " KB" else “NoWMI”) else (“DNE”)
or
Q: if exist running application “mcshield.exe” then (if (exists wmi) then (((string value of selects “QuotaNonPagedPoolUsage from win32_process where Name = ‘mcshield.exe’” of wmi) as integer)) as string & " KB" else “NoWMI”) else (“DNE”)
Here are some of the WMI calls:
http://msdn.microsoft.com/en-us/library/aa394372(VS.85).aspx
Tom
(imported comment written by Shembop91)
How about if you want to find out for all running processes - for example, show the name, and the Memory Usage, and also, how about also show Processor usage
I could do any of this for one process, but to show it for all running processes, now there is some fun…
(imported comment written by jessewk)
Coming in 8.0:
Q: (name of it, id of it, page fault count of it, peak working set size of it, working set size of it, quota peak paged pool usage of it , quota paged pool usage of it, quota peak nonpaged pool usage of it, quota nonpaged pool usage of it, page file usage of it, peak page file usage of it, io read count of it, io write count of it, io other count of it, io read size of it, io write size of it, io other size of it, creation time of it, kernel time of it, user time of it, gdi object count of it | 0, user object count of it | 0, handle count of it, session id of it, wow64 of it, image file of it, user of it, base priority of it = normal priority) of processes
A: smss.exe, 204, 492, 1007616, 327680, 38360, 10664, 6664, 1624, 360448, 425984, 12, 5, 508, 29214, 20, 9812, ( Wed, 16 Jun 2010 16:07:48 -0700 ), 00:00:00.078125, 00:00:00, 0, 0, 29, 0, False, “smss.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\SYSTEM, True
A: csrss.exe, 304, 1413, 3821568, 1138688, 130784, 126064, 16792, 11168, 1835008, 1835008, 355, 0, 2758, 251581, 0, 90155, ( Wed, 16 Jun 2010 16:07:50 -0700 ), 00:00:00.218750, 00:00:00.125, 0, 0, 436, 0, False, “csrss.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\SYSTEM, True
A: wininit.exe, 356, 1366, 4218880, 393216, 106072, 102072, 11864, 9496, 1314816, 1630208, 1, 0, 699, 6656, 0, 6306, ( Wed, 16 Jun 2010 16:07:50 -0700 ), 00:00:00.046875, 00:00:00, 0, 0, 73, 0, False, “wininit.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\SYSTEM, False
A: csrss.exe, 364, 23537, 12718080, 3735552, 530776, 135288, 21552, 16632, 12386304, 12775424, 40215, 0, 3549, 1250809, 0, 36043, ( Wed, 16 Jun 2010 16:07:50 -0700 ), 00:00:03.984375, 00:00:00.156250, 174, 81, 217, 1, False, “csrss.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\SYSTEM, True
A: winlogon.exe, 400, 4761, 7831552, 1597440, 141256, 110912, 12784, 10280, 2646016, 3399680, 3, 0, 1542, 6800, 0, 11745, ( Wed, 16 Jun 2010 16:07:50 -0700 ), 00:00:00.187500, 00:00:00.109375, 6, 0, 122, 1, False, “winlogon.exe” “6.1.7600.16447” “” “” “”, NT AUTHORITY\SYSTEM, False
A: services.exe, 456, 75015, 12021760, 4288512, 116272, 66904, 18816, 13048, 4657152, 8634368, 169, 902, 7623, 502424, 3306092, 1162680, ( Wed, 16 Jun 2010 16:07:50 -0700 ), 00:00:56.640625, 00:01:06.656250, 0, 0, 207, 0, False, “services.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\SYSTEM, True
A: lsass.exe, 468, 5479, 13832192, 8638464, 112064, 110928, 33528, 32376, 8826880, 8826880, 2363, 2052, 11212, 161644, 238977, 662764, ( Wed, 16 Jun 2010 16:07:50 -0700 ), 00:00:01.906250, 00:00:03.281250, 0, 0, 916, 0, False, “lsass.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\SYSTEM, True
A: lsm.exe, 476, 5950, 4055040, 1662976, 38552, 38504, 7720, 7480, 2383872, 2506752, 0, 1, 73, 0, 4240, 584, ( Wed, 16 Jun 2010 16:07:50 -0700 ), 00:00:00.328125, 00:00:00.125, 0, 0, 142, 0, False, “lsm.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\SYSTEM, True
A: svchost.exe, 588, 10620, 9277440, 3465216, 113904, 112048, 16568, 13848, 4100096, 4292608, 0, 0, 9162, 0, 0, 240574, ( Wed, 16 Jun 2010 16:07:50 -0700 ), 00:00:02.375, 00:00:01.515625, 0, 0, 346, 0, False, “svchost.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\SYSTEM, True
A: svchost.exe, 652, 11321, 7159808, 4415488, 88408, 86592, 17912, 15504, 4009984, 4227072, 0, 0, 854, 0, 0, 11648, ( Wed, 16 Jun 2010 16:07:51 -0700 ), 00:00:01.312500, 00:00:01.656250, 0, 0, 244, 0, False, “svchost.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\NETWORK SERVICE, True
A: svchost.exe, 708, 23697, 20344832, 10719232, 163440, 156096, 84068, 24336, 17813504, 18628608, 544, 2854, 37018, 11718595, 3348955, 1335804, ( Wed, 16 Jun 2010 16:07:51 -0700 ), 00:00:03.781250, 00:00:03.125, 0, 0, 517, 0, False, “svchost.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\LOCAL SERVICE, True
A: svchost.exe, 792, 10943, 11636736, 4550656, 154248, 149256, 22760, 18792, 4501504, 5074944, 37, 5, 13236, 856, 4456, 223130, ( Wed, 16 Jun 2010 16:07:51 -0700 ), 00:00:00.500, 00:00:00.343750, 0, 0, 370, 0, False, “svchost.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\SYSTEM, True
A: svchost.exe, 840, 343397, 61100032, 24051712, 323816, 268176, 187496, 53352, 23769088, 63082496, 6684, 4882, 794780, 46353143, 11294951, 46203193, ( Wed, 16 Jun 2010 16:07:51 -0700 ), 00:00:18.250, 00:00:10.406250, 0, 0, 1232, 0, False, “svchost.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\SYSTEM, True
A: svchost.exe, 988, 28265, 16359424, 12218368, 126440, 121648, 38584, 30168, 9891840, 10690560, 69, 1, 233902, 2318, 160, 13202158, ( Wed, 16 Jun 2010 16:07:51 -0700 ), 00:00:04.625, 00:00:03.500, 0, 0, 443, 0, False, “svchost.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\LOCAL SERVICE, True
A: svchost.exe, 552, 21723, 14053376, 7901184, 115616, 114112, 33232, 25752, 11194368, 11390976, 2566, 1294, 894441, 999746, 163412, 39629879, ( Wed, 16 Jun 2010 16:07:52 -0700 ), 00:00:06.937500, 00:00:04.406250, 0, 0, 370, 0, False, “svchost.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\NETWORK SERVICE, True
A: spoolsv.exe, 1072, 6843, 13230080, 4087808, 184504, 181976, 25504, 22848, 7065600, 7393280, 17, 3, 7104, 6513, 480, 563899, ( Wed, 16 Jun 2010 16:07:53 -0700 ), 00:00:00.437500, 00:00:00.250, 0, 0, 333, 0, False, “spoolsv.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\SYSTEM, True
A: svchost.exe, 1100, 11902, 7327744, 3497984, 79120, 76632, 13952, 12200, 5713920, 6737920, 408, 31, 2232, 8336716, 1938028, 61458, ( Wed, 16 Jun 2010 16:07:53 -0700 ), 00:00:00.359375, 00:00:00.203125, 0, 0, 201, 0, False, “svchost.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\LOCAL SERVICE, True
A: BESClient.exe, 1164, 5162821, 12447744, 9338880, 185392, 161408, 24200, 22736, 10473472, 12722176, 20766921, 7215, 34002504, 47312640089, 16073189, 1329657994, ( Wed, 16 Jun 2010 16:07:53 -0700 ), 00:01:09.093750, 00:01:17.500, 0, 0, 196, 0, True, “BESClient.exe” “8.0.475.0” “BigFix BESClient Application” “8.0.475.0” “BigFix Inc.”, NT AUTHORITY\SYSTEM, True
A: BESGather.exe, 1208, 142023, 11304960, 5730304, 136904, 130848, 30544, 18752, 3338240, 5877760, 5730, 5397, 130538, 5813854, 9311775, 2186962, ( Wed, 16 Jun 2010 16:07:53 -0700 ), 00:00:03.015625, 00:00:01.328125, 0, 0, 230, 0, True, ( “BESGather.exe” “8.0.475.0” “BESGather component of BigFix Enterprise Server” “8.0.475.0” “BigFix, Inc.” ), NT AUTHORITY\SYSTEM, True
A: BESRootServer.exe, 1232, 2963744, 13918208, 9224192, 135680, 123344, 69920, 17680, 7290880, 9482240, 332740, 117921, 1577902, 508851759, 174365688, 12849627, ( Wed, 16 Jun 2010 16:07:54 -0700 ), 00:00:49.531250, 00:00:11.125, 0, 0, 154, 0, True, ( “BESRootServer.exe” “8.0.475.0” “Server component of BigFix Enterprise Suite” “8.0.475.0” “BigFix, Inc.” ), NT AUTHORITY\SYSTEM, True
A: sqlservr.exe, 1276, 142498, 362192896, 362184704, 204600, 200984, 50384, 40416, 419557376, 419975168, 608001, 1089430, 46107, 454293174, 2814380779, 60169, ( Wed, 16 Jun 2010 16:07:54 -0700 ), 00:00:25.421875, 00:05:41.109375, 0, 0, 427, 0, True, “sqlservr.exe” “9.0.3042.0” “SQL Server Windows NT” “2005.090.3042.00” “Microsoft Corporation”, NT AUTHORITY\NETWORK SERVICE, True
A: sqlwriter.exe, 1352, 2357, 6021120, 1327104, 72952, 71912, 9136, 8408, 1687552, 2064384, 1, 1, 187, 116, 160, 2090, ( Wed, 16 Jun 2010 16:07:55 -0700 ), 00:00:00.062500, 00:00:00.062500, 0, 0, 75, 0, False, “sqlwriter.exe” “9.0.3042.0” “” “” “”, NT AUTHORITY\SYSTEM, True
A: vmtoolsd.exe, 1428, 21223, 12484608, 5681152, 221080, 193240, 20544, 18808, 6328320, 6336512, 6, 2, 992520, 124328, 2780, 33189876, ( Wed, 16 Jun 2010 16:07:55 -0700 ), 00:00:01.390625, 00:00:02.609375, 0, 0, 242, 0, False, “vmtoolsd.exe” “8.4.2.8592” “” “” “”, NT AUTHORITY\SYSTEM, True
A: VMUpgradeHelper.exe, 1520, 10598, 7520256, 2596864, 75464, 73432, 9856, 9016, 2863104, 3194880, 0, 0, 139, 0, 0, 938, ( Wed, 16 Jun 2010 16:07:56 -0700 ), 00:00:00.093750, 00:00:00.187500, 0, 0, 86, 0, False, “VMUpgradeHelper.exe” “8.4.2.8592” “” “” “”, NT AUTHORITY\SYSTEM, True
A: BESWebReportsServer.exe, 1864, 1023182, 112291840, 46559232, 149544, 148408, 24712, 24048, 86671360, 103276544, 907578, 432156, 1231258, 2408587208, 517054710, 8762946, ( Wed, 16 Jun 2010 16:08:05 -0700 ), 00:01:37.640625, 00:01:05.750, 0, 0, 257, 0, True, ( “BESWebReportsServer.exe” “8.0.475.0” “Server component for BES Web Reports” “8.0.475.0” “BigFix, Inc.” ), NT AUTHORITY\SYSTEM, True
A: FillDB.exe, 1900, 51117, 10821632, 5103616, 135088, 122272, 26572, 19056, 5160960, 6492160, 50096, 50736, 11204, 10153270, 17343419, 414731, ( Wed, 16 Jun 2010 16:08:05 -0700 ), 00:00:03.078125, 00:00:00.859375, 0, 0, 190, 0, True, ( “FillDB.exe” “8.0.475.0” “FillDB component of BigFix Enterprise Server” “8.0.475.0” “BigFix, Inc.” ), NT AUTHORITY\SYSTEM, True
A: GatherDB.exe, 1932, 177907, 14213120, 9596928, 134472, 96248, 33520, 15560, 8015872, 11214848, 378503, 196111, 484805, 206020516, 217453329, 9455519, ( Wed, 16 Jun 2010 16:08:05 -0700 ), 00:00:12.468750, 00:00:09.515625, 0, 0, 151, 0, True, ( “GatherDB.exe” “8.0.475.0” “GatherDB component of BigFix Enterprise Server” “8.0.475.0” “BigFix, Inc.” ), NT AUTHORITY\SYSTEM, True
A: svchost.exe, 744, 5261, 5095424, 1585152, 65040, 65040, 12000, 10384, 1708032, 1765376, 0, 0, 251935, 0, 0, 10616246, ( Wed, 16 Jun 2010 16:08:06 -0700 ), 00:00:03.578125, 00:00:01.750, 0, 0, 89, 0, False, “svchost.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\NETWORK SERVICE, True
A: taskhost.exe, 2116, 5144, 8646656, 3448832, 150704, 140728, 19512, 17544, 7655424, 7942144, 20, 18, 778, 250466, 1692, 1816, ( Wed, 16 Jun 2010 18:11:01 -0700 ), 00:00:00.328125, 00:00:00.171875, 16, 14, 179, 1, False, “taskhost.exe” “6.1.7600.16385” “” “” “”, WIN-LDTSNCUH9HK\bigfix, True
A: explorer.exe, 1248, 56384, 46280704, 39395328, 634912, 502472, 65432, 52344, 35540992, 39223296, 1639, 149, 67744, 4433223, 73574, 1918884, ( Wed, 16 Jun 2010 18:11:02 -0700 ), 00:00:04.281250, 00:00:03.265625, 461, 306, 785, 1, False, “explorer.exe” “6.1.7600.16450” “” “” “”, WIN-LDTSNCUH9HK\bigfix, True
A: VMwareTray.exe, 1396, 4789, 6336512, 2392064, 141544, 138968, 10048, 9744, 2301952, 2310144, 1, 0, 202650, 22122, 0, 2862, ( Wed, 16 Jun 2010 18:11:02 -0700 ), 00:00:00.046875, 00:00:00.015625, 30, 12, 78, 1, False, “VMwareTray.exe” “8.4.2.8592” “” “” “”, WIN-LDTSNCUH9HK\bigfix, True
A: VMwareUser.exe, 2384, 12700, 19070976, 7581696, 313464, 272552, 22776, 21144, 9248768, 9412608, 1640, 5, 74576, 2197666, 131560, 546465, ( Wed, 16 Jun 2010 18:11:02 -0700 ), 00:00:03.140625, 00:00:01.515625, 48, 27, 270, 1, False, “VMwareUser.exe” “8.4.2.8592” “” “” “”, WIN-LDTSNCUH9HK\bigfix, True
A: AdobeARM.exe, 2332, 19330, 51535872, 1204224, 261056, 177352, 17296, 15608, 2981888, 3227648, 78, 34, 1024, 7146363, 258926, 6044, ( Wed, 16 Jun 2010 18:11:03 -0700 ), 00:00:00.578125, 00:00:00.515625, 24, 22, 208, 1, True, “AdobeARM.exe” “1.0.5.0” “Adobe Reader and Acrobat Manager” “1.0.5.0” “Adobe Systems Incorporated”, WIN-LDTSNCUH9HK\bigfix, True
A: BESClientUI.exe, 2720, 66125, 14090240, 966656, 224304, 223408, 17088, 14768, 3661824, 4001792, 277, 8210, 659704, 554995, 393774, 10617032, ( Wed, 16 Jun 2010 18:11:04 -0700 ), 00:00:00.296875, 00:00:00.312500, 117, 87, 173, 1, True, ( “BESClientUI.exe” “8.0.475.0” “BigFix Enterprise Suite Client User Interface” “8.0.475.0” “BigFix, Inc.” ), WIN-LDTSNCUH9HK\bigfix, True
A: svchost.exe, 1372, 15019, 8675328, 4366336, 78928, 77800, 22218, 16248, 4333568, 5115904, 2, 1, 202765, 18558, 160, 12042584, ( Wed, 16 Jun 2010 18:11:09 -0700 ), 00:00:02.953125, 00:00:00.843750, 0, 0, 154, 0, False, “svchost.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\LOCAL SERVICE, True
A: svchost.exe, 2444, 17562, 13836288, 9306112, 145344, 141632, 104880, 56096, 10391552, 10510336, 67, 272, 1085511, 1919179, 4320418, 55033924, ( Wed, 16 Jun 2010 18:11:10 -0700 ), 00:00:03.125, 00:00:02.046875, 0, 0, 353, 0, False, “svchost.exe” “6.1.7600.16385” “” “” “”, NT AUTHORITY\LOCAL SERVICE, True
A: FixletDebugger.exe, 1672, 230242, 17657856, 11907072, 265024, 207600, 19112, 17304, 21164032, 24027136, 382, 2, 170722, 1183148, 232, 7085866, ( Wed, 16 Jun 2010 18:11:13 -0700 ), 00:00:06.796875, 00:00:07.281250, 150, 125, 129, 1, True, “FixletDebugger.exe” “8.0.475.0” “BigFix Fixlet Debugger” “3.0.4 Beta” “BigFix”, WIN-LDTSNCUH9HK\bigfix, True
A: wuauclt.exe, 1740, 2546, 6287360, 1536000, 147632, 146096, 10128, 9128, 1765376, 1847296, 0, 7, 364, 0, 713, 1764, ( Wed, 16 Jun 2010 18:11:17 -0700 ), 00:00:00.078125, 00:00:00.015625, 12, 5, 90, 1, False, “wuauclt.exe” “7.3.7600.16385” “” “” “”, WIN-LDTSNCUH9HK\bigfix, True
A: GoogleCrashHandler.exe, 1664, 2149, 6197248, 69632, 136672, 136672, 15104, 14384, 1978368, 2101248, 0, 0, 439, 0, 0, 3408, ( Thu, 17 Jun 2010 14:06:12 -0700 ), 00:00:00.062500, 00:00:00, 4, 1, 185, 1, True, “GoogleCrashHandler.exe” “1.2.183.29” “Google Installer” “1.2.183.29” “Google Inc.”, WIN-LDTSNCUH9HK\bigfix, True
T: 94.459 ms
(imported comment written by Shembop91)
I can kind of do that now using the fields returned from selects ("* from win32_process") of WMI, except I can’t get it delimited, so it’s ugly, and useless in regards to the fact that it puts it all in one cell when you use the Excel connector.
But even though I can get it, this doesn’t make it pretty like the example that was given where it breaks down the math to give you the Memory usage in Mb. Also, how would I write the argument to add 2 retrieved values together and then do the math to give me processor usage. Below is where I am getting some of my information. So, I basically need to return KernelModeTime and UserModeTime and divide it by 10000000
For each process in the collection, calculate the total processor use.
Add the values for KernelModeTime and UserModeTime.
Together, KernelModeTime and UserModeTime tell you the total amount of processor time allocated to a process. To ensure that these values are added and not concatenated, use the VBScript function CSng to convert the variant data to the single data type.
Divide the combined value by 10,000,000.
Processor use times are reported in 100-nanosecond increments. (A nanosecond is one-billionth of a second; 100 nanoseconds equal one ten-millionth of a second.) This calculation results in processor use being reported in seconds.