Monday, August 9, 2010

Comparing Processes: Before/After Launching an Application

I needed to capture a delta between running processes on my Windows 7 computer before and after launching a particular application.  I could have used some freeware and shareware apps for this, but I wanted something stupid simple (as far as output), not something I had to sift through and tinker with settings, etc.  I hope you find it useful. Beware of word-wrapping when copying this mess.
'****************************************************************
' Filename..: taskdump.vbs
' Author....: David M. Stein
' Date......: 07/27/2010
' Purpose...: display user contexts of running processes on remote computer
' Notes.....: run as admin (re: remote computer)
'****************************************************************
Option Explicit

Const ForReading = 1
Const ForWriting = 2
Const offset = 78 ' start point on each row of dump file
Const offlen = 50 ' end point on each row of dump file

Dim objFile, strLine, uid, ulist
Dim objArgs, objFSO, objShell, mode
Dim strComputer, temp, outf, retval

'----------------------------------------------------------------
' comment: check if computer name was provided to script
'----------------------------------------------------------------

Set objArgs = WScript.Arguments
If objArgs.Count = 0 Then
strComputer = Trim(InputBox("Computer Name", "Computer Name"))
mode = 2
Else
strComputer = Trim(objArgs(0))
mode = 1
End If

If strComputer = "" Then
ShowUsage()
wscript.Quit(1)
End If

wscript.echo "info: computer is " & strComputer

'----------------------------------------------------------------
' comment: continue on
'----------------------------------------------------------------

Set objShell = CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")

'----------------------------------------------------------------
' example dump...
'----------------------------------------------------------------
' Image Name PID Session Name Session# Mem Usage User Name CPU Time
' ========================= ======== ================ =========== ============ ================================================== ============
' System Idle Process 0 0 28 K N/A 0:43:57
' System 4 0 240 K NT AUTHORITY\SYSTEM 0:00:13
' smss.exe 548 0 388 K NT AUTHORITY\SYSTEM
'----------------------------------------------------------------

'----------------------------------------------------------------
' comment: define output (dump) file path and name
'----------------------------------------------------------------

temp = objShell.ExpandEnvironmentStrings("%temp%")
outf = temp & "\" & strComputer & ".tsk"
ulist = ""

'----------------------------------------------------------------
' comment: run tasklist to produce dump file
'----------------------------------------------------------------

retval = objShell.Run("cmd /c tasklist /s " & strComputer & " /v >" & outf, 7, True)
wscript.echo "info: exit code was " & retval

'----------------------------------------------------------------
' comment: if dump file found, open and parse it
'----------------------------------------------------------------

If objFSO.FileExists(outf) Then
wscript.echo "info: reading dump file..."
On Error Resume Next
Set objFile = objFSO.OpenTextFile(outf, ForReading)
If err.Number = 0 Then
Do Until objFile.AtEndOfStream
strLine = Trim(objFile.Readline)
If strLine <> "" Then
uid = Trim(Mid(strLine, offset, offlen))
' ignore user "N/A"
If uid <> "N/A" And Left(uid, 3) <> "===" And Left(uid, 4) <> "User" Then
If ulist = "" Then
ulist = Ucase(uid)
Else
' only collect unique names
If InStr(ulist, Ucase(uid)) < 1 Then
ulist = ulist & vbTab & uid
End If
End If
End If
End If
Loop
objFile.Close
' display results
If mode = 1 Then
wscript.echo Replace(ulist, vbTab, vbCRLF)
Else
MsgBox Replace(ulist, vbTab, vbCRLF), 64, "User Processes on " & Ucase(strComputer)
End If
Else
wscript.echo "fail: error (" & err.Number & ") = " & err.Description
End If
Else
wscript.echo "fail: dump file not found"
End If

Sub ShowUsage()
wscript.echo
wscript.echo "usage: taskdump.vbs computername"
wscript.echo
End Sub

No comments:

Post a Comment