How to do this in PowerShell

[jbarelds]

Hi all,

I'm used to cmd scripting, and struggle to find Powershell counterparts for some common scripting techniques.

Let's examine the following example:

C:\Windows\System32\inetsrv>appcmd.exe list vdir

VDIR "Default Web Site/" (physicalPath:C:\inetpub\[URL unfurl="true"]wwwroot)[/URL]
VDIR "Webshop/" (physicalPath:C:\InetPub\Webshop)
VDIR "Webshop/App0/" (physicalPath:C:\Inetpub\Webshop\App0)
VDIR "Webshop/App1/" (physicalPath:C:\Inetpub\Webshop\App1)
VDIR "Webshop/App2/" (physicalPath:C:\Inetpub\Webshop\App2)
VDIR "Webshop/App3/" (physicalPath:C:\Inetpub\Webshop\App3)
VDIR "Webshop/App4/" (physicalPath:C:\Inetpub\Webshop\App4)
VDIR "Webshop/App5/" (physicalPath:C:\Inetpub\Webshop\App5)
VDIR "Webshop/App6/" (physicalPath:C:\Inetpub\Webshop\App6)

Let's say I want to show just the custom 'App' vdirs, and the 2nd property of them (logical path). In cmd I'd do something like:

C:\Windows\System32\inetsrv>for /f "tokens=2" %i in ('"appcmd.exe list vdir | find "App""') do @echo %i

"Webshop/App0/"
"Webshop/App1/"
"Webshop/App2/"
"Webshop/App3/"
"Webshop/App4/"
"Webshop/App5/"
"Webshop/App6/"

How can I do this in PowerShell? (putting the result in an array of strings)

 

[jbarelds]

To be more specific, let's examine the following .ps1 script

$tl=(& tasklist)
$tl

This will create an array identified by $tl which contains strings, one string object per line returned. The second line will output the contents of the array to screen:

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Services                   0         24 K
System                           4 Services                   0        308 K
smss.exe                       280 Services                   0      1.228 K
csrss.exe                      468 Services                   0      4.772 K
wininit.exe                    548 Services                   0      4.656 K
csrss.exe                      568 Console                    1     14.664 K
services.exe                   604 Services                   0     14.240 K
...etc...

Now, how do I filter on lines containing '.exe', and then just store the PID per match in a new array (containing strings)?

 

[crobin1]

PowerShell actually has a native command for getting process information, Get-Process. Since it returns objects, it's a little easier to work with than parsing the strings. For things that don't have native PowerShell equivalents, there are commands such as Select-String for the equivalent of Find and operators such as -match that can use regular expressions to pull information out of strings.

The following gets all processes, filters to get ones with a value in MainModule (which cuts out ones such as System), selects only the PID, and then assigns all of those to the variable $p. Note that in this case $p is an object with all the IDs assigned to it (instead of an array of strings).

$p = Get-Process | Where {$_.MainModule -ne $null} | Select ID
$p

Does that help?

 

[jbarelds]

Thanks for the Select-String suggestion!

Been googling for some time, but I can't find an example of how to use the -match operator with regular expressions in order to split a string in separate fields, delimited by some char.

Also, I think it's weird having to resort to regexps for something this simple and common. I just want the n-th field of a 'tokenized' string. Isn't there an easier approach then regexps?

 

[mikrom]

Something like this seems to work:

[COLOR=#0000ff]# Run from command line:[/color]
[COLOR=#0000ff]# powershell -ExecutionPolicy RemoteSigned .\find_exe_task.ps1[/color]

[COLOR=#008080]$tl[/color] = tasklist | [COLOR=#804040][b]sort-object[/b][/color]

[COLOR=#0000ff]# writing all lines[/color]
echo [COLOR=#ff00ff]"* Lines containing .EXE:"[/color]
[COLOR=#804040][b]foreach[/b][/color]([COLOR=#008080]$line[/color] [COLOR=#804040][b]in[/b][/color] [COLOR=#008080]$tl[/color]){
  [COLOR=#804040][b]if[/b][/color] ([COLOR=#008080]$line[/color] -[COLOR=#804040][b]match[/b][/color] [COLOR=#ff00ff]".exe"[/color]) {
    echo [COLOR=#008080]$line[/color]
  }
}

echo [COLOR=#ff00ff]""[/color]

[COLOR=#0000ff]# writing only first column -i.e EXE name[/color]
echo [COLOR=#ff00ff]"* Tasks containing .EXE (case sensitive):"[/color]
[COLOR=#804040][b]foreach[/b][/color]([COLOR=#008080]$line[/color] [COLOR=#804040][b]in[/b][/color] [COLOR=#008080]$tl[/color]){
  [COLOR=#0000ff]# split line into array[/color]
  [COLOR=#008080]$line_arr[/color] = [COLOR=#2e8b57][b][regex][/b][/color]::split([COLOR=#008080]$line[/color],[COLOR=#ff00ff]"\s+"[/color])
  [COLOR=#0000ff]# if first array element contains EXE, then print it [/color]
  [COLOR=#804040][b]if[/b][/color] ([COLOR=#008080]$line_arr[/color][COLOR=#2e8b57][b][0][/b][/color] -cmatch [COLOR=#ff00ff]".EXE"[/color]) {
    echo [COLOR=#008080]$line_arr[/color][COLOR=#2e8b57][b][0][/b][/color]
  }
}

Output:

C:\_mikrom\Work\PowerShell>powershell -ExecutionPolicy RemoteSigned .\find_exe_task.ps1
* Lines containing .EXE:
amswmagt.exe                1796 Console                 0      5.860 K
ati2evxx.exe                 548 Console                 0      4.752 K
...
...
winlogon.exe                1156 Console                 0      7.552 K
wmiprvse.exe                3992 Console                 0      6.004 K
xtagent.exe                 1416 Console                 0      3.748 K

* Tasks containing .EXE (case sensitive):
DWRCS.EXE
DWRCST.EXE
TOTALCMD.EXE

 

[crobin1]

There's also a -Split operator that can do simple matches as well as regexp. See

http://technet.microsoft.com/en-us/library/dd347708.aspx

or

http://tasteofpowershell.blogspot.com/2009/08/string-manipulation-splitting-and.html

for some possibilities.

 

[mikrom]

Yes, I tried the function split() before but I think it didn't work as I expected: $line_arr[0] was ok, but $line_arr[1] was wrong.

 

[mikrom]

The example below is the comparision of string split and the regex split function.
This is what I found wrong with string split function:

[COLOR=#0000ff]# Run from command line:[/color]
[COLOR=#0000ff]# powershell -ExecutionPolicy RemoteSigned .\split_example.ps1[/color]

[COLOR=#008080]$tl[/color] = tasklist | [COLOR=#804040][b]sort-object[/b][/color]

echo [COLOR=#ff00ff]"* Processing output of command:"[/color]
[COLOR=#804040][b]foreach[/b][/color]([COLOR=#008080]$line[/color] [COLOR=#804040][b]in[/b][/color] [COLOR=#008080]$tl[/color]){
  echo [COLOR=#008080]$line[/color]
}

echo [COLOR=#ff00ff]""[/color]

echo [COLOR=#ff00ff]"* Using string split function:"[/color]
[COLOR=#804040][b]foreach[/b][/color]([COLOR=#008080]$line[/color] [COLOR=#804040][b]in[/b][/color] [COLOR=#008080]$tl[/color]){
  [COLOR=#0000ff]# split line into array[/color]
  [COLOR=#008080]$line_arr[/color] = [COLOR=#008080]$line[/color].split()
  [COLOR=#0000ff]# array elements[/color]
  [COLOR=#008080]$e01[/color] = [COLOR=#008080]$line_arr[/color][COLOR=#2e8b57][b][0][/b][/color]
  [COLOR=#008080]$e02[/color] = [COLOR=#008080]$line_arr[/color][COLOR=#2e8b57][b][1][/b][/color]
  [COLOR=#008080]$e03[/color] = [COLOR=#008080]$line_arr[/color][COLOR=#2e8b57][b][2][/b][/color]
  echo [COLOR=#ff00ff]"e01 = '$e01', e02= '$e02' , e03 = '$e03'"[/color] 
}

echo [COLOR=#ff00ff]""[/color]

echo [COLOR=#ff00ff]"* Using regex split function:"[/color]
[COLOR=#804040][b]foreach[/b][/color]([COLOR=#008080]$line[/color] [COLOR=#804040][b]in[/b][/color] [COLOR=#008080]$tl[/color]){
  [COLOR=#0000ff]# split line into array[/color]
  [COLOR=#008080]$line_arr[/color] = [COLOR=#2e8b57][b][regex][/b][/color]::split([COLOR=#008080]$line[/color],[COLOR=#ff00ff]"\s+"[/color])
  [COLOR=#0000ff]# array elements[/color]
  [COLOR=#008080]$e01[/color] = [COLOR=#008080]$line_arr[/color][COLOR=#2e8b57][b][0][/b][/color]
  [COLOR=#008080]$e02[/color] = [COLOR=#008080]$line_arr[/color][COLOR=#2e8b57][b][1][/b][/color]
  [COLOR=#008080]$e03[/color] = [COLOR=#008080]$line_arr[/color][COLOR=#2e8b57][b][2][/b][/color]
  echo [COLOR=#ff00ff]"e01 = '$e01', e02= '$e02' , e03 = '$e03'"[/color] 
}

Output:

* Processing output of command:

========================= ====== ================ ======== ============
amswmagt.exe                1288 Console                 0      5.860 K
ati2evxx.exe                 552 Console                 0      4.748 K
ati2evxx.exe                1448 Console                 0      3.176 K
avp.exe                     1916 Console                 0    211.432 K
avp.exe                     3632 Console                 0      4.528 K
avp.exe                     5868 Console                 0     14.484 K
CAF.exe                     2236 Console                 0     15.124 K
cam.exe                     1948 Console                 0      3.548 K
capmuamagt.exe              2100 Console                 0      4.660 K
...
...
wmiprvse.exe                2448 Console                 0      6.004 K
xtagent.exe                 1432 Console                 0      3.748 K

* Using string split function:
e01 = '', e02= '' , e03 = ''
e01 = '=========================', e02= '======' , e03 = '================'
e01 = 'amswmagt.exe', e02= '' , e03 = ''
e01 = 'ati2evxx.exe', e02= '' , e03 = ''
e01 = 'ati2evxx.exe', e02= '' , e03 = ''
e01 = 'avp.exe', e02= '' , e03 = ''
e01 = 'avp.exe', e02= '' , e03 = ''
e01 = 'avp.exe', e02= '' , e03 = ''
e01 = 'CAF.exe', e02= '' , e03 = ''
e01 = 'cam.exe', e02= '' , e03 = ''
e01 = 'capmuamagt.exe', e02= '' , e03 = ''
...
...
e01 = 'wmiprvse.exe', e02= '' , e03 = ''
e01 = 'xtagent.exe', e02= '' , e03 = ''

* Using regex split function:
e01 = '', e02= '' , e03 = ''
e01 = '=========================', e02= '======' , e03 = '================'
e01 = 'amswmagt.exe', e02= '1288' , e03 = 'Console'
e01 = 'ati2evxx.exe', e02= '552' , e03 = 'Console'
e01 = 'ati2evxx.exe', e02= '1448' , e03 = 'Console'
e01 = 'avp.exe', e02= '1916' , e03 = 'Console'
e01 = 'avp.exe', e02= '3632' , e03 = 'Console'
e01 = 'avp.exe', e02= '5868' , e03 = 'Console'
e01 = 'CAF.exe', e02= '2236' , e03 = 'Console'
e01 = 'cam.exe', e02= '1948' , e03 = 'Console'
e01 = 'capmuamagt.exe', e02= '2100' , e03 = 'Console'
...
...
e01 = 'wmiprvse.exe', e02= '2448' , e03 = 'Console'
e01 = 'xtagent.exe', e02= '1432' , e03 = 'Console'

I really don't understand how the string split function works, because the array elements $line_arr[1], $line_arr[2],.. etc seems to be empty.
IMHO, the regex split function is ok, but the string split function is wrong.

 

[mikrom]

Now I understand: string split function splits by default only by one space, i.e the following code

$tl = tasklist | sort-object

foreach($line in $tl){
  echo $line
  # split line into array
  #$line_arr = [regex]::split($line,"\s+")
  $line_arr = $line.split(" ")
  # array elements
  $i=0
  foreach ($elem in $line_arr){
    echo "elem[$i] = $elem"
    $i++
  }
}

delivers this result

...
amswmagt.exe                1288 Console                 0      6.280 K
elem[0] = amswmagt.exe
elem[1] = 
elem[2] = 
elem[3] = 
elem[4] = 
elem[5] = 
elem[6] = 
elem[7] = 
elem[8] = 
elem[9] = 
elem[10] = 
elem[11] = 
elem[12] = 
elem[13] = 
elem[14] = 
elem[15] = 
elem[16] = 1288
elem[17] = Console
elem[18] = 
elem[19] = 
elem[20] = 
elem[21] = 
elem[22] = 
elem[23] = 
elem[24] = 
elem[25] = 
elem[26] = 
elem[27] = 
elem[28] = 
elem[29] = 
elem[30] = 
elem[31] = 
elem[32] = 
elem[33] = 
elem[34] = 0
elem[35] = 
elem[36] = 
elem[37] = 
elem[38] = 
elem[39] = 
elem[40] = 6.280
elem[41] = K
...

But I still don't understand this behaviour of the string split function.

For example using similar function in perl:

$line="amswmagt.exe                1288 Console                 0      5.860 K";
@line_arr = split(" ", $line);
$i=0;
foreach my $elem (@line_arr) {
  printf "elem[%d] = %s\n", $i, $elem;
  $i++;
}

delivers this result

elem[0] = amswmagt.exe
elem[1] = 1288
elem[2] = Console
elem[3] = 0
elem[4] = 5.860
elem[5] = K

and Python delivers the same:

>>> s = "amswmagt.exe                1288 Console                 0      5.860 K"
>>> print s.split()
['amswmagt.exe', '1288', 'Console', '0', '5.860', 'K']

 

[crobin1]

Maybe this could help:

http://jdhitsolutions.com/blog/2012/01/convert-text-to-object-updated/