getting at processes with python and WMI
In the last week or so I have discovered the wonderful world of Microsoft’s Windows Management Instrumentation (WMI). Being a huge corporation, there are certain things that MS pulls of quite well, and WMI is one of them. Here is how to get at the running process data using Python and WMI (my answer to a question posed on the python-win32 mailing list).
>>> from win32com.client import GetObject
>>> WMI = GetObject(’winmgmts:’)
Here is how to get the process list:
>>> processes = WMI.InstancesOf(’Win32_Process’)
>>> len(processes)
41
So we have 41 running processes…let’s find out their names.
>>> [process.Properties_('Name').Value for process in processes] # get the process names
[u'System Idle Process', u'System', u'SMSS.EXE', u'CSRSS.EXE', u'WINLOGON.EXE', u'SERVICES.EXE', u'LSASS.EXE', u'SVCHOST.EXE', u'SVCHOST.EXE', u'SVCHOST.EXE', u'SVCHOST.EXE', u'SPOOLSV.EXE', u'ati2evxx.exe', u'BAsfIpM.exe', u'defwatch.exe', u'inetinfo.exe', u'mdm.exe', u'rtvscan.exe', u'SCARDSVR.EXE', u'WLTRYSVC.EXE', u'BCMWLTRY.EXE', u'EXPLORER.EXE', u'Apoint.exe', u'carpserv.exe', u'atiptaxx.exe', u'quickset.exe', u'DSentry.exe', u'Directcd.exe', u'vptray.exe', u'ApntEx.exe', u'FaxCtrl.exe', u'digstream.exe', u'CTFMON.EXE', u'wuauclt.exe', u'IEXPLORE.EXE', u'Pythonwin.exe', u'MMC.EXE', u'OUTLOOK.EXE', u'LineMgr.exe', u'SAPISVR.EXE', u'WMIPRVSE.EXE']
Here is how to get a single process and get its PID.
>>> p = WMI.ExecQuery(’select * from Win32_Process where Name=”Pythonwin.exe”‘)
p is now an iterable container of the query results
>>> [prop.Name for prop in p[0].Properties_] # let’s look at all the process property names
[u'Caption', u'CommandLine', u'CreationClassName', u'CreationDate', u'CSCreationClassName', u'CSName', u'Description', u'ExecutablePath', u'ExecutionState', u'Handle', u'HandleCount', u'InstallDate', u'KernelModeTime', u'MaximumWorkingSetSize', u'MinimumWorkingSetSize', u'Name', u'OSCreationClassName', u'OSName', u'OtherOperationCount', u'OtherTransferCount', u'PageFaults', u'PageFileUsage', u'ParentProcessId', u'PeakPageFileUsage', u'PeakVirtualSize', u'PeakWorkingSetSize', u'Priority', u'PrivatePageCount', u'ProcessId', u'QuotaNonPagedPoolUsage', u'QuotaPagedPoolUsage', u'QuotaPeakNonPagedPoolUsage', u'QuotaPeakPagedPoolUsage', u'ReadOperationCount', u'ReadTransferCount', u'SessionId', u'Status', u'TerminationDate', u'ThreadCount', u'UserModeTime', u'VirtualSize', u'WindowsVersion', u'WorkingSetSize', u'WriteOperationCount', u'WriteTransferCount']
>>> p[0].Properties_(’ProcessId’).Value # get our ProcessId
928
Note that this is the syntax used after running makepy against WMI. You could also use the module at this site:
http://tgolden.sc.sabren.com/python/wmi.html
This might have been a clearer way to deal with a single process:
p = WMI.ExecQuery(’select * from Win32_Process where Name=”Pythonwin.exe”‘)[0]
Since we know we will get only one result from our query, why bother with a one element collection?
must go to sleep
cw