Description: Uses pslist from the open source pstools suite from to produce a hash containing current process data.

Takes a set of key,value pairs. Currently accepts 'process' and 'machine' keys. Will extend with additional pslist options at a later date. NOTE, leading \\ on machine name is optional, and process name should not have an extension.

There probably is a better way to do this, but this tool works on local and remote machines and its really easy to use...


Or maybe that isnt the best excuse?

use strict;
use warnings;
use constant Process_EXE => 'pslist.exe';

sub process_hash {
    my %params=@_;
    my $find_process=quotemeta($params{process}||"");
    my $machine =($params{machine}||"");
    $machine="\\\\".$machine if $machine && $machine!~/^\\\\/;

    open my $process,"pslist.exe $machine |" or die " Cant open pstool
    my %processes;
    my @field_names=("Name","Pid","Pri","Thd","Hnd","Mem","User Time",
+"Kernel Time","Elapsed Time");
    while (<$process>) {
        my @process_data=split/\s+/;
        next unless @process_data==9;
        if ($process_data[1]=~/pid/i) {
        } else {
            my %process;
            return \%process if $process_data[0]=~/^$find_process$/i;
    return $find_process ? undef : \%processes;

use Data::Dumper;
# All processes on local machine
print Dumper(process_hash());
# Process info about explorer
print Dumper(process_hash(process=>'explorer'));
# Process list from a remote machine
print Dumper(process_hash(machine=>'brahma'));