Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## show process details for any werfault.exe processes
- ## command line will be where -p argument is the process id:
- ## C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 836
- ## note use of script: scope for $c variable so can use in multiple calculated properties
- gcim win32_process -filter "name = 'werfault.exe'"| select name,processid,CreationDate,@{n='Crashee';e={$($script:c=$null;if( $_.CommandLine -match ' -p (\d+)' ) { ($script:c = Get-Process -id $matches[1]) | Select -expand path } else { $script:c = $null }) }},@{n='Start Time';e={$script:c|Select -expand starttime}}
- ## can then get a dump of the crashed processes via taskmgr, SysInternals procdump, etc
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
