问题描述
$filepath = "C:\Users\vansteenkistea\Desktop\scriptExerciseProcessesWindows.csv"
$data = import-csv $filepath
$processes = get-process| Select-Object Path
$kNown = New-Object System.Collections.Generic.List[System.Object]
$malicIoUs = New-Object System.Collections.Generic.List[System.Object]
#Creating the arrays
$malArray = @()
$kNownArray = @()
$unkNownArray= @()
#fill up arrays with data
foreach ($line in $data)
{
$kNown.add($line.kNown)
$malicIoUs.add($line.malicIoUs)
}
foreach ($process in $processes)
{
foreach ($mal in $malicIoUs)
{
if ([bool]($process -like '*' + $mal +'*' ))
{
Write-Host "$($process.path) is mall"
$malArray+= $process.Path
}
}
foreach ($kNow in $kNown)
{
if ([bool]($process -like '*' + $kNow +'*' ))
{
Write-Host "$($process.path) is kNown"
$kNownArray += $process.Path
}
elseif ($process.Path.Length -ne 0)
{
Write-Host "$($process.path) is unkNown"
$unkNownArray+= $process.Path
}
}
}
$yourData = @(
@{kNown=$kNownArray;Unknwon=$unkNownArray;MalicIoUs=$malArray}| % { New-Object object | Add-Member -NotePropertyMembers $_ -Passthru }
)
$yourData
我的输出:
所需的输出:
看起来像这样的东西
我尝试了多种方法,例如格式化表格、将数据放在对象中而不是数组中等等。
有人知道如何在其属性下列出列中的值吗?
解决方法
也许是一个 for
循环来遍历列表?
$filepath = "C:\Users\vansteenkistea\Desktop\scriptExerciseProcessesWindows.csv"
$data = import-csv $filepath
$processes = get-process| Select-Object Path
$known = New-Object System.Collections.Generic.List[System.Object]
$malicious = New-Object System.Collections.Generic.List[System.Object]
#Creating the arrays
$malArray = @()
$knownArray = @()
$unknownArray= @()
#fill up arrays with data
foreach ($line in $data)
{
$known.add($line.known)
$malicious.add($line.malicious)
}
foreach ($process in $processes)
{
foreach ($mal in $malicious)
{
if ([bool]($process -like '*' + $mal +'*' ))
{
Write-Host "$($process.path) is mall"
$malArray+= $process.Path
}
}
foreach ($know in $known)
{
if ([bool]($process -like '*' + $know +'*' ))
{
Write-Host "$($process.path) is known"
$knownArray += $process.Path
}
elseif ($process.Path.Length -ne 0)
{
Write-Host "$($process.path) is unknown"
$unknownArray+= $process.Path
}
}
}
for ($i=0; $i -lt ($knownArray.Count + $unknownArray.Count + $malArray.Count); $i++){
[PSCustomObject]@{
Known = $knownArray[$i]
UnKnown = $unknownArray[$i]
Malicious = $malArray[$i] }
}
,
或者做这样的事情:
$filepath = "C:\Users\vansteenkistea\Desktop\scriptExerciseProcessesWindows.csv"
$data = Import-Csv $filepath
# create two strings,with non-empty fields are combined with the regex 'OR' pipe symbol
$regexKnown = ($data.known -ne '' | Select-Object -Unique | ForEach-Object { [regex]::Escape($_) }) -join '|'
$regexMalicious = ($data.malicious -ne ''| Select-Object -Unique | ForEach-Object { [regex]::Escape($_) }) -join '|'
$processes = (Get-Process).Path
$result = foreach($process in $processes) {
$known = $malicious = $false
if ([string]::IsNullOrWhiteSpace($process)) {
$unknown = $true
}
elseif ($process -match $regexMalicious) {
$malicious = $known = $true
$unknown = $false
}
elseif ($process -match $regexKnown) {
$known = $true
$unknown = $false
}
# output an object
[PsCustomObject]@{
Process = $process
Malicious = $malicious
Known = $known
Unknown = $unknown
}
}
# output on screen (if 'Format-Table -AutoSize' doesn'n fit,replace with 'Out-GridView'
$result | Format-Table -AutoSize
# save to Csv if you want
$result | Export-Csv -Path 'C:\Users\vansteenkistea\Desktop\WindowsProcesses.csv' -NoTypeInformation
输出如下:
Process Malicious Known Unknown
------- --------- ----- -------
C:\WINDOWS\system32\notepad.exe False True False
C:\WINDOWS\explorer.exe False True False
C:\Windows\System32\oobe\UserOOBEBroker.exe False False True
False False True
C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19122.89.0_x64__8wekyb3d8bbwe\YourPhone.exe True True False