Modding a PowerShell Script Found on Stack Overflow

Question

I found this script Get-ProcessPlus by PMental here on Stack Overflow. With the help of zett42 and several others I manged to get it to run (very new to PS). Thanks guys, It had everything I was really looking for. I opted too see if I could have the script add one more feature. I wanted it too return the commandline value of the process. I got it to partially work. With my modifications it still runs as default, and by Id, but no longer by name. I have done quite a bit of reading but still can not get it to work properly. Here is the code and my mods. Any help would be appreciated.

*$Command = Get-WmiObject Win32_Process | select name, CommandLine*

function Get-ProcessPlus {
    [CmdletBinding(DefaultParameterSetName = 'Default')]
    param (
        [Parameter(ParameterSetName='ProcessName',Position = 0)]
        [string[]]
        $Name,
        *[Parameter(ParameterSetName='CommandLine',Position = 0)]
        [string[]]
        $Command,*
        [Parameter(ParameterSetName='PID',Position = 0)]
        [int[]]
        $Id

    )
    # Check which parameter set is in use and get our processes
    switch ($PSCmdlet.ParameterSetName) {
        'ProcessName' {
            $AllProcesses = Get-Process -Name $Name
            break
        }
        *'CommandLine' {
            $AllProcesses = Get-Process -Name $Command
            break
        }*
        'PID' {
            $AllProcesses = Get-Process -Id $Id
            break
        }
        default { $AllProcesses = Get-Process }
    }
    foreach ($Process in $AllProcesses) {
        # Retrieve TCP and UDP Connection information for the current process (if any)
        $UDPConnections = Get-NetUDPEndpoint -OwningProcess $Process.Id -ErrorAction Ignore |
            Select-Object LocalAddress,LocalPort
        $TCPConnections = Get-NetTCPConnection -OwningProcess $Process.Id -State Listen -ErrorAction Ignore |
            Select-Object LocalAddress,LocalPort
        $TCPPorts = $TCPConnections.LocalPort | Where-Object { $null -ne $_} | Select-Object -Unique
        $UDPPorts = $UDPConnections.LocalPort | Where-Object { $null -ne $_} | Select-Object -Unique
        $TCPAddresses = $TCPConnections.LocalAddress | Select-Object -Unique
        $UDPAddresses = $UDPConnections.LocalAddress | Select-Object -Unique
        # Collect and output all information about the current process
        [PSCustomObject] @{
            'ProcessName'   = $Process.ProcessName
            'Id'            = $Process.Id
            'Description'   = $Process.Description
            'Path'          = $Process.Path
            *'CommandLine'  = $Process.Command*
            'CPU usage (s)' = $Process.CPU
            'TCP Addresses' = $TCPAddresses
            'TCP Ports'     = $TCPPorts
            'UDP Addresses' = $UDPAddresses
            'UDP Ports'     = $UDPPorts
        }
    }
}

Answer 1

You need to match the Get-WMIObject output to the Get-Process Output. In your case, just replace this line:

'CommandLine' = $Process.Command

With this:

# Query WMI for process command line
'CommandLine'   = Get-WmiObject -Query "
  SELECT CommandLine from Win32_Process WHERE ProcessID = $($Process.ID)" | 
  # Select only the commandline property so we can display it
  Select -ExpandProperty CommandLine  

My output looks like so:

Get-ProcessPlus -Name notepad

ProcessName   : notepad
Id            : 10568
Description   : Notepad
Path          : C:\WINDOWS\system32\notepad.exe
CommandLine   : "C:\WINDOWS\system32\notepad.exe" C:\temp\test.txt
CPU usage (s) : 0.390625