# Get-BluGenieServiceList ### Get-BluGenieServiceList ### SYNOPSIS Get a full list of Services, with Process Handle information ### SYNTAX ``` Get-BluGenieServiceList [[-FilterType] ] [-Pattern ] [-Managetype ] [-ManageServicetype ] [-Algorithm ] [-Signature] [-TrackChanges] [-OverrideTracked] [-RevertTracked] [-ClearGarbageCollecting] [-UseCache] [-CachePath ] [-RemoveCache] [-DBName ] [-DBPath ] [-UpdateDB] [-ForceDBUpdate] [-NewDBTable] [-Walkthrough] [-ReturnObject] [-OutUnEscapedJSON] [-OutYaml] [-FormatView ] [] ``` ### DESCRIPTION Get a full list of Services, with Process Handle information ### EXAMPLES #### EXAMPLE 1 ``` Command: Get-BluGenieServiceList ``` ``` Description: Return information for all running Services and associated Processes Notes: - Sample Output - "Name": "WpnUserService_9faea", "DesktopInteract": false, "PathName": "C:\\WINDOWS\\system32\\svchost.exe -k UnistackSvcGroup", "ServiceType": "Unknown", "StartMode": "Auto", "Caption": "Windows Push Notifications User Service_9faea", "Description": "This service hosts Windows notification platform which provides support for local and push notifications. ", "DisplayName": "Windows Push Notifications User Service_9faea", "InstallDate": null, "ProcessId": 1388, "Started": true, "StartName": null, "State": "Running", "ProcessName": "svchost.exe", "ProcessPath": "c:\\windows\\system32\\svchost.exe", "ProcessCommandLine": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup -s WpnUserService", "ProcessSessionId": 1, "ProcessOwner": "TESTLAB\\Administrator", "ServiceExecPath": "C:\\WINDOWS\\system32\\svchost.exe", "Hash": "32569e403279b3fd2edb7ebd036273fa" ``` #### EXAMPLE 2 ``` Command: Get-BluGenieServiceList -Algorithm SHA256 ``` ``` Description: Change the Algorithm to SHA256 Notes: ``` #### EXAMPLE 3 ``` Command: Get-BluGenieServiceList -FilterType Name -Pattern Maps ``` ``` Description: Filter running Services and associated Processes that match the search value Notes: ``` #### EXAMPLE 4 ``` Command: Get-BluGenieServiceList -FilterType Name -Pattern 'XboxNetApiSvc' -ManageServicetype Stop ``` ``` Description: Stop the Service ( XboxNetApiSvc ) Notes: ``` #### EXAMPLE 5 ``` Command: Get-BluGenieServiceList -FilterType Hash -Pattern 'bfbecf7e48cbdbf1fb2c51164ef9e5f5' -Managetype Stop ``` ``` Description: Terminate the Process associated with the Service Notes: ``` #### EXAMPLE 6 ``` Command: Get-BluGenieServiceList -Pattern 'XboxNetApiSvc' -ManageServicetype Stop -TrackChanges ``` ``` Description: Track changes to the Service. All information will be added to the registr under HKEY_LOCAL_MACHINE\SOFTWARE\BluGenie\ServiceList Notes: ``` #### EXAMPLE 7 ``` Command: Get-BluGenieServiceList -Pattern 'XboxNetApiSvc' -ManageServicetype Stop -TrackChanges -OverrideTracked ``` ``` Description: Override or Force the Tracked informatrion to be tracked again Notes: ``` #### EXAMPLE 8 ``` Command: Get-BluGenieServiceList -Pattern 'XboxNetApiSvc' -OutUnEscapedJSON -RevertTracked ``` ``` Description: Notes: ``` #### EXAMPLE 9 ``` Command: Get-BluGenieServiceList -Help ``` ``` Description: Call Help Information Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal Get-Help will be called with the -Full parameter ``` #### EXAMPLE 10 ``` Command: Get-BluGenieServiceList -WalkThrough ``` ``` Description: Call Help Information [2] Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal Get-Help will be called with the -Full parameter ``` #### EXAMPLE 11 ``` Command: Get-BluGenieServiceList -OutUnEscapedJSON ``` ``` Description: Get-BluGenieServiceList and Return Output as UnEscaped JSON format Notes: The OutUnEscapedJSON is used to beatify the JSON return and not Escape any Characters. Normal return data is a Hash Table. ``` #### EXAMPLE 12 ``` Command: Get-BluGenieServiceList -ReturnObject ``` ``` Description: Get-BluGenieServiceList and Return Output an Object Notes: The ReturnObject is used to return a PowerShell Object. Normal return data is a Hash Table. ``` #### EXAMPLE 13 ``` Command: Get-BluGenieServiceList -OutYaml ``` ``` Description: Return a detailed function report in YAML format Notes: The OutUnEscapedJSON is used to Beautify the JSON return and not Escape any Characters. Normal return data is a Hash Table. ``` ### PARAMETERS #### FilterType ``` -FilterType Description: Which property to filter by Notes: Filter Option • "Name"  Service Name (Default Value) • "DesktopInteract"  Does the service interact with the Desktop [ True / False ] • "PathName"  Service Path • "ServiceType"  Service Type ( Share Process / Own Process ) • "StartMode"  Start Mode ( Manual / Started / Auto ) • "Caption"  Service Caption • "Description"  Service Description • "DisplayName"  Service Display Name • "InstallDate"  Service Installed Date • "ProcessId"  The current Process ID associated with the Service • "Started"  Is the Service currently Started ( True / False ) • "StartName"  What Account is the Service associated with • "State"  Running state of the currect service ( Running / Stopped ) • "ProcessName"  The Process name associated with the Service • "ProcessPath"  The path of the Process associated with the Service • "ProcessCommandLine"  The command line used with the Service • "ProcessSessionId"  The Process ID (PID) associated with the Service • "ProcessOwner"  The Owner of the Process • "ServiceExecPath"  Path to the Service • "Hash"  The Hash value of the Process ( MACTripleDES / MD5 / RIPEMD160 / SHA1 / SHA256 / SHA384 / SHA512 ) • "Signature_Comment"  Display error message while pulling Signature Information [Note: This is only available if you use the -Signature switch] • "Signature_FileVersion"  File Version and OS Build information in part of the OS [Note: This is only available if you use the -Signature switch] • "Signature_Description"  The description of the files signature [Note: This is only available if you use the -Signature switch] • "Signature_Date"  Date when the file was signed [Note: This is only available if you use the -Signature switch] • "Signature_Company"  The company signing the file [Note: This is only available if you use the -Signature switch] • "Signature_Publisher"  The Publisher signing the file [Note: This is only available if you use the -Signature switch] • "Signature_Verified"  Verification ( Signed / UnSigned / Null ) [Note: This is only available if you use the -Signature switch] Alias: ValidateSet: 'Name','DesktopInteract','PathName','ServiceType','StartMode','Caption','Description','DisplayName','InstallDate','ProcessId','Started','StartName','State','ProcessName','ProcessPath','ProcessComm andLine','ProcessSessionId','ProcessOwner','ServiceExecPath','Hash','Signature_Comment','Signature_FileVersion','Signature_Description','Signature_Date','Signature_Company','Signature_Publisher','Signature_Ver ified' Required? false Position? 2 Default value Name Accept pipeline input? false Accept wildcard characters? false ``` #### Pattern ``` -Pattern Description: Search Pattern using RegEx Notes: Default Value = '.*' Alias: ValidateSet: Required? false Position? named Default value .* Accept pipeline input? false Accept wildcard characters? false ``` #### Managetype ``` -Managetype Description: Manage the behavior of the process (Suspend, Resume, Stop) Notes: Alias: ValidateSet: Suspend,Resume,Stop Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false ``` #### ManageServicetype ``` -ManageServicetype Description: Manage the behavior of the Service (Suspend, Resume, Remove) Notes: Alias: ValidateSet: Suspend,Resume,Remove Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false ``` #### Algorithm ``` -Algorithm Description: Specifies the cryptographic hash to use for computing the hash value of the contents of the specified file. Notes: The acceptable values for this parameter are: - SHA1 - SHA256 - SHA384 - SHA512 - MACTripleDES - MD5 = (Default) - RIPEMD160 Alias: ValidateSet: 'MACTripleDES','MD5','RIPEMD160','SHA1','SHA256','SHA384','SHA512' Required? false Position? named Default value MD5 Accept pipeline input? false Accept wildcard characters? false ``` #### Signature ``` -Signature [] Description: Query Signature information Notes: Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### TrackChanges ``` -TrackChanges [] Description: Backup and Track the changes to the Service you are modifying Notes: Values stored in the registry under 'HKEY_LOCAL_MACHINE\SOFTWARE\BluGenie\ServiceList' Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### OverrideTracked ``` -OverrideTracked [] Description: Force a Backup and Track the changes to the Service you are modifying Notes: Values stored in the registry under 'HKEY_LOCAL_MACHINE\SOFTWARE\BluGenie\ServiceList' Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### RevertTracked ``` -RevertTracked [] Description: Restore the Tracked changes to the Service you originally modified Notes: Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### ClearGarbageCollecting ``` -ClearGarbageCollecting [] Description: Garbage Collection in Powershell to Speed up Scripts and help lower memory consumption Notes: This is enabled by default. To disable use -ClearGarbageCollecting:$False Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### UseCache ``` -UseCache [] Description: Cache found objects to disk. This is to not over tax Memory resources with found artifacts Notes: By default the Cache location is %SystemDrive%\Windows\Temp Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### CachePath ``` -CachePath Description: Path to store the Cache information Notes: By default the Cache location is %SystemDrive%\Windows\Temp Alias: ValidateSet: Required? false Position? named Default value $('{0}\Windows\Temp\{1}.log' -f $env:SystemDrive, $(New-BluGenieUID)) Accept pipeline input? false Accept wildcard characters? false ``` #### RemoveCache ``` -RemoveCache [] Description: Remove Cache data on completion Notes: Cache information is removed right before the data is returned to the calling process Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### DBName ``` -DBName Description: Database Name (Without extention) Notes: The default name is set to 'BluGenie' Alias: ValidateSet: Required? false Position? named Default value BluGenie Accept pipeline input? false Accept wildcard characters? false ``` #### DBPath ``` -DBPath Description: Path to either Save or Update the Database Notes: The default path is $('{0}\BluGenie' -f $env:ProgramFiles) Example: C:\Program Files\BluGenie Alias: ValidateSet: Required? false Position? named Default value $('{0}\BluGenie' -f $env:ProgramFiles) Accept pipeline input? false Accept wildcard characters? false ``` #### UpdateDB ``` -UpdateDB [] Description: Save return data to the Sqlite Database Notes: Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### ForceDBUpdate ``` -ForceDBUpdate [] Description: Force an update of the return data to the Sqlite Database Notes: By default only new items are saved. The primary key is ( FullName ) Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### NewDBTable ``` -NewDBTable [] Description: Delete and Recreate the Database Table Notes: Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### Walkthrough ``` -Walkthrough [] Description: Start the dynamic help menu system to help walk through the current command and all of the parameters Notes: Alias: Help ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### ReturnObject ``` -ReturnObject [] Description: Return information as an Object Notes: By default the data is returned as a Hash Table Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### OutUnEscapedJSON ``` -OutUnEscapedJSON [] Description: Remove UnEsacped Char from the JSON information. Notes: This will beautify json and clean up the formatting. Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### OutYaml ``` -OutYaml [] Description: Return detailed information in Yaml Format Notes: Only supported in Posh 3.0 and above Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### FormatView ``` -FormatView Description: Automatically format the Return Object Notes: Yaml is only supported in Posh 3.0 and above Alias: ValidateSet: 'Table','Custom','CustomModified','None','JSON','OutUnEscapedJSON','CSV', 'Yaml' Required? false Position? named Default value None Accept pipeline input? false Accept wildcard characters? false ``` #### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about\_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://manuals.blusapphire.io/blugenie/full-function-list/get-blugenieservicelist.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.