Get-BluGenieServiceList



Get-BluGenieServiceList

SYNOPSIS

Get a full list of Services, with Process Handle information

SYNTAX

Get-BluGenieServiceList [[-FilterType] <String>] [-Pattern <String>] [-Managetype <String>] [-ManageServicetype <String>] [-Algorithm <String>] [-Signature] [-TrackChanges] [-OverrideTracked] [-RevertTracked] 
[-ClearGarbageCollecting] [-UseCache] [-CachePath <String>] [-RemoveCache] [-DBName <String>] [-DBPath <String>] [-UpdateDB] [-ForceDBUpdate] [-NewDBTable] [-Walkthrough] [-ReturnObject] [-OutUnEscapedJSON] 
[-OutYaml] [-FormatView <String>] [<CommonParameters>]

DESCRIPTION

Get a full list of Services, with Process Handle information

EXAMPLES

EXAMPLE 1

Command: Get-BluGenieServiceList
Description: Return information for all running Services and associated Processes
Notes:
		- Sample Output -
                 "Name":  "WpnUserService_9faea",
                 "DesktopInteract":  false,
                 "PathName":  "C:\\WINDOWS\\system32\\svchost.exe -k UnistackSvcGroup",
                 "ServiceType":  "Unknown",
                 "StartMode":  "Auto",
                 "Caption":  "Windows Push Notifications User Service_9faea",
                 "Description":  "This service hosts Windows notification platform which provides support for local and push notifications. ",
                 "DisplayName":  "Windows Push Notifications User Service_9faea",
                 "InstallDate":  null,
                 "ProcessId":  1388,
                 "Started":  true,
                 "StartName":  null,
                 "State":  "Running",
                 "ProcessName":  "svchost.exe",
                 "ProcessPath":  "c:\\windows\\system32\\svchost.exe",
                 "ProcessCommandLine":  "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup -s WpnUserService",
                 "ProcessSessionId":  1,
                 "ProcessOwner":  "TESTLAB\\Administrator",
                 "ServiceExecPath":  "C:\\WINDOWS\\system32\\svchost.exe",
                 "Hash":  "32569e403279b3fd2edb7ebd036273fa"

EXAMPLE 2

Command: Get-BluGenieServiceList -Algorithm SHA256
Description: Change the Algorithm to SHA256
Notes:

EXAMPLE 3

Command: Get-BluGenieServiceList -FilterType Name -Pattern Maps
Description: Filter running Services and associated Processes that match the search value
Notes:

EXAMPLE 4

Command: Get-BluGenieServiceList -FilterType Name -Pattern 'XboxNetApiSvc' -ManageServicetype Stop
Description: Stop the Service ( XboxNetApiSvc )
Notes:

EXAMPLE 5

Command: Get-BluGenieServiceList -FilterType Hash -Pattern 'bfbecf7e48cbdbf1fb2c51164ef9e5f5' -Managetype Stop
Description: Terminate the Process associated with the Service
Notes:

EXAMPLE 6

Command: Get-BluGenieServiceList -Pattern 'XboxNetApiSvc' -ManageServicetype Stop -TrackChanges
Description: Track changes to the Service.  All information will be added to the registr under HKEY_LOCAL_MACHINE\SOFTWARE\BluGenie\ServiceList
Notes:

EXAMPLE 7

Command: Get-BluGenieServiceList -Pattern 'XboxNetApiSvc' -ManageServicetype Stop -TrackChanges -OverrideTracked
Description: Override or Force the Tracked informatrion to be tracked again
Notes:

EXAMPLE 8

Command: Get-BluGenieServiceList -Pattern 'XboxNetApiSvc' -OutUnEscapedJSON -RevertTracked
Description:
Notes:

EXAMPLE 9

Command: Get-BluGenieServiceList -Help
Description: Call Help Information
Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal
			Get-Help will be called with the -Full parameter

EXAMPLE 10

Command: Get-BluGenieServiceList -WalkThrough
Description: Call Help Information [2]
Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal
			Get-Help will be called with the -Full parameter

EXAMPLE 11

Command: Get-BluGenieServiceList -OutUnEscapedJSON
Description: Get-BluGenieServiceList and Return Output as UnEscaped JSON format
Notes:  The OutUnEscapedJSON is used to beatify the JSON return and not Escape any Characters.  Normal return data is a Hash Table.

EXAMPLE 12

Command: Get-BluGenieServiceList -ReturnObject
Description: Get-BluGenieServiceList and Return Output an Object
Notes:  The ReturnObject is used to return a PowerShell Object.  Normal return data is a Hash Table.

EXAMPLE 13

Command: Get-BluGenieServiceList -OutYaml
Description: Return a detailed function report in YAML format
Notes:  The OutUnEscapedJSON is used to Beautify the JSON return and not Escape any Characters.  Normal return data is a Hash Table.

PARAMETERS

FilterType

-FilterType <String>
   Description:  Which property to filter by
         Notes:
             Filter Option
   	•	"Name"
   				Service Name (Default Value)
             •	"DesktopInteract"
   				Does the service interact with the Desktop [ True / False ]
             •	"PathName"
   				Service Path
             •	"ServiceType"
   				Service Type ( Share Process / Own Process )
             •	"StartMode"
   				Start Mode ( Manual / Started / Auto )
             •	"Caption"
   				Service Caption
             •	"Description"
   				Service Description
             •	"DisplayName"
   				Service Display Name
             •	"InstallDate"
   				Service Installed Date
             •	"ProcessId"
   				The current Process ID associated with the Service
             •	"Started"
   				Is the Service currently Started ( True / False )
             •	"StartName"
   				What Account is the Service associated with
             •	"State"
   				Running state of the currect service ( Running / Stopped )
             •	"ProcessName"
   				The Process name associated with the Service
             •	"ProcessPath"
   				The path of the Process associated with the Service
             •	"ProcessCommandLine"
   				The command line used with the Service
             •	"ProcessSessionId"
   				The Process ID (PID) associated with the Service
             •	"ProcessOwner"
   				The Owner of the Process
             •	"ServiceExecPath"
   				Path to the Service
             •	"Hash"
   				The Hash value of the Process ( MACTripleDES / MD5 / RIPEMD160 / SHA1 / SHA256 / SHA384 / SHA512 )
             •	"Signature_Comment"
   				Display error message while pulling Signature Information [Note: This is only available if you use the -Signature switch]
             •	"Signature_FileVersion"
   				File Version and OS Build information in part of the OS [Note:  This is only available if you use the -Signature switch]
             •	"Signature_Description"
   				The description of the files signature [Note:  This is only available if you use the -Signature switch]
             •	"Signature_Date"
   				Date when the file was signed [Note:  This is only available if you use the -Signature switch]
             •	"Signature_Company"
   				The company signing the file [Note:  This is only available if you use the -Signature switch]
             •	"Signature_Publisher"
   				The Publisher signing the file [Note:  This is only available if you use the -Signature switch]
             •	"Signature_Verified"
   				Verification ( Signed / UnSigned / Null ) [Note:  This is only available if you use the -Signature switch]
   Alias:
   ValidateSet: 'Name','DesktopInteract','PathName','ServiceType','StartMode','Caption','Description','DisplayName','InstallDate','ProcessId','Started','StartName','State','ProcessName','ProcessPath','ProcessComm
   andLine','ProcessSessionId','ProcessOwner','ServiceExecPath','Hash','Signature_Comment','Signature_FileVersion','Signature_Description','Signature_Date','Signature_Company','Signature_Publisher','Signature_Ver
   ified'
   
   Required?                    false
   Position?                    2
   Default value                Name
   Accept pipeline input?       false
   Accept wildcard characters?  false

Pattern

-Pattern <String>
   Description: Search Pattern using RegEx
   Notes: Default Value = '.*'
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                .*
   Accept pipeline input?       false
   Accept wildcard characters?  false

Managetype

-Managetype <String>
   Description: Manage the behavior of the process (Suspend, Resume, Stop)
   Notes:
   Alias:
   ValidateSet: Suspend,Resume,Stop
   
   Required?                    false
   Position?                    named
   Default value                
   Accept pipeline input?       false
   Accept wildcard characters?  false

ManageServicetype

-ManageServicetype <String>
   Description: Manage the behavior of the Service (Suspend, Resume, Remove)
   Notes:
   Alias:
   ValidateSet: Suspend,Resume,Remove
   
   Required?                    false
   Position?                    named
   Default value                
   Accept pipeline input?       false
   Accept wildcard characters?  false

Algorithm

-Algorithm <String>
   Description:  Specifies the cryptographic hash to use for computing the hash value of the contents of the specified file.
   Notes:  The acceptable values for this parameter are:
   
               - SHA1
               - SHA256
               - SHA384
               - SHA512
               - MACTripleDES
               - MD5 = (Default)
               - RIPEMD160
   Alias:
   ValidateSet: 'MACTripleDES','MD5','RIPEMD160','SHA1','SHA256','SHA384','SHA512'
   
   Required?                    false
   Position?                    named
   Default value                MD5
   Accept pipeline input?       false
   Accept wildcard characters?  false

Signature

-Signature [<SwitchParameter>]
   Description: Query Signature information
   Notes:
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

TrackChanges

-TrackChanges [<SwitchParameter>]
   Description: Backup and Track the changes to the Service you are modifying
   Notes: Values stored in the registry under 'HKEY_LOCAL_MACHINE\SOFTWARE\BluGenie\ServiceList'
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

OverrideTracked

-OverrideTracked [<SwitchParameter>]
   Description: Force a Backup and Track the changes to the Service you are modifying
   Notes: Values stored in the registry under 'HKEY_LOCAL_MACHINE\SOFTWARE\BluGenie\ServiceList'
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

RevertTracked

-RevertTracked [<SwitchParameter>]
   Description: Restore the Tracked changes to the Service you originally modified
   Notes:
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

ClearGarbageCollecting

-ClearGarbageCollecting [<SwitchParameter>]
   Description: Garbage Collection in Powershell to Speed up Scripts and help lower memory consumption
   Notes: This is enabled by default.  To disable use -ClearGarbageCollecting:$False
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

UseCache

-UseCache [<SwitchParameter>]
   Description: Cache found objects to disk.  This is to not over tax Memory resources with found artifacts
   Notes: By default the Cache location is %SystemDrive%\Windows\Temp
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

CachePath

-CachePath <String>
   Description: Path to store the Cache information
   Notes: By default the Cache location is %SystemDrive%\Windows\Temp
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                $('{0}\Windows\Temp\{1}.log' -f $env:SystemDrive, $(New-BluGenieUID))
   Accept pipeline input?       false
   Accept wildcard characters?  false

RemoveCache

-RemoveCache [<SwitchParameter>]
   Description: Remove Cache data on completion
   Notes: Cache information is removed right before the data is returned to the calling process
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

DBName

-DBName <String>
   Description: Database Name (Without extention)
   Notes: The default name is set to 'BluGenie'
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                BluGenie
   Accept pipeline input?       false
   Accept wildcard characters?  false

DBPath

-DBPath <String>
   Description: Path to either Save or Update the Database
   Notes: The default path is $('{0}\BluGenie' -f $env:ProgramFiles)  Example: C:\Program Files\BluGenie
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                $('{0}\BluGenie' -f $env:ProgramFiles)
   Accept pipeline input?       false
   Accept wildcard characters?  false

UpdateDB

-UpdateDB [<SwitchParameter>]
   Description: Save return data to the Sqlite Database
   Notes:
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

ForceDBUpdate

-ForceDBUpdate [<SwitchParameter>]
   Description: Force an update of the return data to the Sqlite Database
   Notes: By default only new items are saved.  The primary key is ( FullName )
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

NewDBTable

-NewDBTable [<SwitchParameter>]
   Description: Delete and Recreate the Database Table
   Notes:
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

Walkthrough

-Walkthrough [<SwitchParameter>]
   Description:  Start the dynamic help menu system to help walk through the current command and all of the parameters
   Notes:
   Alias: Help
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

ReturnObject

-ReturnObject [<SwitchParameter>]
   Description: Return information as an Object
   Notes: By default the data is returned as a Hash Table
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

OutUnEscapedJSON

-OutUnEscapedJSON [<SwitchParameter>]
   Description: Remove UnEsacped Char from the JSON information.
   Notes: This will beautify json and clean up the formatting.
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

OutYaml

-OutYaml [<SwitchParameter>]
   Description: Return detailed information in Yaml Format
   Notes: Only supported in Posh 3.0 and above
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

FormatView

-FormatView <String>
   Description: Automatically format the Return Object
   Notes: Yaml is only supported in Posh 3.0 and above
   Alias:
   ValidateSet: 'Table','Custom','CustomModified','None','JSON','OutUnEscapedJSON','CSV', 'Yaml'
   
   Required?                    false
   Position?                    named
   Default value                None
   Accept pipeline input?       false
   Accept wildcard characters?  false

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Last updated