如何终止运行超过30分钟的Windows进程 [英] How to kill a windows process running longer than 30 minutes

问题描述

我基本上需要实现两件事，

I basically need to achieve two things,

1. 找到在Windows服务器上运行的所有"firefox.exe"进程
2. 杀死那些已经运行了30分钟以上的机器

我有些零散，但不确定如何将所有这些集成在一起以使其作为Windows服务工作.

I have bits and pieces, but not sure how to integrate all of it to make it working as a windows service.

我到目前为止所拥有的-

What I have so far -

1)查找所有正在运行的firefox进程的方法

1) Way to find all running firefox process

wmic process get name,creationdate, processid | findstr firefox

2)基于PID终止进程的方法

2) Way to kill a process based on PID

taskkill /PID 827

还有什么?

• 根据creationdate进行计算，PID的运行时间超过30分钟
• 使用taskkill命令顺序终止所有符合上述条件的PID.
• 设置这是一项服务(我可能会知道)

• Calculate based on creationdate, which PID is running for longer than 30 mins
• Use the taskkill command to sequentially kill all the PIDs that fit the above criteria
• set this is a service (this I can probably figure out)

推荐答案

很容易想到，您无法在.bat中做到这一点".我知道那是我的第一反应.问题是您需要不直接支持且不简单的日期操作.但是随后，里奇·劳伦斯(Ritchie Lawrence)忙了起来，完成了编写必要的日期函数.

It's easy to think, "You can't do that in .bat". I know that was my first reaction. The problem is you need date manipulation which is not directly supported and is non-trivial. But then Ritchie Lawrence comes to the rescue, having done all the hard work of writing the necessary date functions.

WMI Process类提供UTC格式的CreationDate. Win32_OperatingSystem LocalDateTime以UTC格式提供当前时间.我们需要从LocalDataTime中减去最大寿命(在您的情况下为30分钟)，以获取CutOffTime.然后，我们可以使用它来过滤Process，最后是call terminate(而不是taskkill).不是使用findstr，而是使用WMI where过滤器(速度更快).

The WMI Process class provides CreationDate in UTC format. Win32_OperatingSystem LocalDateTime gives us the current time in UTC format. We need to subtract the maximum lifetime (30 minutes in your case) from LocalDataTime to get the CutOffTime. Then we can use that to filter Process, and finally call terminate (instead of taskkill). Rather than findstr, I use a WMI where filter (which is much faster).

以下代码似乎有效.由于这是杀死任务，因此您应该自己进行测试.

The following code seems to work. As this is KILLING TASKS, you should test this for yourself.

注意:if "%%p" GEQ "0"用于过滤wmic结果末尾的空白"行，该行不为空，但包含换行符.正如我们期望的那样，这似乎是一个简单而有效的测试(尽管也许有更好的方法来处理此问题).

Note: if "%%p" GEQ "0" is used to filter out the 'blank' line at the end of the results of wmic which is not empty but contains a newline character. As we're expecting a number, this seemed a simple and effective test (though maybe there's a better way to handle this).

@echo off
setlocal ENABLEDELAYEDEXPANSION ENABLEEXTENSIONS

set MaxRunningMinutes=30
set ProcessName=firefox.exe

for /f "usebackq skip=1" %%t in (
  `wmic.exe path Win32_OperatingSystem get LocalDateTime`) do (
    if "%%t" GEQ "0" set T=%%t)

rem echo !T!
rem echo !T:~,4!/!T:~4,2!/!T:~6,2! !T:~8,2!:!T:~10,2!:!T:~12,2!
rem echo !T:~15,-4! !T:~-4!

set fsec=!T:~15,-4!
set tzone=!T:~-4!

call :DateToSecs !T:~,4! !T:~4,2! !T:~6,2! !T:~8,2! !T:~10,2! !T:~12,2! UNIX_TIME
rem echo !UNIX_TIME!

set /a CutOffTime=UNIX_TIME-MaxRunningMinutes*60
rem echo !CutOffTime!

call :SecsToDate !CutOffTime! yy mm dd hh nn ss
rem echo !yy!/!mm!/!dd! !hh!:!nn!:!ss!
set UTC=!yy!!mm!!dd!!hh!!nn!!ss!.!fsec!!tzone!
rem echo !UTC!

wmic process where "name='%ProcessName%' AND CreationDate<'%UTC%'" call terminate

rem * Alternate kill method. May be useful if /F flag is needed to
rem * to forcefully terminate the process. (Add the /F flag to
rem * taskill cmd if needed.)

rem for /f "usebackq skip=1" %%p in (
rem   `wmic process where "name='%ProcessName%' AND CreationDate<'%UTC%'" get processid`) do (
rem   if "%%p" GEQ "0" taskkill /PID %%p)

goto :EOF

rem From: http://www.commandline.co.uk/lib/treeview/index.php
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:DateToSecs %yy% %mm% %dd% %hh% %nn% %ss% secs
::
:: By:   Ritchie Lawrence, updated 2002-08-13. Version 1.1
::
:: Func: Returns number of seconds elapsed since 1st January 1970 00:00:00
::       for a given calendar date and time of day. For NT4/2000/XP/2003.
::
:: Args: %1 year to convert, 2 or 4 digit (by val)
::       %2 month to convert, 1/01 to 12, leading zero ok (by val)
::       %3 day of month to convert, 1/01 to 31, leading zero ok (by val)
::       %4 hours to convert, 1/01 to 12 for 12hr times (minutes must be
::          suffixed by 'a' or 'p', 0/00 to 23 for 24hr clock (by val)
::       %5 mins to convert, 00-59 only, suffixed by a/p if 12hr (by val)
::       %6 secs to convert, 0-59 or 00-59 (by val)
::       %7 var to receive number of elapsed seconds (by ref)
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

setlocal ENABLEEXTENSIONS
set yy=%1&set mm=%2&set dd=%3&set hh=%4&set nn=%5&set ss=%6
if 1%yy% LSS 200 if 1%yy% LSS 170 (set yy=20%yy%) else (set yy=19%yy%)
set /a dd=100%dd%%%100,mm=100%mm%%%100
set /a z=14-mm,z/=12,y=yy+4800-z,m=mm+12*z-3,j=153*m+2
set /a j=j/5+dd+y*365+y/4-y/100+y/400-2472633
if 1%hh% LSS 20 set hh=0%hh%
if {%nn:~2,1%} EQU {p} if "%hh%" NEQ "12" set hh=1%hh%&set/a hh-=88
if {%nn:~2,1%} EQU {a} if "%hh%" EQU "12" set hh=00
if {%nn:~2,1%} GEQ {a} set nn=%nn:~0,2%
set /a hh=100%hh%%%100,nn=100%nn%%%100,ss=100%ss%%%100
set /a j=j*86400+hh*3600+nn*60+ss
endlocal&set %7=%j%&goto :EOF
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:SecsToDate %secs% yy mm dd hh nn ss
::
:: By:   Ritchie Lawrence, updated 2002-07-24. Version 1.1
::
:: Func: Returns a calendar date and time of day from the number of
::       elapsed seconds since 1st January 1970 00:00:00. For
::       NT4/2000/XP/2003.
::
:: Args: %1 seconds used to create calendar date and time of day (by val)
::       %2 var to receive year, 4 digits for all typical dates (by ref)
::       %3 var to receive month, 2 digits, 01 to 12 (by ref)
::       %4 var to receive day of month, 2 digits, 01 to 31 (by ref)
::       %5 var to receive hours, 2 digits, 00 to 23 (by ref)
::       %6 var to receive minutes, 2 digits, 00 to 59 (by ref)
::       %7 var to receive seconds, 2 digits, 00 to 59 (by ref)
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
setlocal ENABLEEXTENSIONS
set /a i=%1,ss=i%%60,i/=60,nn=i%%60,i/=60,hh=i%%24,dd=i/24,i/=24
set /a a=i+2472632,b=4*a+3,b/=146097,c=-b*146097,c/=4,c+=a
set /a d=4*c+3,d/=1461,e=-1461*d,e/=4,e+=c,m=5*e+2,m/=153,dd=153*m+2,dd/=5
set /a dd=-dd+e+1,mm=-m/10,mm*=12,mm+=m+3,yy=b*100+d-4800+m/10
(if %mm% LSS 10 set mm=0%mm%)&(if %dd% LSS 10 set dd=0%dd%)
(if %hh% LSS 10 set hh=0%hh%)&(if %nn% LSS 10 set nn=0%nn%)
if %ss% LSS 10 set ss=0%ss%
endlocal&set %7=%ss%&set %6=%nn%&set %5=%hh%&^
set %4=%dd%&set %3=%mm%&set %2=%yy%&goto :EOF
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

使用Powershell

最初的问题被标记为批处理文件"，因此我首先给出了Windows bat的答案.但是我想提一下，杀死运行时间超过30分钟的命名进程对于Powershell来说是微不足道的:

Using Powershell

The original question was tagged with "batch-file" so I gave the Windows bat answer first. But I wanted to mention killing a named process that has been running longer than 30 minutes is trivial to do with Powershell:

Get-Process firefox | 
    Where StartTime -lt (Get-Date).AddMinutes(-30) | 
    Stop-Process -Force

同样是杀死任务，因此请小心.如果您不熟悉Powershell，请参阅以下衬套的详细信息:

Again this is KILLING TASKS so please be careful. If you're not familiar with Powershell here's the breakdown of the one liner:

1. 使用Get-Process cmdlet获取本地计算机上正在运行的进程.此处输入了进程的名称firefox.如果需要，可以传递名称列表，并可以使用通配符.
2. Get-Process返回的过程对象通过管道传递到Where以在StartTime属性上进行过滤. Get-Date cmdlet用于获取作为DateTime类型的当前日期和时间.调用AddMinutes方法添加-30分钟，返回表示30分钟前的DateTime. -lt运算符(从技术上讲，这是一个切换参数)，指定小于运算.
3. 由Where返回的已过滤过程对象通过管道传递到Stop-Process cmdlet. -Force参数用于防止出现确认提示.

1. Use the Get-Process cmdlet to get the processes that are running on the local computer. Here the name of the process, firefox is passed in. If needed a list of names can be passed, and wildcards can be used.
2. The process objects returned by Get-Process are piped to Where to filter on the StartTime property. The Get-Date cmdlet is used to get the current date and time as a DateTime type. The AddMinutes method is called to add -30 minutes, returning a DateTime that represents 30 minutes ago. The -lt operator (technically, in this context, it's a switch parameter), specifies the Less-than operation.
3. The filtered process objects returned by Where are piped to the Stop-Process cmdlet. The -Force parameter is used to prevent the confirmation prompt.

以上，我使用了Powershell 3中引入的简化的Where语法.如果需要Powershell 2兼容性(这是在Windows XP上运行的最新版本)，则需要以下语法:

Above I've used the simplified Where syntax introduced in Powershell 3. If you require Powershell 2 compatibility (which is the latest version that runs on Windows XP), then this syntax is required:

Get-Process firefox | 
    Where { $_.StartTime -lt (Get-Date).AddMinutes(-30) } | 
    Stop-Process -Force

这里的花括号括了一个ScriptBlock. $_用于显式引用当前对象.

Here the curly braces enclose a ScriptBlock. $_ is used to explicitly reference the current object.

这篇关于如何终止运行超过30分钟的Windows进程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！