{"id":651,"date":"2014-09-20T00:01:00","date_gmt":"2014-09-20T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2014\/09\/20\/weekend-scripter-playing-with-powershell-processes-and-events\/"},"modified":"2014-09-20T00:01:00","modified_gmt":"2014-09-20T00:01:00","slug":"weekend-scripter-playing-with-powershell-processes-and-events","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/weekend-scripter-playing-with-powershell-processes-and-events\/","title":{"rendered":"Weekend Scripter: Playing with PowerShell Processes and Events"},"content":{"rendered":"

Summary<\/b>: Microsoft Scripting Guy, Ed Wilson, talks about playing with processes and events in Windows PowerShell.<\/span><\/p>\n

Microsoft Scripting Guy, Ed Wilson, is here. This morning I woke up and I had an idea. This happens to me sometimes. Not often. But occasionally. And here it was. I could not get it out of my mind…<\/p>\n

Can I use an event from a specific process? I wonder. I should be able to do this, but hmmmm. I know a process that I retrieve by using the Get-Process<\/b> cmdlet is really an instance of System.Diagnostics.Process. I also know that in addition to having methods and properties, it has events. Here are the events I get when I look at a specific process:<\/p>\n

PS C:\\> Get-Process notepad | Get-Member -MemberType Event<\/p>\n

   TypeName: System.Diagnostics.Process<\/p>\n

Name               MemberType Definition<\/p>\n

—-               ———- ———-<\/p>\n

Disposed           Event      System.EventHandler Disposed(System.Object, System.Event…<\/p>\n

ErrorDataReceived  Event      System.Diagnostics.DataReceivedEventHandler ErrorDataRec…<\/p>\n

Exited             Event      System.EventHandler Exited(System.Object, System.EventArgs)<\/p>\n

OutputDataReceived Event      System.Diagnostics.DataReceivedEventHandler OutputDataRe…<\/p>\n

Without getting all froggy and looking stuff up in MSDN, I figure that I have a pretty good idea of what an Exited<\/b> <\/i>event might really be—it is an event that is raised when a particular process exits.<\/p>\n

Let me try the Windows PowerShell console<\/h2>\n

I decided to launch Notepad, and then use the Get-Process<\/b> cmdlet to retrieve that instance of Notepad. Now I use the Register-ObjectEvent<\/b> cmdlet, supply the Process<\/b> object as an InputObject<\/b>, and I specify that I want to monitor for the Exited<\/b> event. In the action portion, I start Notepad, and I unregister the event subscriber.<\/p>\n

I press ENTER, and I wait.<\/p>\n

I close Notepad…<\/p>\n

And I wait.<\/p>\n

And I wait.<\/p>\n

And I wait.<\/p>\n

Nothing happens. Bummer.<\/p>\n

I press ENTER in the Windows PowerShell console, and suddenly Notepad reappears. Hmmm…I wonder if this is an STA\/MTA kind of thing. I launch Windows PowerShell in MTA mode (powershell –mta<\/b>) and in STA mode (powershell –sta<\/b>). Still nothing. It only works after I press ENTER. Bummer. Not such a good deal at this point. By the way, here is a screenshot:<\/p>\n

\"Image<\/a><\/p>\n

One of the nice things about using the Register-ObjectEvent<\/b> cmdlet is that it does not require me to launch an elevated Windows PowerShell console (or ISE). This is great because I seldom launch Windows PowerShell with elevated permission. Most of the time, I try things without elevation.<\/p>\n

What about the ISE?<\/h2>\n

I open the Windows PowerShell ISE and type my script:<\/p>\n

Start-Process notepad<\/p>\n

$n = Get-Process notepad<\/p>\n

$job = Register-ObjectEvent -InputObject $n -EventName exited -SourceIdentifier notepad -Action {<\/p>\n

    Start-Process notepad<\/p>\n

    Get-EventSubscriber | Unregister-Event }<\/p>\n

When I run the script, Notepad appears. Cool. I close Notepad, and it immediately reappears. Cool. If I close that instance of Notepad, however, Notepad remains closed. This is due to the fact that I am monitoring a specific instance of Notepad, and once I close that particular instance of Notepad, the new instance is a different process. Therefore, I cannot call the object event from that new process because I have not captured it in the $n<\/b> variable.<\/p>\n

Advantages?<\/h2>\n

Using Register-ObjectEvent<\/b> seems to have the following advantages for me:<\/p>\n