最近在研究PowerShell,发现一个有趣的问题:使用“Get-Process | Stop-Process”这个cmdlet修改系统,会出现什么情况?
首先,在读完本文前千万不要心急运行此cmdlet,特别是那些使用PowerShell来管理操作服务器的人员,否则后果很严重。
甚至我可以直接告诉你,你应该永远不要运行这个命令!
我在此给出我的powershell环境:
PS C:\Users\Administrator> $psversiontable Name Value ---- ----- PSVersion 5.0.10586.122 PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.10586.122 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1
这是一个带有管道分隔符的命令。我们把它分为两部分来分析。
1.“Get-Process”会检索每一个进程,下面是微软为其作出的解释。
The Get-Process cmdlet gets the processes on a local or remote computer. Without parameters, Get-Process gets all of the processes on the local computer. You can also specify a particula r process by process name or process ID (PID) or pass a process object through the pipeline to Get-Process. By default, Get-Process returns a process object that has detailed information about the process and supports met hods that let you start and stop the process. You can also use the parameters of Get-Process to get file version information for the program that runs in the process and to get the modules that the process loaded.
2.” Stop-Process”将尝试逐个终止每一个进程。
The Stop-Process cmdlet stops one or more running processes. You can specify a process by process name or process ID (PID), or pass a process object to Stop-Process. Stop-Process works only on processes running on the local c omputer. On Windows Vista and later versions of Windows, to stop a process that is not owned by the current user, you must start Windows PowerShell with the "Run as administrator" option. Also, you are prompted for confirmation unless you use the Force parameter.
这是一个及其危险的进程,类似本地安全权限(Local Security Authority)。
尝试结束所有进程的命令一般不会带来你希望看到的结果。
我无法在系统蓝屏的情况下打开其它任何软件,所以推荐那些希望尝试这个命令的人在虚拟机里运行。
最后,这是理解PowerShell管道数据传输的一个例子。这个命令在危害系统稳定性的背景下,可以通过给Get-Process这个cmdlet添加并指定name参数以减少风险,揭示了PowerShell管道ByValue方式实现管道参数绑定的过程。