ProcessDrive

0.1.0

en-US/about_ProcessDrive.help.txt

                                ---

title: about_ProcessDrive

---

# about_ProcessDrive

## Short Description

A PowerShell provider that navigates the Windows process tree as a drive.

## Long Description

ProcessDrive implements a NavigationCmdletProvider that mounts the Windows process

tree as a PowerShell drive. Use cd, dir, Get-Item, and Remove-Item to browse and

manage processes. Designed as a CLI alternative to Process Explorer (procexp.exe).

## Mounting the Drive

```powershell

New-ProcDrive          # Creates Proc:\

New-ProcDrive MyProc   # Custom drive name

```

## Process Tree Structure

```

Proc:\

├── chrome_21236\           # Process (Name_PID)

│   ├── chrome_18176\       # Child process

│   ├── [Modules]           # Virtual folder: loaded DLLs

│   ├── [Threads]           # Virtual folder: threads

│   ├── [Services]          # Virtual folder: associated services

│   └── [Network]           # Virtual folder: TCP/UDP connections

├── devenv_24032\

└── explorer_37760\

```

## Navigation

```powershell

cd Proc:\                       # Go to root

dir                             # List processes

dir -Recurse                    # Full process tree

cd chrome_21236                 # Enter a process (Tab completion works)

cd Modules                      # Enter virtual folder

cd ..                           # Go back to parent

cd \                            # Go back to root

```

## Process Details

```powershell

Get-Item Proc:\devenv_24032 | Format-List *

```

Displays memory breakdown, CPU time, I/O statistics, file version, and more.

## Searching Processes

```powershell

dir Proc:\ -Include note* -Recurse         # Search entire tree

dir Proc:\ -Include note* -Recurse -Force   # Refresh cache and search

```

## Killing Processes

```powershell

Remove-Item Proc:\notepad_1234              # Kill a process

Remove-Item Proc:\chrome_21236 -Recurse     # Kill entire process tree

```

## Caching

The process tree, Modules, and Services are cached for 10 seconds.

Use `dir -Force` to discard the cache and fetch fresh data.

Threads and Network are always fetched live.

## Pipeline Examples

```powershell

# Top memory consumers

dir Proc:\ | Sort-Object MemMB -Descending | Select-Object -First 10

# Find which processes loaded a specific DLL

dir Proc:\ | % { dir "Proc:\$($_.PSChildName)\Modules" -EA Ignore } | ? Name -like '*gdi*'

# All Established TCP connections with process names

dir Proc:\ | % {

    $n = $_.Name

    dir "Proc:\$($_.PSChildName)\Network" -EA Ignore |

        Select-Object @{N='Process';E={$n}}, Protocol, LocalAddress, RemoteAddress, State

} | ? State -eq 'Established'

# Export to CSV

dir Proc:\ -Recurse | Export-Csv processes.csv

```