PowerShell tutorial part 3

In this tutorial we are going to focus on how to use Powershell’s operators and wildcards. We’ve learned that we can connect cmdlets together using the pipe (|) to pipeline results to the Where-Object cmdlet, which filters objects passed down that pipline. In this example;

dir c:windows | where {$_.length -gt 500000}

objects from the Get-ChildItem (which is called by the dir alias) cmdlet are piped to the Where-Object cmdlet in c:Windows, except for those that are larger then 500000 bytes. Now if you’ll notice, the Where-Object cmdlet includes an expression in brackets {}. The text in those brackets means that the value of the length property ($_.length) must be greater than (-gt) 500000. The $_ symbol references the current object in this pipeline.

Powershell provides a set of operators you can use to create expressions that you can then incorporate into your statements. Expressions are bits of code that gets processed by PowerShell. The results of those are then used to determine the proper action to take. In the previous example PowerShell determined whether or not the Where-Object was true or false. When the expression is determined to be true in this example, that is saying that the current objects Length property is greater then 500000 and that object is passed down the pipeline and displayed as output. If the expression was determined to be false then the current objects Length property would be discarded and not displayed in the output.

Comparison operators compare values. Powershell uses comparison operators to compare the value to the left of the operator to the value to the right.

dir c:windows | where {$_.length -lt 500000}

in this example the -lt (less than) operator does the opposite as the -gt (greater than) operator, and it returns only the results who’s length property was less than 500000. The only difference between our two examples is our comparison operator -lt and -gt.

other comparison operators you can use are;

1. -eq – equal to
2. -ne – not equal to
3. -gt – greater than
4. -ge – greater than or equal to
5. -lt – less than
6. -le – less than or equal to
7. -like – uses wildcards to find matching patterns
8. -notlike – uses wildcards to find non matching patterns
9. -match – uses regular expressions to find matching patterns
10. -notmatch – uses regular expressions to find non matching patterns
11. -contains – determines whether the value on the left side of the operator contains the value on the right
12. -notcontains – determines whether the value on the left side of the operator does not contain the value on the right
13. -replace – replaces part or all of the value on the left side of the operator

All comparison operators perform case-insensitive comparisons. You can make any comparison case-sensitive by adding the letter c to the operator, such as (-ceq)

Wildcards are almost necessary these days and in PowerShell that is not exception. Here are a list of wildcards for you to use in your code.

1. * – matches zero or more of any character
2. ? – matches any one character
3. [char-char] – matches a range of sequential characters
4. [char…] – matches any one charachter in a set of characters

you can use the -like operator to return processes created by google

get-process | where {$_.company -like "*google*"}

The asterisk matches zero or more characters so any process matching google with other characters will be returned as results.

Logical operators are used when you would like to take more then one step to determine a specific action.

get-process where {($_.handles -gt 500) ` -or ($_.pm -ne 0)}

this example will return a list of the running processes on your system. At least one of the conditions specified must evaluate to true for a result to be created. Specifically a process must have a handle cout greater than 500 or the paged memory size must not equal 0 or both. Here are some other logical operators

1. -and – both conditions must be true for the expression to evaluate as true
2. -or – one or both conditions must be true for the expression to evaluate as true
3. -not – specified condition must be false for the expression to evaluate as true
4. ! – specified condition must be false for the expression to evaluate as true

Powershell also supports arithmetic operations by using arithmetic operators.

1. + – addes two values
2. – – subtracts one value from another
3. – – converts a value to a negative number
4. * – multiplies two values
5. / – divides two values
6. % – returns the remainder from divided numbers

you can use arithmetic operators to join strings also.

"this is my" + " joined sentance"

when you type this example into powershell, you get the result ” this is my joined sentance”. The + operator added the two phrases together.