{"id":1697,"date":"2026-06-04T19:41:55","date_gmt":"2026-06-04T11:41:55","guid":{"rendered":"https:\/\/www.jumoon.top\/?p=1697"},"modified":"2026-06-04T19:45:55","modified_gmt":"2026-06-04T11:45:55","slug":"powershell-%e6%9f%a5%e7%9c%8b%e7%94%b5%e8%84%91%e5%bc%80%e5%85%b3%e6%9c%ba%e8%ae%b0%e5%bd%95","status":"publish","type":"post","link":"https:\/\/www.jumoon.top\/?p=1697","title":{"rendered":"PowerShell \u67e5\u770b\u7535\u8111\u5f00\u5173\u673a\u8bb0\u5f55"},"content":{"rendered":"\n<p class=\"has-text-align-center\">PowerShell \u67e5\u770b\u7535\u8111\u5f00\u5173\u673a\u8bb0\u5f55<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"476\" height=\"187\" src=\"https:\/\/www.jumoon.top\/wp-content\/uploads\/2026\/06\/powershellbootlog1.png\" alt=\"\" class=\"wp-image-1706\" srcset=\"https:\/\/www.jumoon.top\/wp-content\/uploads\/2026\/06\/powershellbootlog1.png 476w, https:\/\/www.jumoon.top\/wp-content\/uploads\/2026\/06\/powershellbootlog1-300x118.png 300w\" sizes=\"auto, (max-width: 476px) 100vw, 476px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"823\" src=\"https:\/\/www.jumoon.top\/wp-content\/uploads\/2026\/06\/powershellbootlog-1024x823.png\" alt=\"\" class=\"wp-image-1698\" srcset=\"https:\/\/www.jumoon.top\/wp-content\/uploads\/2026\/06\/powershellbootlog-1024x823.png 1024w, https:\/\/www.jumoon.top\/wp-content\/uploads\/2026\/06\/powershellbootlog-300x241.png 300w, https:\/\/www.jumoon.top\/wp-content\/uploads\/2026\/06\/powershellbootlog-768x617.png 768w, https:\/\/www.jumoon.top\/wp-content\/uploads\/2026\/06\/powershellbootlog.png 1132w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code># \u4ece System \u65e5\u5fd7\u4e2d\u83b7\u53d6\u5f00\u673a(6005)\u548c\u5173\u673a(6006)\u4e8b\u4ef6\u5e76\u6392\u5e8f\n$events = Get-WinEvent -FilterHashtable @{LogName='System'; ID=6005,6006} | \n    Select-Object TimeCreated, Id | \n    Sort-Object TimeCreated\n\n# \u914d\u5bf9\u5904\u7406\n$results = &#91;System.Collections.Generic.List&#91;PSObject]]::new()\n$bootTime = $null\n\nforeach ($e in $events) {\n    if ($e.Id -eq 6005) {\n        # \u5982\u679c\u5df2\u6709\u672a\u914d\u5bf9\u7684\u5f00\u673a\u65f6\u95f4\uff0c\u8bf4\u660e\u4e0a\u6b21\u672a\u6b63\u5e38\u8bb0\u5f55\u5173\u673a\uff08\u5982\u65ad\u7535\u3001\u65e5\u5fd7\u6e05\u9664\uff09\n        if ($null -ne $bootTime) {\n            $results.Add(&#91;PSCustomObject]@{\n                \u5f00\u673a\u65f6\u95f4 = $bootTime.ToString(\"yyyy-MM-dd HH:mm:ss\")\n                \u5173\u673a\u65f6\u95f4 = \"\u672a\u8bb0\u5f55\/\u5f02\u5e38\u65ad\u7535\"\n            })\n        }\n        $bootTime = $e.TimeCreated\n    }\n    elseif ($e.Id -eq 6006) {\n        if ($null -ne $bootTime) {\n            $results.Add(&#91;PSCustomObject]@{\n                \u5f00\u673a\u65f6\u95f4 = $bootTime.ToString(\"yyyy-MM-dd HH:mm:ss\")\n                \u5173\u673a\u65f6\u95f4 = $e.TimeCreated.ToString(\"yyyy-MM-dd HH:mm:ss\")\n            })\n            $bootTime = $null\n        }\n    }\n}\n\n# \u5904\u7406\u6700\u540e\u4e00\u6b21\u5f00\u673a\uff08\u5f53\u524d\u4ecd\u5728\u8fd0\u884c\u7684\u60c5\u51b5\uff09\nif ($null -ne $bootTime) {\n    $results.Add(&#91;PSCustomObject]@{\n        \u5f00\u673a\u65f6\u95f4 = $bootTime.ToString(\"yyyy-MM-dd HH:mm:ss\")\n        \u5173\u673a\u65f6\u95f4 = \"\u5f53\u524d\u8fd0\u884c\u4e2d\"\n    })\n}\n\n# \u4ee5\u8868\u683c\u5f62\u5f0f\u8f93\u51fa\n$results | Format-Table -AutoSize<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>PowerShell \u67e5\u770b\u7535\u8111\u5f00\u5173\u673a\u8bb0\u5f55<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","site-transparent-header":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[19],"tags":[],"class_list":["post-1697","post","type-post","status-publish","format-standard","hentry","category-19"],"_links":{"self":[{"href":"https:\/\/www.jumoon.top\/index.php?rest_route=\/wp\/v2\/posts\/1697","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jumoon.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jumoon.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jumoon.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jumoon.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1697"}],"version-history":[{"count":5,"href":"https:\/\/www.jumoon.top\/index.php?rest_route=\/wp\/v2\/posts\/1697\/revisions"}],"predecessor-version":[{"id":1707,"href":"https:\/\/www.jumoon.top\/index.php?rest_route=\/wp\/v2\/posts\/1697\/revisions\/1707"}],"wp:attachment":[{"href":"https:\/\/www.jumoon.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1697"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jumoon.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1697"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jumoon.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1697"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}