Windows Server Cookbook for Windows Server 2003 and Windows 2000
Recipe 6.7. Viewing the Properties of a Process
Problem
You want to view the properties of a process. This includes the process executable path, command line, current working directory, parent process (if any), owner, and startup timestamp. Solution
Using a graphical user interface
Some of this information can also be viewed using Windows Task Manager (taskmgr.exe). After starting taskmgr.exe, click on the Processes tab. Select View
The tasklist.exe command can display a subset of the properties described in the Problem section. Here is an example that displays properties for a specific process: > tasklist /v /FI "IMAGENAME eq <ProcessName>" /FO list Using VBScript
' This code displays the properties of a process. ' ------ SCRIPT CONFIGURATION ------ intPID = 3280 ' PID of the target process strComputer = "." ' ------ END CONFIGURATION --------- WScript.Echo "Process PID: " & intPID set objWMIProcess = GetObject("winmgmts:\\" & strComputer & _ "\root\cimv2:Win32_Process.Handle='" & intPID & "'") WScript.Echo "Name: " & objWMIProcess.Name WScript.Echo "Command line: " & ObjWMIProcess.CommandLine WScript.Echo "Startup date: " & ObjWMIProcess.CreationDate WScript.Echo "Description: " & ObjWMIProcess.Description WScript.Echo "Exe Path: " & ObjWMIProcess.ExecutablePath WScript.Echo "Parent Process ID: " & ObjWMIProcess.ParentProcessId objWMIProcess.GetOwner strUser,strDomain WScript.Echo "Owner: " & strDomain & "\" & strUser
Discussion
Another option from the command line is to use wmic to harness the power of WMI. You can retrieve all of the properties defined by the Win32_Process class (see Table 6-3) by running this simple command: > wmic process list full
You can also limit the output to a single process. The following example retrieves the properties for the snmp.exe process: > wmic process where name="snmp.exe" get /format:list
See Also
Recipe 6.1 for a list of Win32_Process properties |