Recipe6.7.Viewing the Properties of a Process

Previous page
Table of content
Next page

Recipe 6.7. Viewing the Properties of a Process

Problem

You want to view the properties of a process. This includes the process executable path, command line, current working directory, parent process (if any), owner, and startup timestamp.

Solution

Using a graphical user interface

  1. Open the Sysinternals Process Explorer tool (procexp.exe).

  2. Double-click the process you want to view.

  3. The Image tab contains process properties.

Some of this information can also be viewed using Windows Task Manager (taskmgr.exe). After starting taskmgr.exe, click on the Processes tab. Select View Using a command-line interface

The tasklist.exe command can display a subset of the properties described in the Problem section. Here is an example that displays properties for a specific process:

> tasklist /v /FI "IMAGENAME eq <ProcessName>" /FO list

Using VBScript
' This code displays the properties of a process. ' ------ SCRIPT CONFIGURATION ------ intPID = 3280   ' PID of the target process strComputer = "." ' ------ END CONFIGURATION --------- WScript.Echo "Process PID: " & intPID set objWMIProcess = GetObject("winmgmts:\\" & strComputer & _                      "\root\cimv2:Win32_Process.Handle='" & intPID & "'") WScript.Echo "Name: " & objWMIProcess.Name WScript.Echo "Command line: " & ObjWMIProcess.CommandLine WScript.Echo "Startup date: " & ObjWMIProcess.CreationDate WScript.Echo "Description: " & ObjWMIProcess.Description WScript.Echo "Exe Path: " & ObjWMIProcess.ExecutablePath WScript.Echo "Parent Process ID: " & ObjWMIProcess.ParentProcessId objWMIProcess.GetOwner strUser,strDomain WScript.Echo "Owner: " & strDomain & "\" & strUser

Discussion

Another option from the command line is to use wmic to harness the power of WMI. You can retrieve all of the properties defined by the Win32_Process class (see Table 6-3) by running this simple command:

> wmic process list full

You can also limit the output to a single process. The following example retrieves the properties for the snmp.exe process:

> wmic process where name="snmp.exe" get /format:list

See Also

Recipe 6.1 for a list of Win32_Process properties


Previous page
Table of content
Next page
Windows Server Cookbook
Windows Server Cookbook for Windows Server 2003 and Windows 2000
ISBN: 0596006330
EAN: 2147483647
Year: 2006
Pages: 380
Authors: Robbie Allen
BUY ON AMAZON
CISSP Exam Cram 2
Snort Cookbook
SQL Hacks
Java Concurrency in Practice
Extending and Embedding PHP
Special Edition Using FileMaker 8
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy