Recipe 10.2. Viewing the Properties of a Process
ProblemYou want to view the properties of a process. This includes the process executable path, command line, current working directory, parent process (if any), owner, and startup timestamp. SolutionUsing downloadable software
Some of this information can also be viewed using Windows Task Manager (taskmgr.exe). After starting taskmgr.exe, click on the Processes tab. Select View Using a command-line interfaceThe tasklist.exe command can display a subset of the properties described in the Problem section: > tasklist /v /FI "IMAGENAME eq <ProcessName>" /FO list Using VBScript' This code displays the properties of a process. ' ------ SCRIPT CONFIGURATION ------ intPID = 3280 ' PID of the target process strComputer = "." ' ------ END CONFIGURATION --------- WScript.Echo "Process PID: " & intPID set objWMIProcess = GetObject("winmgmts:\\" & strComputer & _ "\root\cimv2:Win32_Process.Handle='" & intPID & "'") WScript.Echo "Name: " & objWMIProcess.Name WScript.Echo "Command line: " & ObjWMIProcess.CommandLine WScript.Echo "Startup date: " & ObjWMIProcess.CreationDate WScript.Echo "Description: " & ObjWMIProcess.Description WScript.Echo "Exe Path: " & ObjWMIProcess.ExecutablePath WScript.Echo "Parent Process ID: " & ObjWMIProcess.ParentProcessId objWMIProcess.GetOwner strUser,strDomain WScript.Echo "Owner: " & strDomain & "\" & strUserDiscussionAnother option from the command line is to use wmic to harness the power of WMI. You can retrieve all of the properties defined by the Win32_Process class (see Table 7-3) by running this simple command: > wmic process list full And if you want to limit your retrieval to just a single process, use this command: > wmic process where name="snmp.exe" get /format:list |
Select Columns from the menu and check the boxes beside the properties you want to see.
EAN: 2147483647
Pages: 408