6.7. Viewing the Properties of a Process

Problem

You want to view the properties of a process. This includes the process executable path, command line, current working directory, parent process (if any), owner, and startup timestamp.

Solution

Using a graphical user interface

  1. Open the Sysinternals Process Explorer tool (procexp.exe).

  2. Double-click the process you want to view.

  3. The Image tab contains process properties.

Some of this information can also be viewed using Windows Task Manager (taskmgr.exe). After starting taskmgr.exe, click on the Processes tab. Select View Select Columns from the menu, and check the boxes beside the properties you want to see.

Using a command-line interface

The tasklist.exe command can display a subset of the properties described in the Problem section. Here is an example that displays properties for a specific process:

> tasklist /v /FI "IMAGENAME eq <ProcessName>" /FO list

Using VBScript

' This code displays the properties of a process. ' ------ SCRIPT CONFIGURATION ------ intPID = 3280 ' PID of the target process strComputer = "." ' ------ END CONFIGURATION --------- WScript.Echo "Process PID: " & intPID set objWMIProcess = GetObject("winmgmts:\\" & strComputer & _ "\root\cimv2:Win32_Process.Handle='" & intPID & "'") WScript.Echo "Name: " & objWMIProcess.Name WScript.Echo "Command line: " & ObjWMIProcess.CommandLine WScript.Echo "Startup date: " & ObjWMIProcess.CreationDate WScript.Echo "Description: " & ObjWMIProcess.Description WScript.Echo "Exe Path: ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.