1

Is there a way to capture a list of all of the processes executed on a machine and their command line arguments if any?

I know that process explorer will allow you to do this for a currently running process, but is there a way to do track what has been executed on a machine?

Super1337
  • 474
  • 2
  • 4
  • 9

3 Answers3

3

There is another (newish) tool from Sysinternals called sysmon, it runs as a service and logs every process start including its command line and its parent process to the Windows Event log.

It also logs other things such as file write access and even network connections but you can turn those off.

I've been running the service for a few months now and it is interesting to see all the processes started over time.

Peter Hahndorf
  • 13,763
  • 3
  • 37
  • 58
1

The Windows Performance Toolkit has an Analyzer and Recorder, which will not only list processes but show you a timeline, resource consumption, and a ton of other things in great fine-grained detail, which will probably do more to help the problem you're actually trying to solve, than a simple list of processes would.

mfinni
  • 35,711
  • 3
  • 50
  • 86
0

To capture a static (momentary) list of all of the processes executed on a machine and their command line arguments if any:

wmic process get name, CommandLine /FORMAT:Texttable.xsl>files\wmictable.txt

All properties:

wmic process list /FORMAT:Textvaluelist.xsl
JosefZ
  • 1,514
  • 1
  • 10
  • 18