5

I know the tasklist command in Windows will give a list of task names and their PID. There is another command WMIC path win32_process get Commandline which does give more detailed information, but its output is much messier and sometimes unpredictable (so its very hard to write a pattern/regex against it, especially with findstr in MSDOS!)

So, I am wondering in Windows, is there a way to query the task manager directly to find an image name and the command line part of it? I figure if the task manager itself can find this information, there must be a way.

I'd greatly prefer this to be done in a Batch script, but if using something more sophisticated (such as using .NET or VB) is needed, an example would be great!

Task Manager Example

E.S.
  • 155
  • 1
  • 5

2 Answers2

8

Powershell:

Get-WmiObject Win32_Process | Select Name, ProcessId, CommandLine
Ryan Ries
  • 55,011
  • 9
  • 138
  • 197
  • Nice! That does get the information I need, only I notice lines get cut off if they are too long. I'd actually rather the lines do get printed out (no wrapping either) since I just pipe the output anyway. For example: `"C:\Program Files\Internet Explorer\iexplore.exe" C:\6dof\NXT49L02\NXT49L02 ...` Instead of the `...` at the end, I'd rather it just spit the whole thing out – E.S. May 18 '15 at 19:47
  • 1
    Add `| FL` at the end of the command to format the output as a list. That fully expands all command lines for me, though unless your terminal is like 1000 characters wide, you will get some word wrap. – Ryan Ries May 18 '15 at 19:50
  • 2
    Also keep in mind that you may need to run this command as administrator to get this data from processes running at a higher privilege level than you (such as services, etc.) – Ryan Ries May 18 '15 at 19:52
  • I noticed this powershell querey feels a bit like a SQL query. Is there a way to say `powershell "gwmi Win32_Process | Select Name, ProcessId, CommandLine | WHERE Name = XYZ"`? Edit I think I got it. `| WHERE {$_.name -Match 'mongod.exe'}` – E.S. May 18 '15 at 20:04
  • 1
    @E.S. Yes there is. `gwmi -Query "SELECT * FROM Win32_Process WHERE ProcessID = 888"` The language is called WQL - WMI Query Language. :) – Ryan Ries May 19 '15 at 00:57
  • 1
    @E.S. You could also do `gwmi Win32_Process | Where { $_.ProcessName -EQ 'chrome.exe' }` ... The difference is that in the first example, WMI does the filtering before returning the result to Powershell. In the second example, WMI returns all the results, and then Powershell does the filtering. – Ryan Ries May 19 '15 at 01:09
1

Have a look at PowerShell and the Get-Process command; it can give you any info you'll find in the Task Manager, and a lot more.

https://technet.microsoft.com/en-us/library/hh849832.aspx
https://technet.microsoft.com/en-us/library/ee176855.aspx

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • I cannot find the command line in the output of `Get-Process`. Can you please elaborate? – Ryan Ries May 18 '15 at 18:54
  • 1
    Looks like `Get-Process` doesn't provide that information; you'll have to go with WMI as per the other answer. – Massimo May 18 '15 at 19:05
  • "Get-Process explorer | Get-Member" will enumerate the properties available. Nothing seems to list the CommandLine value you get from WMI. – blaughw May 19 '15 at 00:01