Getting Windows Process Command Line

Windows Server 2008 and Windows 7 introduced a neat feature in the Task Manager that allows you to see the command line that instantiated the process. This is great for telling processes apart. Especially when svchost and others can have dozens of instances.

Just click View -> Select Columns and pick Command Line at the bottom.

But what if you have Windows Server 2003 or Server 2000? I found a few tricks. They’re not as clean but they work just as well.

This one just lists the processes, their PID and the “services” that are associated with them

tasklist /svc

This one makes a nice text file with much more info

wmic process get Name,ProcessId,CommandLine /format:table > wmic_task_list.txt

The text file lists the name, process id, command line and puts it in a table in a text file. Genius!

If you want to get really geeky you can see all the wmic options using this command. It can do some really nice output.

wmic process list /format /?

Hope this helps someone! I use it on a regular basis to find out why svchost is going bat shit crazy on my servers. We all know it likes to hit full cpu usage from time to time and these commands will help you find out which process is causing it.

Most often I’ve found that it has to do with Windows Updates but you never know.

 

 

Advertisements

Author: Helicopter Jeff

I'm a vinyl decal cutting and designing, Astrophotography and general photography capturing, RC helicopter/quad copter pilot, Arduino and Raspberry Pi hardware/software developer, network, scripting and troubleshooting ninja living in the metro NY area. I am passionate about my hobbies so much I do them for a living. There's nothing better than getting paid to do what you love.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s