Menu
Given a process ID & command-line access on a remote Windows host, how can you find its parent's PID?
Given Marc B's answer, we can use WMIC (Command samples here) and do something like this:
wmic process where (processid=PROCID_HERE) get parentprocessid
675
Type the simply “pstree” command with the “-p” option in the terminal to check how it displays all running parent processes along with their child processes and respective PIDs. It shows the parent ID along with the child processes IDs.
Typically, when a user runs a command prompt, the parent process is explorer.exe or another instance of the prompt. There may be automated programs, logon scripts, or administrative tools that launch instances of the command prompt in order to run scripts or other built-in commands.
Open a CMD prompt. Type in the command: netstat -ano -p tcp. You'll get an output similar to this one. Look-out for the TCP port in the Local Address list and note the corresponding PID number.
Use Of Tasklist Command First of all open the Start Screen and type Cmd utility in search box then click on the search button. Click on the cmd utility icon; it opens a command-line window. Type Tasklist in it and press the enter key. This command shows all the running processes in your system.
C:\> wmic process get processid,parentprocessid,executablepath|find "process id goes here" If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
