Menu
For a given Windows process I want to know with what command line parameters it was started. The Windows Task Manager is able to show that.
660
Task Manager can be opened in a number of ways, but the simplest is to select Ctrl+Alt+Delete, and then select Task Manager. In Windows, first click More details to expand the information displayed. From the Processes tab, select Details to see the process ID listed in the PID column. Click on any column name to sort.
Use the tasklist command to see the list of running processes in Windows. To view the list of the processes that are currently running, you can use the tasklist command, both in Command Prompt and PowerShell. Type tasklist and press Enter.
Assuming you know the process ID, use OpenProcess to get a handle to it (this requires elevated privilege as noted in the docs). Then use NtQueryInformationProcess to get detailed process info. Use the ProcessBasicInformation option to get the PEB of the process - this contains another structure pointer, through which you canget the command line.
190
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
