1

I have a process (testxx) running on my Database. Every time a user connects with the database the process will start separate session for. All processes include a private environment variable(Client-Nr) with different values. I want to invoke a particular process with the particular private environment variable. I used the following command:

Let's say there are 5x "testxx"-processes. I want to invoke the one process which has the value "Client-Two" in the private environment variable "Client-Nr".

Therefore, I use the following code:

get-process -name "testxx" | where-object {$env:Client-Nr -eq "client-Two"}

It didn't invoke the process I needed. I checked with the following command, if PowerShell recognize the private environment variable:

(get-process -Name "testxx").StartInfo.EnvironmentVariables

PowerShell didn't recognized this private environment variable. However, if I open "Process Hacker", choose the specific "testxx" process, I see the private environment variable "client-Nr" with that particular "Client-nr" value. How can I invoke this kind of private environment variable via PowerShell?

Improve this question

2 Answers 2

Reset to default
1

This is much more complicated than you'd think, because this information is only found in the kernel. The nicely documented GetEnvironmentStrings only works for the calling process.

If you want to go cross-process, you have to write a program that uses the NtQueryInformationProcess function and ReadProcessMemory function to search for this data inside the process memory.

You can find some of the required code in the CodeProject demo program of Get Process Info with NtQueryInformationProcess.

As an alternative, you create a DLL and do DLL injection to inject it into the processes memory space.

As I said, this is complicated.

Improve this answer
3
  • It would be simpler for all processes to record themselves on a text file with their PID and Client-Nr, that you could use for the selection.
    – harrymc
    Commented Sep 8, 2021 at 19:11
  • Isn't there any option, doing this with powershell ?
    – Keeran
    Commented Sep 10, 2021 at 11:44
  • You can call NtQueryInformationProcess and ReadProcessMemory from PowerShell. See an example.
    – harrymc
    Commented Sep 10, 2021 at 11:47
0

This is messy but not complicated using Python psutil.Process.environ() library function.

In one terminal

$ $ENV:test = 'abc'
$ $PID
108444

In another:

$ python -c 'import psutil; print(psutil.Process(pid=108444).environ()["TEST"])'
abc

(Notice the variable names are capitalized in Windows.)

The documentation says:

Note: this might not reflect changes made after the process started.

but it appears to update in real time on Windows 10.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .