26

The Windows task manager has a column labeled Command Line that shows the command that started the given task, with all the switches and parameters, for example:

test.exe -V -A 127.0.0.1 -P 6062

Now I have to identify a certain task that is listening on a certain port and/or was called with a certain switch combination. My aim is to close the selected task, but not others, so if there are multiple test.exe tasks running, I cannot simply close all tasks returned by:

tasklist /fo csv /nh /fi "imagename eq test.exe"

Unfortunately it seems like neither tasklist nor pslist (here) is able to return the Command Line field. How can I overcome this problem?

Improve this question
5
  • Maybe you can do something with netstat -aon | grep \.0:6062 for port 6062 and the last column would be the PID of your program. Not sure if that sufficient for you. tasklist /FI "PID eq <PID>" would give your executable again.
    – Rik
    Commented Dec 2, 2013 at 14:25
  • @Rik Sadly, that is not sufficient, as the port itself is not enough to identify the correct task, so it is necessary to see the command line arguments too.
    – István Zachar
    Commented Dec 2, 2013 at 14:30
  • 1
    Can't imagine multiple programs listening on the same port... :) But it must be possible to get the parameters... process explorer from Sysinternals can show these in the gui. So the info must be somewhere.
    – Rik
    Commented Dec 2, 2013 at 15:13
  • Do you have use for a powershell command? Like <<< Get-WmiObject win32_process -Filter "name like '%test.exe'"|select CreationDate,ProcessId,CommandLine|ft -AutoSize` >>> See here
    – Rik
    Commented Dec 2, 2013 at 15:16
  • @Rik, the port is of course different, but I have to extract the command line arguments also to check whether the task is the one I need to kill.
    – István Zachar
    Commented Dec 2, 2013 at 15:18

3 Answers 3

Reset to default
48

How about this one:

wmic process where caption="test.exe" get commandline

And if you do this you also get the ProcessId to kill:

wmic process where caption="test.exe" get commandline,processid

wmic also has a switch to output to csv. So:

wmic /output:c:\temp\proc.csv process where caption="test.exe" get commandline,processid /format:csv

Note: If you get an error with the last one (Invalid XSL format (or) file name) you need to copy csv.xml from %WINDIR%\System32\wbem\en-US to %WINDIR%\System32\wbem. You can read about this bug here.

You could also use PowerShell:

Get-WmiObject win32_process -Filter "name like '%test.exe'"|select CreationDate,ProcessId,CommandLine|ft -AutoSize`
Improve this answer
4
  • Thanks, that's it, wmic solves the problem, and this concludes the day. :)
    – István Zachar
    Commented Dec 2, 2013 at 15:57
  • 1
    Perfect - this actually gives the full command line. In task manager, it only shows the first 300 characters or so.
    – ArtOfWarfare
    Commented May 8, 2019 at 13:42
  • why wmic returns empty commandlines for svchost.exe ?
    – Flash Thunder
    Commented Aug 20, 2021 at 12:14
  • @FlashThunder Because svchost.exe isn't started with commandlines. It gets it's commands another way and each svchost can process several services (not just one). What is the information you want from that process? For instance you can see the services with tasklist /svc.
    – Rik
    Commented Aug 22, 2021 at 15:20
0

Powershell 7:

get-process test | % commandline
Improve this answer
0

In Windows 11, at least, the top answer above did not work, as there is no "caption" column in wmic process output, so there was no result found. (And yes, I realize wmic is deprecated in Windows 11. It DOES still work.)

Instead, there are indeed other columns you could use for that WHERE clause, and they're available with wmic process list /?. Among those are of course name (for the process name)--and that processid (for the pid) mentioned above, so this worked for me instead:

wmic process where name="test.exe" get commandline,processid

One more thing: I found I had to be running an elevated command prompt (as admin) to see the commandline. Otherwise the ouput showed the commandline as empty:

CommandLine  ProcessId
             10496
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .