0

I have a program in Windows 7 that launches ffmpeg in an external command prompt window but it is impossible to see what arguments were passed in.

Is there a way to see what arguments were given?

Improve this question
6
  • 1
    ProcessExplorer (from Microsoft) can do this as well. It even have a handy tree view.
    – billc.cn
    Commented Jan 7, 2016 at 20:37
  • @Ƭᴇcʜιᴇ007 This question does not mention a running program, just a program that was launched, which may have long ended before one had a chance to look at a list of running processes in their favorite utility. As such, I don't see the reason to mark it as a duplicate.
    – dxiv
    Commented Jan 8, 2016 at 3:35
  • @dxiv You should edit your question to make that clear. At the moment it doesn't mention you requirement to know about a program that has already ended (which by the way invalidates my answer). If you don't update the question it probably won't get reopened.
    – DavidPostill
    Commented Jan 8, 2016 at 9:21
  • @DavidPostill It's obviously not my question (though I edited the title to better match the contents). It is true that the question does not mention the program having ended, but it also doesn't mention it having not ended (and, as it happens, there do exist quick ffmpeg tasks that can take a fraction of a second to complete). Marking the question outright as a duplicate relies on the additional assumption that the program is still running, which is simply not present in the question as asked. A request to clarify, or flag for insufficient information, would have been more appropriate.
    – dxiv
    Commented Jan 9, 2016 at 1:31
  • @dxiv Apologies, I mistook you for the OP. In that case if the OP thinks it is not a duplicate it is up to him to edit his question, say why it is not a duplicate for him, and it will go into the reopen queue.
    – DavidPostill
    Commented Jan 9, 2016 at 9:08

2 Answers 2

Reset to default
1

Is there a way to see what arguments were given?

ProcessHacker (a Task Manager replacement) will display the command line arguments for any selected process:

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.

Example:

F:\test>cmd /c test.cmd

F:\test>echo off
Press any key to continue . . .

In ProcessHacker:

  1. Select the process you are interested in.

    There may be several cmd shell processes running and you will have to make sure you select the correct one. Hovering over the process name will show the command line so you know the correct one to select:

    enter image description here

  2. Right click and select "Properties" or just press Enter.

  3. The resulting "Properties" dialog shows the command line used to start the process.

    enter image description here

Disclaimer

I am not affiliated with ProcessHacker in any way, I am just an end user of the software.

Improve this answer
1
  • Windows' built-in Task Manager also shows the full command line for a running process under the Command Line column in the Processes tab, so there is no real need for a 3rd party utility. That said, if the process closes too quickly to catch a glimpse of its command line in the list of running processes, then @Craig620's answer works better.
    – dxiv
    Commented Jan 8, 2016 at 3:29
1
  1. Edit local policy and enable "Audit Process Tracking" (secpol.msc)
  2. Install KB3004375 and reboot https://support.microsoft.com/en-us/kb/3004375
  3. Enable Audit Process Creation/Include CLI (gpedit.msc)

  4. If you're using Win7 Home instead of professional you won't have gpedit.msc. Regedit to HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit. Set key ProcessCreationIncludeCmdLine_Enabled = 1

  5. Run the program that launches FFMEG

  6. Review the security event log for event ID 4688

auditPol

auditCli

4688

Improve this answer
1

Not the answer you're looking for? Browse other questions tagged .