get process name from it's own description?

Question

How can I get the process name from computer memory by using loop depending on the process description ?

Example:

My program name is "dev.exe" in memory and its description is "a tool for helping php developers"

Is there any way to find my process name by using process description even if the user change the name?

Can we do this an autoit or cmd or wmic?

Answer 1

I found this link trying to solve the same problem. Building off the existing answer, a simple line that can be added to an existing script:

 Get-Process | where {$_.Description -like '*note*'} | select Path, Description, ProcessName

Example output:

    Path                                                         Description          ProcessName
----                                                         -----------          -----------
C:\Windows\system32\notepad.exe                              Notepad              notepad
C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE  Microsoft OneNote    ONENOTE
C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE Send to OneNote Tool ONENOTEM

Answer 2

How do I find a running Process Name given it's "File description" property value?

Improved solution (thanks to @BenN following discussion in chat):

Use the following PowerShell Script (Get-ProcessName.ps1).

$_match=$Args[0].ToLowerInvariant()
Get-Process | where {$_.Description -ne $null -and $_.Description.ToLowerInvariant().Contains($_match)} | select Path, Description, ProcessName

Notes:

• The first parameter passed to the script is used to perform a case insensitive search within the "File description" property value.
• Passing "notepad" will match both "notepad.exe" and "notepad++.exe" if they are both running.

Example output:

PS F:\test> .\Get-ProcessName notepad

Path                                                               Description                                                        ProcessName
----                                                               -----------                                                        -----------
C:\Windows\system32\notepad.exe                                    Notepad                                                            notepad
E:\LiberKey\Apps\Notepad++\App\Notepad++\notepad++.exe             Notepad++ : a free (GNU) source code editor                        notepad++
E:\LiberKey\Apps\Notepad++\App\Notepad++\notepad++.exe             Notepad++ : a free (GNU) source code editor                        notepad++


PS F:\test>

---

Original solution:

Use the following Powershell Script (Get-ProcessName.ps1).

$_name=$Args[0]
$_match="*"+$Args[0]+"*"
Get-Process | ForEach {
  if ($_.Path) {
    $_filedescription=(Get-Item $_.Path).VersionInfo.FileDescription 
    if ($_filedescription -like $_match) {
      Write-Output "File Description: '$_filedescription', Process Path: '$($_.Path)', Process Name: '$($_.ProcessName)'"
      }
    }
  }

Notes:

• The first parameter passed to the script is used to perform a "wildcard" case insensitive search within the "File description" property value.
• If you pass string it will search using *string* and will match string anywhere within the "File description" property
• Passing "notepad" will match both "notepad.exe" and "notepad++.exe" if they are both running.
• The script outputs the "File Description", "Process Path" and "Process Name.

Example output:

PS F:\test> .\Get-ProcessName notepad
File Description: 'Notepad', Process Path: 'C:\Windows\system32\notepad.exe', Process Name: 'notepad'
File Description: 'Notepad++ : a free (GNU) source code editor', Process Path: 'E:\LiberKey\Apps\Notepad++\App\Notepad++\notepad++.exe', Process Name: 'notepad++'
File Description: 'Notepad++ : a free (GNU) source code editor', Process Path: 'E:\LiberKey\Apps\Notepad++\App\Notepad++\notepad++.exe', Process Name: 'notepad++'
PS F:\test>

Notes:

• "notepad++.exe" has two processes in memory when running the portable version.