pidwindowswindows-command-prompt
On a database, I can get a list of all the currently running processes, and the sql command that kicked them off.
I'd like to do a similar thing on a windows box.
I can get the list of processes, but not the command line that kicked them off.
My question is: Given a PID on Windows – how do I find the command line instruction that executed it?
Assumptions:
I've had success with Sysinternals Process Explorer. With this, you can search to find what process(es) have a file open, and you can use it to close the handle(s) if you want. Of course, it is safer to close the whole process. Exercise caution and judgement.
To find a specific file, use the menu option Find->Find Handle or DLL... Type in part of the path to the file. The list of processes will appear below.
If you prefer command line, Sysinternals suite includes command line tool Handle, that lists open handles.
Examples
c:\Program Files\SysinternalsSuite>handle.exe |findstr /i "e:\" (finds all files opened from drive e:\"c:\Program Files\SysinternalsSuite>handle.exe |findstr /i "file-or-path-in-question"
Best Answer
Powershell and WMI.
Or
Note that you have to have permissions to access this information about a process. So you might have to run the command as admin if the process you want to know about is running in a privileged context.