Windows – How to find parent process for child process if parent process is terminated

processwindowswindows-server-2008-r2

Is there a way to find out which process started a other process even after the parent process is terminated?

I tried to find something in the Win32_Process class via PowerShell but I did not find anything relevant.

Best Answer

The Win32_Process WMI class does tell you the ID of the process that spawned the child process. However, the ParentProcessID is not part of the default property set; you have to specifically ask for it.

PS C:\> Get-WmiObject Win32_Process | Select ProcessID, ParentProcessID | FT -Auto

ProcessID ParentProcessID
--------- ---------------
        0               0
        4               0
      364               4
      520             452
      576             452
      592             584
      632             576
      640             576
      724             632
      776             632
      840             584
      932             632
      956             632
     1020             632
      324             840
      508             632
      436             632
     1120             632
     1276             632

It's worth noting however that grandparent process IDs are not tracked.

Related Solutions

Windows – How to find what process is holding a file open in Windows

I've had success with Sysinternals Process Explorer. With this, you can search to find what process(es) have a file open, and you can use it to close the handle(s) if you want. Of course, it is safer to close the whole process. Exercise caution and judgement.

To find a specific file, use the menu option Find->Find Handle or DLL... Type in part of the path to the file. The list of processes will appear below.

If you prefer command line, Sysinternals suite includes command line tool Handle, that lists open handles.

Examples

c:\Program Files\SysinternalsSuite>handle.exe |findstr /i "e:\" (finds all files opened from drive e:\"
c:\Program Files\SysinternalsSuite>handle.exe |findstr /i "file-or-path-in-question"

Windows PowerShell – How to Diff Two Text Files

Figured it out myself. Because Powershell works with .net objects rather than text, you need to use get-content to expose the contents of the text files. So to perform what I was trying to do in the question, use:

compare-object (get-content one.txt) (get-content two.txt)

Best Answer

Related Solutions

Windows – How to find what process is holding a file open in Windows

Windows PowerShell – How to Diff Two Text Files

Related Topic