Finding parent process ID on Windows

后端未结

关注

 3  1710

死守一世寂寞

Problem

Given a process ID & command-line access on a remote Windows host, how can you find its parent\'s PID?

Solution

Given Marc B\'s answer,

相关标签:

3条回答

予麋鹿

2020-12-01 02:23

Based on joslinm's solution in the question, here's a snippet of how to use this in a batch script:

set PID=<this is the child process ID>
for /f "usebackq tokens=2 delims==" %%a in (`wmic process where ^(processid^=%PID%^) get parentprocessid /value`) do (
    set PARENT_PID=%%a
)

0 讨论(0)

终归单人心

2020-12-01 02:35

In powershell:

PS> wmic process  where '(processid=4632)' get 'processid,parentprocessid,executablepath'
ExecutablePath                                              ParentProcessId  ProcessId
C:\Program Files\Docker\Docker\Resources\com.docker.db.exe  4488             4632

0 讨论(0)

长发绾君心

2020-12-01 02:43

C:\> wmic process get processid,parentprocessid,executablepath|find "process id goes here"

0 讨论(0)