问题
Why I ask is that my program uses 3rd party software that sometimes leaves behind orphan processes that have no link back to my program or the 3rd party process. These orphan processes start to add up and consume tons of resources over time. I would like to kill them off periodically, but in order for me to do that, I need to know for sure they were created by my program and not some other program. I have viewed the orphan processes in Process Explorer and when looking at the properties of the process, I see a field called "Current Directory". The current directory for the orphaned process is the install directory of my program. This would give me reassurance I am killing a process created by my program.
Since these processes are created by a 3rd party, I need to just kill them after they are created by running taskkill on them or something. Is there a way to figure out the current working directory of a process using out of the box windows commands in a batch file? If this can be done through wmic queries that would be preferable, but I cannot seem to find the current working directory when using wmic. I assume if Process Explorer is able to obtain this info, I should be able to get it too through some batch commands.
回答1:
tlist from WDK to the rescue! The 2nd line of its output ("CWD: ...") shows the working directory of a process:
> tlist 944
944 postgres.exe
CWD: D:\Lab\Database\pgsql\test\
CmdLine: "D:/Tools/pgsql/bin/postgres.exe" -D "."
VirtualSize: 221116 KB PeakVirtualSize: 242620 KB
WorkingSetSize: 17076 KB PeakWorkingSetSize: 19336 KB
NumberOfThreads: 4
9084 Win32StartAddr:0x00000000 LastErr:0x00000000 State:Waiting
8504 Win32StartAddr:0x00000000 LastErr:0x000000b7 State:Waiting
8616 Win32StartAddr:0x00000000 LastErr:0x00000000 State:Waiting
7468 Win32StartAddr:0x00000000 LastErr:0x00000000 State:Waiting
9.3.5.14202 shp 0x0000000000400000 D:\Tools\pgsql\bin\postgres.exe
6.1.7601.18247 shp 0x00000000770D0000 C:\Windows\SYSTEM32\ntdll.dll
...
See the doc for more info.
回答2:
Handle is an utility that displays information about open handles for any process in the system. You can use it to see the programs that have a file open, or to see the object types and names of all the handles of a program.
Its GUI-based version is Process Explorer .
handle -p yourProcess.exe > log.txt
It'll list all handles for yourProcess.exe in log file and now using batch command you can easily extract 'current working directory' of yourProcess from log.txt.
added by barlop
here is the output.. for process c:\tinyweb\tiny.exe run from c:\tinyweb\rrr
C:\Users\user>handle -p tiny.exe
Nthandle v4.1 - Handle viewer
Copyright (C) 1997-2016 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
tiny.exe pid: 20668 compA\user
10: File C:\Windows
1C: File C:\tinyweb\rrr
9C: File C:\tinyweb\rrr\access_log
A0: File C:\tinyweb\rrr\agent_log
A4: File C:\tinyweb\rrr\error_log
A8: File C:\tinyweb\rrr\referer_log
E4: Section \Sessions\1\BaseNamedObjects\__wmhr_msgs_buffer_name$1e74
EC: File C:\Windows\winsxs\x86_microsoft.windows.common-controls_659
C:\Users\user>
If you want to parse it specifically then you could do it in pure cmd.exe with e.g. for /f, or with a third party scripting language like ruby, or with windows ports of various *nix style command line tools. This line uses such tools and gets it (obviously the following line requires grep and sed, preferably decent versions of them e.g. from cygwin)
C:\Users\harvey>handle -p tiny.exe | grep "pid:" -A 3 | sed -n "3p" | grep -o ".:[\]\S*"
C:\tinyweb\rrr
回答3:
The following will work, though you only need "CommandLine
" or "ExecutablePath
" - not both:
wmic process where "ProcessID=1111" get CommandLine, ExecutablePath
It will return something like the following, showing where the program for PID 1111 is running:
"C:\Program Files (x86)\Common Files\MyProgram\Agent\agent.exe"
来源:https://stackoverflow.com/questions/20576834/windows-batch-command-to-determine-working-directory-of-a-process