«
»

How to get commandline parameters from running tasks

I had an interesting issue earlier today. I had an issue where there were a large number of run away / zombie processes that were being spawned under the generic ‘cscript.exe’ process. This was a problem as I didnt actually know what the script was actually running. Obviously I needed to get the command lines being passed into it cscript to determine what and where the culprit actually was. While this is trivial under Windows 2008, its not so obvious/simple under Windows 2003 or XP – and apparently my Google mojo failed me as it took much longer to find than it really should have done!

The simple answer is that tlist.exe is your friend. The only problem is that Microsoft (in its infinite wisdom) has removed all references as to where you can actually get this handy dandy tool. The command line reference can be found at this MSDN site TList commands, but also no download links – that would have been far too easy.

I eventually found this hidden gem in the Microsoft Debugging Tools For Windows site. From here download the “Install Debugging Tools for Windows 32-bit Version” or 64 bit version and that will install a copy of TList onto your machine. Mine was installed into this handy location “C:\Program Files\Debugging Tools for Windows (x86)\” and still there is no reference to the Tlist utility in the start menu.

So if you now have the tool its pretty easy to use:

  • tlist -m *fire* = Lists all processes have have the name fire in them
  • tlist -m cscript.exe -c = Lists all the command lines for all cscript processes

    Update


Since then I’ve found the other ways to do this:

WMIC /OUTPUT:C:\ProcessList.txt PROCESS get Caption,Commandline,Processid

See http://windowsxp.mvps.org/listproc.htm for more details.

And the truly nice thing about this one is that it comes installed by default :-) , granted its not obvious – but it is available.

Hope this helps someone out there,

Gareth

This entry was posted on Monday, May 18th, 2009 at 10:52 pm and is filed under HandyTech. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “How to get commandline parameters from running tasks”

  1. Shane says:
    May 19, 2009 at 7:26 am

    Shirley something from http://www.sysinternals.com would have worked as well as tlist and been easier to find…

  2. Gareth says:
    May 19, 2009 at 11:24 am

    I believe you can get the command line information from ProcessExplorer. I would have thought PSList would have done it, but my version certainly didnt have that. That all being said WMIC is the best option for me as it doesnt require any ‘new’ software to be installed on a production machine – always a good thing :-)

Leave a Reply