AutoHotkey Homepage AutoHotkey Community
Let's help each other out
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

CmdLine - Advanced Process Lister [CMD]

 
Post new topic   Reply to topic    AutoHotkey Community Forum Index -> Utilities & Resources
View previous topic :: View next topic  
Author Message
BoBo
Guest
PostPosted: Wed Jan 12, 2005 12:15 pm    Post subject: CmdLine - Advanced Process Lister [CMD] Reply with quote
Quote:
DiamondCS CmdLine is a freeware process list tool for Windows NT4/2000/XP that allows you to see all processes on your system, including process IDs and full commandlines (with all parameters), and also has Unicode support.

How does it work?
CmdLine uses an undocumented technique discovered by DiamondCS to read the full commandline from every process, a trick that is basically achieved by reading memory in the right places. It doesn't use code injection or any other techniques that may cause unstability so it's very safe to use.

Here is some sample output from CmdLine running on a Windows 2000 workstation:

Quote:
172 - \??\C:\WINNT\system32\csrss.exe
C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On
SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
192 - \??\C:\WINNT\system32\winlogon.exe
winlogon.exe
224 - C:\WINNT\system32\services.exe
C:\WINNT\system32\services.exe
236 - C:\WINNT\system32\lsass.exe
C:\WINNT\system32\lsass.exe
408 - C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost -k rpcss
452 - C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\spoolsv.exe
532 - C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
608 - C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\MSTask.exe
1856 - C:\WINNT\Explorer.EXE
C:\WINNT\Explorer.EXE
372 - C:\WINNT\system32\cmd.exe
"C:\WINNT\system32\cmd.exe"
2240 - C:\WINNT\system32\mmc.exe
C:\WINNT\system32\mmc.exe "C:\WINNT\system32\services.msc" /s
2292 - C:\WINNT\System32\telnet.exe
"C:\WINNT\System32\telnet.exe" 10.0.0.2 25


The processes are typically listed in the order they were started, so the most recently run program is usually at the end of the list.

For each process, CmdLine displays 1) the process ID, 2) the full path and filename, and 3) the full command line, including parameters - a particularly unique quality of CmdLine that is found only in two other programs that we know of - our very own Advanced Process Manipulation (APM) tool, and Sysinternals' Process Explorer. APM uses a code injection technique to do this (a good indication of exactly how difficult this is), but DiamondCS CmdLine uses a different trick, which only uses safe memory reading techniques to do the job.

Parameters:
(none) Displays all processes.
-pid:<pid> Displays just one process.
-u Uses Unicode instead of ANSI.
-?, -help Displays this information.

[Download]


Cool
Back to top
Display posts from previous:   
Post new topic   Reply to topic    AutoHotkey Community Forum Index -> Utilities & Resources All times are GMT
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum


Powered by phpBB © 2001, 2005 phpBB Group