If you ever need to figure out what the command line is for a sub-invoked or child process, here are some tips:

 

1). Enable the "Command Line" column in Task Manager

 

This is a simple and effective way to grab the command line if, A) you know the process name you're looking for, and B) the process sticks around long enough for you to capture the command line info. Unfortunately, no Copy and Paste is available, and the parent->child hierarchy is not shown.

TOTW_TaskManager.jpg

 

2). Process Explorer - A great freeware tool from Microsoft. It's Task Manager on steroids!

 

Process Explorer includes a command line field similar to Task Manager, but adds the process hierarchy so you can quickly identify a parent process and one or more of its children. Right-click (or double-click) on the desired process and select "Properties", and the command line information (can be copied!) is available from the "Image" tab.

 

One drawback with Process Explorer, is when a sub-invoked (child) process only runs for a short while. If you're not quick enough you won't be able to grab the process info! For these cases consider Process Monitor (#3 below).

TOTW_ProcessExplorer.jpg

 

3). Process Monitor - Another great freeware tool from Microsoft. It's Process Explorer plus a whole lot more!

 

Process Monitor is a utility that logs process, file system, registry, and network activity. It's not for the faint of heart, but can be extremely useful in troubleshooting very difficult application problems or crashes. When it comes to capturing the command line of a sub-invoked process, it's a champ! Not only can you capture the process hierarchy, but since it's a logging tool you can grab (and copy) the command line info even if the process runs for only a split-second.

 

Follow the screen-shots with directions below:

TOTW_ProcessMonitor.jpg

 

After clicking the "Show Process Tree" icon:

TOTW_ProcessMonitor2.jpg