I'm looking for a way to figure out the command-line arguments of any windows service.

For a non-service process, the command-line arguments can be found in the Windows Task Manager, or programmatically by using WMI as shown in this post.

Unfortunately, these two solutions don't work for a windows service that is started by the ServiceController.Start(String[] args) method. Both of them show only the executable file path in the command-line, even though some arguments were passed in.

1. Could someone explain the difference between two scenarios (service v.s. non-service process)?
2. Is there a way to figure out the arguments of the windows service?

UPDATE:

I also tried creating a simple service that just logs any command-line arguments it has to the event log. I started it using "sc.exe start <my service> <arg1>" and verified that <arg1> was written to the event log. However, none of the solutions has worked for me. What I saw was still only the path to the executable file. My OS version is Windows Server 2008 R2 SP1 x64 Enterprise.

There are two types of arguments for services

• arguments that were passed on the process start command line. You can get to those easily using Process Explorer, etc..
• arguments that were passed to the ServiceMain function. This is the WIndows API that a service is supposed to implement. The .NET equivalent is ServiceBase.OnStart. This is what is used when you do a SC START [arguments]. This has nothing to do with "command line process arguments".

The second type of parameters is probaly only known by the service itself, if the implementation makes any use of it which is not the case for many services. I don't think Windows keep track of this when we look at low level windows structures like the PEB: http://msdn.microsoft.com/en-us/library/ms684855(v=VS.85).aspx, even the undocumented parts of it http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/NT%20Objects/Process/PEB.html

You can find the service EXE details and edit or just see the commandline options in the registry entry for the service. You'll find that under

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services

Be sure to restart the Services window if you decide to change this as it won't reread it live.

try Procexp(ProcessExplorer) application from sysInternals

It is like task manager only. It lists all the running processes select your service and see its properties.

1. Service process is started not as usual exe. Even more, service process could be just .dll file. See: http://en.wikipedia.org/wiki/Windows_service.

   Many appear in the processes list in the Windows Task Manager, most often with a username of SYSTEM, LOCAL SERVICE or NETWORK SERVICE, though not all processes with the SYSTEM username are services. The remaining services run through svchost.exe as DLLs loaded into memory.

2. Just override ServiceBase.OnStart(string[] args) method. See more: http://msdn.microsoft.com/en-us/library/system.serviceprocess.servicebase.onstart.aspx