Finding parent process ID on Windows

2019-01-10 19:21发布

问题:

Problem

Given a process ID & command-line access on a remote Windows host, how can you find its parent's PID?

Solution

Given Marc B's answer, we can use WMIC (Command samples here) and do something like this:

wmic process where (processid=PROCID_HERE) get parentprocessid

回答1:

C:\> wmic process get processid,parentprocessid,executablepath|find "process id goes here"


回答2:

Based on joslinm's solution in the question, here's a snippet of how to use this in a batch script:

set PID=<this is the child process ID>
for /f "usebackq tokens=2 delims==" %%a in (`wmic process where ^(processid^=%PID%^) get parentprocessid /value`) do (
    set PARENT_PID=%%a
)


回答3:

In powershell:

PS> wmic process  where '(processid=4632)' get 'processid,parentprocessid,executablepath'
ExecutablePath                                              ParentProcessId  ProcessId
C:\Program Files\Docker\Docker\Resources\com.docker.db.exe  4488             4632


标签: windows cmd