I have a program in Windows 7 that launches ffmpeg in an external command prompt window but it is impossible to see what arguments were passed in.
Is there a way to see what arguments were given?
Asked
Active
Viewed 241 times
0
-
1ProcessExplorer (from Microsoft) can do this as well. It even have a handy tree view. – billc.cn Jan 07 '16 at 20:37
-
@Ƭᴇcʜιᴇ007 This question does *not* mention a `running` program, just a program that `was launched`, which may have long ended before one had a chance to look at a list of running processes in their favorite utility. As such, I don't see the reason to mark it as a `duplicate`. – dxiv Jan 08 '16 at 03:35
-
@dxiv You should [edit] your question to make that clear. At the moment it doesn't mention you requirement to know about a program **that has already ended** (which by the way invalidates my answer). If you don't update the question it probably won't get reopened. – DavidPostill Jan 08 '16 at 09:21
-
@DavidPostill It's obviously not _my_ question (though I edited the title to better match the contents). It is true that the question does not mention the program having ended, but it also doesn't mention it having _not_ ended (and, as it happens, there do exist quick `ffmpeg` tasks that can take a fraction of a second to complete). Marking the question outright as a `duplicate` relies on the additional assumption that the program is still running, which is simply not present in the question as asked. A request to clarify, or flag for insufficient information, would have been more appropriate. – dxiv Jan 09 '16 at 01:31
-
@dxiv Apologies, I mistook you for the OP. In that case if the OP thinks it is not a duplicate it is up to him to [edit] his question, say why it is not a duplicate for him, and it will go into the reopen queue. – DavidPostill Jan 09 '16 at 09:08
-
@DavidPostill It is indeed a duplicate. – daveslab Jan 15 '16 at 17:24
2 Answers
1
Is there a way to see what arguments were given?
ProcessHacker (a Task Manager replacement) will display the command line arguments for any selected process:
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
Example:
F:\test>cmd /c test.cmd
F:\test>echo off
Press any key to continue . . .
In ProcessHacker:
Select the process you are interested in.
There may be several
cmdshell processes running and you will have to make sure you select the correct one. Hovering over the process name will show the command line so you know the correct one to select:
Right click and select "Properties" or just press Enter.
The resulting "Properties" dialog shows the command line used to start the process.
Disclaimer
I am not affiliated with ProcessHacker in any way, I am just an end user of the software.
DavidPostill
- 153,128
- 77
- 353
- 394
-
Windows' built-in Task Manager also shows the full command line for a running process under the `Command Line` column in the `Processes` tab, so there is no real need for a 3rd party utility. That said, if the process closes too quickly to catch a glimpse of its command line in the list of running processes, then @Craig620's answer works better. – dxiv Jan 08 '16 at 03:29
1
- Edit local policy and enable "Audit Process Tracking" (secpol.msc)
- Install KB3004375 and reboot https://support.microsoft.com/en-us/kb/3004375
- Enable Audit Process Creation/Include CLI (gpedit.msc)
If you're using Win7 Home instead of professional you won't have gpedit.msc. Regedit to HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit. Set key ProcessCreationIncludeCmdLine_Enabled = 1
Run the program that launches FFMEG
- Review the security event log for event ID 4688
Clayton
- 497
- 2
- 8
-
1To install gpedit.msc see [Windows Starter Edition, Home and Home Premium do not include gpedit](http://superuser.com/q/1018145) – DavidPostill Jan 07 '16 at 20:47