Description
Get detailed information about all running processes such as the full path to the executable, commandline args, integrity level, and bitness.
Overview
Get detailed information about the current process including:
- Commandline arguments
- Process Integrity Level
- Process Id
- Parent Process Id
- Name
- Full path to the executable
- Username and domain name (if applicable)
- Bitness (either x86 or x64)
Dependencies
- Common
Operating Systems
- Windows
Pre-Requisites
- No pre-requisites for processes running under the same user context.
- High Integrity process will be required to query information for other user processes.
Example Text
CommandLine :
IntegrityLevel : Unknown
PID : 0
PPID : 0
Name : System Idle Process
Path :
Username : NT AUTHORITY\SYSTEM
Bitness : Unknown
CommandLine :
IntegrityLevel : Unknown
PID : 4
PPID : 0
Name :
Path :
Username :
Bitness : x64
CommandLine : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
IntegrityLevel : System
PID : 1652
PPID : 744
Name : svchost.exe
Path : C:\Windows\System32\svchost.exe
Username : NT AUTHORITY\LOCAL SERVICE
Bitness : x64
Example Json
[
{
"CommandLine": "",
"IntegrityLevel": "Unknown",
"PID": 0,
"PPID": 0,
"Name": "System Idle Process",
"Path": "",
"Username": "NT AUTHORITY\\SYSTEM",
"Bitness": "Unknown"
},
{
"CommandLine": "",
"IntegrityLevel": "Unknown",
"PID": 4,
"PPID": 0,
"Name": "",
"Path": "",
"Username": "",
"Bitness": "x64"
},
{
"CommandLine": "C:\\Windows\\system32\\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp",
"IntegrityLevel": "System",
"PID": 1652,
"PPID": 744,
"Name": "svchost.exe",
"Path": "C:\\Windows\\System32\\svchost.exe",
"Username": "NT AUTHORITY\\LOCAL SERVICE",
"Bitness": "x64"
}
]