Description
Stops capturing keystrokes.
Overview
Get detailed information about the current process including:
- Commandline arguments
- Process Integrity Level
- Process Id
- Parent Process Id
- Name
- Full path to the executable
- Username and domain name (if applicable)
- Bitness (either x86 or x64)
Dependencies
- Common
Operating Systems
- Windows
Pre-Requisites
- No pre-requisites for processes running under the same user context.
- High Integrity process will be required to query information for other user processes.
Example Text
CommandLine :
IntegrityLevel : Unknown
PID : 0
PPID : 0
Name : System Idle Process
Path :
Username : NT AUTHORITY\SYSTEM
Bitness : Unknown
CommandLine :
IntegrityLevel : Unknown
PID : 4
PPID : 0
Name :
Path :
Username :
Bitness : x64
CommandLine : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
IntegrityLevel : System
PID : 1652
PPID : 744
Name : svchost.exe
Path : C:\Windows\System32\svchost.exe
Username : NT AUTHORITY\LOCAL SERVICE
Bitness : x64
Example Json
[
{
"CommandLine": "",
"IntegrityLevel": "Unknown",
"PID": 0,
"PPID": 0,
"Name": "System Idle Process",
"Path": "",
"Username": "NT AUTHORITY\\SYSTEM",
"Bitness": "Unknown"
},
{
"CommandLine": "",
"IntegrityLevel": "Unknown",
"PID": 4,
"PPID": 0,
"Name": "",
"Path": "",
"Username": "",
"Bitness": "x64"
},
{
"CommandLine": "C:\\Windows\\system32\\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp",
"IntegrityLevel": "System",
"PID": 1652,
"PPID": 744,
"Name": "svchost.exe",
"Path": "C:\\Windows\\System32\\svchost.exe",
"Username": "NT AUTHORITY\\LOCAL SERVICE",
"Bitness": "x64"
}
]