|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
02-24-2009
| #1 (permalink) |
| | Parent Process ID I am attempting to determine if a process running locally is orphaned? It looks like I need to access the th32ParentProcessID member of the PROCESSENTRY32 structure. Is there a way to read the PROCESSENTRY32 structure with PowerShell or another method to determine the process parent id? |
My System Specs |
|
02-25-2009
| #2 (permalink) |
| | Re: Parent Process ID Ignore my previous post, I misunderstood your question and thought you just wanted to retrieve the ParentProcessID. This will filter each process whose parent process is terminated or if its ParentProcessID inaccurately points to a 'parent' process created after it. $wmi = [wmi]'' $col = gwmi win32_process | ? { $parent = gwmi win32_process -f "ProcessID='$($_.parentProcessID)'" $parentCreationDate, $creationDate = $( if ($parent -and $_.parentProcessID) { $wmi.ConvertToDateTime($parent.CreationDate), $wmi.ConvertToDateTime($_.CreationDate) } else {$null,$null}) !$parent -or $parentCreationDate -gt $creationDate } Remove-Variable wmi $col | ps -ID {$_.processID} -- Kiron |
| My System Specs |
|
02-25-2009
| #3 (permalink) |
| | Re: Parent Process ID Thank you Kiron! Checking the creation dates was an added feature I had not thought of. I seem to alway overlook wmi when attempting to solve these types of problems. "Kiron" wrote: Quote: > Ignore my previous post, I misunderstood your question and thought you > just wanted to retrieve the ParentProcessID. > This will filter each process whose parent process is terminated or if its > ParentProcessID inaccurately points to a 'parent' process created after > it. > > $wmi = [wmi]'' > $col = gwmi win32_process | ? { > $parent = gwmi win32_process -f "ProcessID='$($_.parentProcessID)'" > $parentCreationDate, $creationDate = $( > if ($parent -and $_.parentProcessID) { > $wmi.ConvertToDateTime($parent.CreationDate), > $wmi.ConvertToDateTime($_.CreationDate) > } else {$null,$null}) > !$parent -or $parentCreationDate -gt $creationDate > } > Remove-Variable wmi > $col | ps -ID {$_.processID} > > -- > Kiron > |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Exctracting OU and parent OU name from Active Directory | VB Script | |||
| Collections Help when in a parent class | .NET General | |||
| Get parent directory | PowerShell | |||
