{"id":67203,"date":"2006-06-01T15:29:00","date_gmt":"2006-06-01T15:29:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2006\/06\/01\/how-can-i-find-the-process-id-associated-with-a-batch-file\/"},"modified":"2006-06-01T15:29:00","modified_gmt":"2006-06-01T15:29:00","slug":"how-can-i-find-the-process-id-associated-with-a-batch-file","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/how-can-i-find-the-process-id-associated-with-a-batch-file\/","title":{"rendered":"How Can I Find the Process ID Associated with a Batch File?"},"content":{"rendered":"

\"Hey, \n

Hey, Scripting Guy! How can I find the process ID associated with a batch file?

— MB<\/P>\"Spacer\"\"Hey,\"Script<\/A> \n

Hey, MB. You know, the Scripting Guys are firm believers in recycling. Why throw that printout away when it can be recycled into newsprint? Why throw that aluminum can away when it can be melted down and reused? Why throw away that Hey, Scripting Guy!<\/I> column when you can use it to answer someone else\u2019s question a few months later?<\/P>\n

In other words, today just happens to be Recycling Day here in the Script Center. A long time ago (October 6, 2004, to be precise) we wrote a column<\/B><\/A> telling people how they could determine which scripts (by file name) were running on a computer. Today we\u2019re going to recycle that column, using a slight variation to show you how you can determine the process ID associated with any batch files that are running on your computer. Some of the stuff we\u2019ll show you today is new, but one thing that hasn\u2019t<\/I> changed is the disclaimer: this solution works only on Windows XP or Windows Server 2003. (We\u2019ll explain why in a bit.) And, no: we don\u2019t really know of a good way to do this on any earlier version of Windows. Sorry.<\/P>\n

Assuming you\u2019re running Windows XP or Windows Server 2003, however, the following script reports back the name and process ID of any batch file running on a computer:<\/P>

strComputer = “.”<\/p>\n
Set objWMIService = GetObject(“winmgmts:\\\\” & strComputer & “\\root\\cimv2”)<\/p>\n
Set colItems = objWMIService.ExecQuery(“Select * From Win32_Process”)<\/p>\n
For Each objItem in colItems\n    If InStr(objItem.CommandLine, “.bat”) Or InStr(objItem.CommandLine, “.cmd”) Then\n        Wscript.Echo “Batch file: ” & objItem.CommandLine\n        Wscript.Echo “Process ID: ” & objItem.ProcessID\n    End If\nNext\n<\/PRE>\n
So how does this script work? Good question. To begin with, we bind to the WMI service on the local computer. (Although we could easily adapt the script to retrieve the process IDs on any batch files running on a remote computer; all we\u2019d have to do is set the value of the variable strComputer to the name of that remote computer.) After making the connection we then use this line of code to retrieve a collection of all the processes running on the computer:<\/P>
Set colItems = objWMIService.ExecQuery(“Select * From Win32_Process”)\n<\/PRE>\n
So far so good, right? Next we set up a For Each loop to loop through the collection of processes. Inside that loop we use the InStr<\/B> method to see if the strings .bat <\/I>or .cmd<\/I> can be found anywhere within the value of the CommandLine<\/B> property, which simply reports back the command line value used to start a process. (What if you started the process by double-clicking an icon in Windows Explorer? No problem; in that case CommandLine is equal to the command line value you would<\/I> have used had you started the process from the command line or from the Run<\/B> dialog box.) <\/P>\n
For example, here\u2019s the kind of information you can expect to see when you look at the value of the CommandLine property:<\/P>
cmd \/c “”C:\\Scripts\\test.cmd” ”\n“C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE”\n“C:\\WINDOWS\\system32\\NOTEPAD.EXE” C:\\Scripts\\cmdline.vbs\n<\/PRE>\n
If you take a look at the first process you can see that we have a batch file named Test.cmd running. By looking for processes where the CommandLine property includes the strings .bat<\/I> or .cmd<\/I> (the file extensions used for batch files) we can determine whether any of these processes are actually running batch files. And once we know that, getting the process ID for those batch files is trivial.<\/P>\n\n<\/THEAD>\n\n\n
\n
Note<\/B>. Yes, you\u2019re right: a more precise test would be to check and see if the last four characters of the path name are .bat or .cmd. We didn\u2019t do that because the double quotes tacked on the end of the CommandLine value — cmd \/c “”C:\\Scripts\\test.cmd” “<\/B> – complicate things a bit. We\u2019re assuming that, in the vast majority of cases, any time you have a .bat or a .cmd in the path then you have a batch file. But if you want to improve upon what we\u2019ve done here, well, who are we to stop you?<\/P><\/TD><\/TR><\/TBODY><\/TABLE>\n
<\/DIV>\n
In case you\u2019re wondering, this also explains why our script works only on Windows XP and Windows Server 2003: that\u2019s because the CommandLine property is available on only those two platforms.<\/P>\n
So what if we do<\/I> find a batch file? In that case we simply use these two lines of code to echo back the process name and the process ID:<\/P>
Wscript.Echo “Batch file: ” & objItem.CommandLine\nWscript.Echo “Process ID: ” & objItem.ProcessID\n<\/PRE>\n
And there you have it.<\/P>\n
Of course, we should point out that, as written, this script returns the name and process ID of all<\/I> the batch files running on a computer. In your question, MB, you implied that you were interested in only a particular<\/I> batch file. If that\u2019s the case, then simply modify the If-Then statement so it looks for a CommandLine containing the full batch file name. For example, this modified script checks to see if any processes have the string Test.cmd<\/I> somewhere in the CommandLine property:<\/P>
strComputer = “.”<\/p>\n
Set objWMIService = GetObject(“winmgmts:\\\\” & strComputer & “\\root\\cimv2”)<\/p>\n
Set colItems = objWMIService.ExecQuery(“Select * From Win32_Process”)<\/p>\n
For Each objItem in colItems\n    If InStr(objItem.CommandLine, “test.cmd”) Then\n        Wscript.Echo “Process ID: ” & objItem.ProcessID\n    End If\nNext\n<\/PRE>\n
If found, the script reports back the process ID for only the specified batch file.<\/P>\n
Want to get really<\/I> fancy? Here\u2019s a monitoring script that alerts you any time a new batch file starts up:<\/P>
strComputer = “.”<\/p>\n
Set objWMIService = GetObject(“winmgmts:\\\\” & strComputer & “\\root\\cimv2”)<\/p>\n
Set colMonitoredProcesses = objWMIService. _        \n    ExecNotificationQuery(“select * from __instanceCreationEvent ” _ \n        & ” within 1 where TargetInstance isa ‘Win32_Process'”)\ni = 0<\/p>\n
Do While i = 0\n    Set objProcess = colMonitoredProcesses.NextEvent\n    If InStr(objProcess.TargetInstance.CommandLine, “.cmd”) Or _\n        InStr(objProcess.TargetInstance.CommandLine, “.bat”) Then \n        Wscript.Echo “Batch file: ” & objProcess.TargetInstance.CommandLine\n        Wscript.Echo “Process ID: ” & objProcess.TargetInstance.ProcessID\n    End If\nLoop\n<\/PRE>\n
We won\u2019t discuss this script in any detail today; for more information see the webcast An Ounce of Prevention: An Introduction to WMI Events<\/B><\/A>. (And yes, we are<\/I> recycling old material again, this time an old Scripting Week 2 webcast. Didn\u2019t we mention that today was Recycling Day?)<\/P>
\n
\n\n\n\n
\"Top<\/A>Top of page<\/A><\/TD><\/TR><\/TBODY><\/TABLE><\/DIV><\/p>\n","protected":false},"excerpt":{"rendered":"
Hey, Scripting Guy! How can I find the process ID associated with a batch file?— MB Hey, MB. You know, the Scripting Guys are firm believers in recycling. Why throw that printout away when it can be recycled into newsprint? Why throw that aluminum can away when it can be melted down and reused? Why […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[31,87,3,5],"class_list":["post-67203","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-operating-system","tag-processes","tag-scripting-guy","tag-vbscript"],"acf":[],"blog_post_summary":"
Hey, Scripting Guy! How can I find the process ID associated with a batch file?— MB Hey, MB. You know, the Scripting Guys are firm believers in recycling. Why throw that printout away when it can be recycled into newsprint? Why throw that aluminum can away when it can be melted down and reused? Why […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/67203","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=67203"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/67203\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=67203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=67203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=67203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}