Celeb Glow
news | March 03, 2026

How to get the command that invoked a task with tasklist?

The Windows task manager has a column labeled Command Line that shows the command that started the given task, with all the switches and parameters, for example:

test.exe -V -A 127.0.0.1 -P 6062

Now I have to identify a certain task that is listening on a certain port and/or was called with a certain switch combination. My aim is to close the selected task, but not others, so if there are multiple test.exe tasks running, I cannot simply close all tasks returned by:

tasklist /fo csv /nh /fi "imagename eq test.exe"

Unfortunately it seems like neither tasklist nor pslist (here) is able to return the Command Line field. How can I overcome this problem?

5

3 Answers

How about this one:

wmic process where caption="test.exe" get commandline

And if you do this you also get the ProcessId to kill:

wmic process where caption="test.exe" get commandline,processid

wmic also has a switch to output to csv. So:

wmic /output:c:\temp\proc.csv process where caption="test.exe" get commandline,processid /format:csv

Note: If you get an error with the last one (Invalid XSL format (or) file name) you need to copy csv.xml from %WINDIR%\System32\wbem\en-US to %WINDIR%\System32\wbem. You can read about this bug here.

You could also use PowerShell:

Get-WmiObject win32_process -Filter "name like '%test.exe'"|select CreationDate,ProcessId,CommandLine|ft -AutoSize`
4

Powershell 7:

get-process test | % commandline

In Windows 11, at least, the top answer above did not work, as there is no "caption" column in wmic process output, so there was no result found. (And yes, I realize wmic is deprecated in Windows 11. It DOES still work.)

Instead, there are indeed other columns you could use for that WHERE clause, and they're available with wmic process list /?. Among those are of course name (for the process name)--and that processid (for the pid) mentioned above, so this worked for me instead:

wmic process where name="test.exe" get commandline,processid

One more thing: I found I had to be running an elevated command prompt (as admin) to see the commandline. Otherwise the ouput showed the commandline as empty:

CommandLine ProcessId 10496

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like

How to use PS4 controller on PC?

I can't see my coordinates and light level when I press F3 on my friend's smp

Which vendors have a lot of cash?