如何在 PowerShell 或 C # 中获取进程的命令行信息

In PowerShell you can get the command line of a process via WMI:

$process = "notepad.exe"
Get-WmiObject Win32_Process -Filter "name = '$process'" | Select-Object CommandLine

Note that you need admin privileges to be able to access that information about processes running in the context of another user. As a normal user it's only visible to you for processes running in your own context.

This answer is excellent, however for futureproofing and to do future you a favor, Unless you're using pretty old powershell (in which case I recommend an update!) Get-WMIObject has been superseded by Get-CimInstance Hey Scripting Guy reference

Try this

$process = "notepad.exe"
Get-CimInstance Win32_Process -Filter "name = '$process'" | select CommandLine

I'm using powershell 7.1 and this seems to be built in to the process object now as a scripted property:

> (Get-Process notepad)[0].CommandLine
"C:\WINDOWS\system32\notepad.exe"

Interestingly, you can view its implementation and see that it partially uses the answer from PsychoData:

($process | Get-Member -Name CommandLine).Definition
System.Object CommandLine {get=
if ($IsWindows) {
(Get-CimInstance Win32_Process -Filter "ProcessId = $($this.Id)").CommandLine
} elseif ($IsLinux) {
Get-Content -LiteralPath "/proc/$($this.Id)/cmdline"
}
;}

Running Get-Member on a process shows that it is an instance of System.Diagnostics.Process, but that it has several properties that are scripted.

The other properties are FileVersion, Path, Product, and ProductVersion.

if you put the following code in your powershell $profile file you can permanently extend the "process" object class and use the "CommandLine" property

example:

get-process notepad.exe | select-object ProcessName, CommandLine

code:

$TypeData = @{
TypeName = 'System.Diagnostics.Process'
MemberType = 'ScriptProperty'
MemberName = 'CommandLine'
Value = {(Get-CimInstance Win32_Process -Filter "ProcessId = $($this.Id)").CommandLine}
}
Update-TypeData @TypeData