Skip to content

Instantly share code, notes, and snippets.

@egre55

egre55/procmon.bat

Last active December 21, 2022 00:35
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save egre55/1df7db9c13648097f997432019f4a8e1 to your computer and use it in GitHub Desktop.
Save egre55/1df7db9c13648097f997432019f4a8e1 to your computer and use it in GitHub Desktop.
Download ZIP
procmon.bat
Raw
procmon.bat
REM Ugly file-based process monitor script. Non-PowerShell in case blocked
@echo off
:loop
del file1.txt 2> nul
del file2.txt 2> nul
for /f "usebackq skip=1 tokens=* delims= " %%i in (`wmic path win32_process get commandline ^| findstr /r /v "[^\ ]"`) do echo %%i >> file1.txt
ping -n 1 127.0.0.1 >nul
for /f "usebackq skip=1 tokens=* delims= " %%i in (`wmic path win32_process get commandline ^| findstr /r /v "[^\ ]"`) do echo %%i >> file2.txt
fc file1.txt file2.txt | findstr /r "[abcdefghijklmnopqrstuvwxyz]" | findstr /v "ECHO" | findstr /v "*****" | findstr /v "Comparing" | findstr /v "wmic" | findstr /v "FC:"
goto loop
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment