20

I know in Linux it's very useful the pstree command and something like that is what I'm looking for... but how to make a detailed process list (tree) on Windows terminal?

jww
  • 12,722
AAlvz
  • 887

4 Answers4

15

You could use a program called Process Monitor. This program allows you to do what you want.

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

It also provides exactly what you want:

Process tree tool shows relationship of all processes referenced in a trace.

Lightness Races in Orbit
  • 3,076
  • 1
  • 22
  • 29
poz2k4444
  • 914
10

Use pslist64.exe -t from SysInternals.

not2qubit
  • 2,651
  • 4
  • 34
  • 45
3

Try Process Exporer from Sysinternals. It is like an advanced task manager, there is a tree view as well.

Rolf
  • 347
1

This powershell cmdlet Print-ProcessTree will list a primitive process tree.

function Print-ProcessTree() {

function Get-ProcessAndChildProcesses($Level, $Process) {
    "{0}[{1,-5}] [{2}]" -f ("  " * $Level), $Process.ProcessId, $Process.Name
    $Children = $AllProcesses | where-object {$_.ParentProcessId -eq $Process.ProcessId -and $_.CreationDate -ge $Process.CreationDate}
    if ($null -ne $Children) {
        foreach ($Child in $Children) {
            Get-ProcessAndChildProcesses ($Level + 1) $Child
        }
    }
}

$AllProcesses = Get-CimInstance -ClassName "win32_process"
$RootProcesses = @()
# Process "System Idle Process" is processed differently, as ProcessId and ParentProcessId are 0
# $AllProcesses is sliced from index 1 to the end of the array
foreach ($Process in $AllProcesses[1..($AllProcesses.length-1)]) {
    $Parent = $AllProcesses | where-object {$_.ProcessId -eq $Process.ParentProcessId -and $_.CreationDate -lt $Process.CreationDate}
    if ($null -eq $Parent) {
        $RootProcesses += $Process
    }
}
# Process the "System Idle process" separately
"[{0,-5}] [{1}]" -f $AllProcesses[0].ProcessId, $AllProcesses[0].Name
foreach ($Process in $RootProcesses) {
    Get-ProcessAndChildProcesses 0 $Process
}



}

Modified from actualadmins.nl.

JamesThomasMoon
  • 1,066