2

I've got a notepad.exe started in my session :

gwmi -Query "Select CommandLine from Win32_Process where CommandLine='C:\Windows\system32\notepad.exe'"

gives

Get-WmiObject : Demande non valide
Au niveau de ligne : 1 Caractère : 5
+ gwmi <<<<  -Query "Select CommandLine from Win32_Process where CommandLine='C:\Windows\system32\notepad.exe'"
    + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], ManagementException
    + FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

I test :

gwmi -Query "Select CommandLine from Win32_Process where CommandLine='C:\\Windows\\system32\\notepad.exe'"

It gives nothing

gwmi -Query "Select CommandLine from Win32_Process where CommandLine LIKE '%C:\\Windows\\system32\\notepad.exe%'"

Works perfectly

__GENUS          : 2
__CLASS          : Win32_Process
__SUPERCLASS     :
__DYNASTY        :
__RELPATH        :
__PROPERTY_COUNT : 1
__DERIVATION     : {}
__SERVER         :
__NAMESPACE      :
__PATH           :
CommandLine      : "C:\Windows\system32\notepad.exe"

Perhaps it's a trouble with wildcards caracters between PowerShell and WMI, but anyone can help me make filter CommandLine='C:\Windows\system32\notepad.exe' working

Improve this question
3
  • What's the value of CommandLine on the found (when found) Win32_Process instance? Eg. here the CommandLine value includes double quotes. Commented Oct 6, 2011 at 10:38
  • I Edit the question to show the value if th propertie when it works. If you look at WMBEMTEST.EXE CommandLine is one ofthe properties of WIN32_Process. Commented Oct 6, 2011 at 11:38
  • the issue is that CommandLine is surrounded by ". how escape " in gwmi query? Commented Oct 6, 2011 at 11:43

3 Answers 3

Reset to default
1

The value of the CommandLine property contains quotes, so they need to be escaped as well.

A working, but horrible string is:

gwmi -Query "Select * from Win32_Process where CommandLine = '`"c:\\windows\\system32\\notepad.exe`"'"
Improve this answer
Sign up to request clarification or add additional context in comments.

11 Comments

have you tested it? return nothing!
I turn arroud it, thanks that just what I was looking for. Ijust don't see that there were "" in WBEMTEST.EXE.
@craika: sure! but for me return nothing! why now?
@Christian It works for me too, don't you forgot to start a notepad before running test ? ;o) I just copy past.
INCREDIBLE! in my box commandLine have an extra space after last quote: '(backtricks)"c:\\windows\\system32\\notepad.exe(backtricks)" '".
|
0

You need to include the quotes, but as I can't recall how to escape them in WQL, I would do it in PSH:

gwmi -class Win32_Process -filter "CommandLine like '`"C:\\Windows\\system32\\notepad.exe`"'"

Filter expression is in double quotes, with the string argument to LIKE in single quotes. The double quotes that are part of that argument need to be quoted from PowerShell.

Improve this answer

Comments

0 
Get-Process | ? {$_.Path -eq 'C:\Windows\system32\notepad.exe'}

Get-Process | ? {$_.processname -eq 'notepad'}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.