-
-
Save nani1337/6a93abb9fdcc78df457c8d4afc54e91d to your computer and use it in GitHub Desktop.
procmon.bat
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM Ugly file-based process monitor script. Non-PowerShell in case blocked | |
| @echo off | |
| :loop | |
| del file1.txt 2> nul | |
| del file2.txt 2> nul | |
| for /f "usebackq skip=1 tokens=* delims= " %%i in (`wmic path win32_process get commandline ^| findstr /r /v "[^\ ]"`) do echo %%i >> file1.txt | |
| ping -n 1 127.0.0.1 >nul | |
| for /f "usebackq skip=1 tokens=* delims= " %%i in (`wmic path win32_process get commandline ^| findstr /r /v "[^\ ]"`) do echo %%i >> file2.txt | |
| fc file1.txt file2.txt | findstr /r "[abcdefghijklmnopqrstuvwxyz]" | findstr /v "ECHO" | findstr /v "*****" | findstr /v "Comparing" | findstr /v "wmic" | findstr /v "FC:" | |
| goto loop |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment