2

I've got a notepad.exe started in my session :

gwmi -Query "Select CommandLine from Win32_Process where CommandLine='C:\Windows\system32\notepad.exe'"

gives

Get-WmiObject : Demande non valide
Au niveau de ligne : 1 Caractère : 5
+ gwmi <<<<  -Query "Select CommandLine from Win32_Process where CommandLine='C:\Windows\system32\notepad.exe'"
    + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], ManagementException
    + FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

I test :

gwmi -Query "Select CommandLine from Win32_Process where CommandLine='C:\\Windows\\system32\\notepad.exe'"

It gives nothing

gwmi -Query "Select CommandLine from Win32_Process where CommandLine LIKE '%C:\\Windows\\system32\\notepad.exe%'"

Works perfectly

__GENUS          : 2
__CLASS          : Win32_Process
__SUPERCLASS     :
__DYNASTY        :
__RELPATH        :
__PROPERTY_COUNT : 1
__DERIVATION     : {}
__SERVER         :
__NAMESPACE      :
__PATH           :
CommandLine      : "C:\Windows\system32\notepad.exe"

Perhaps it's a trouble with wildcards caracters between PowerShell and WMI, but anyone can help me make filter CommandLine='C:\Windows\system32\notepad.exe' working

JPBlanc
  • 70,406
  • 17
  • 130
  • 175
  • What's the value of `CommandLine` on the found (when found) `Win32_Process` instance? Eg. here the `CommandLine` value includes double quotes. – Richard Oct 06 '11 at 10:38
  • I Edit the question to show the value if th propertie when it works. If you look at WMBEMTEST.EXE `CommandLine` is one ofthe properties of `WIN32_Process`. – JPBlanc Oct 06 '11 at 11:38
  • the issue is that CommandLine is surrounded by ". how escape " in gwmi query? – CB. Oct 06 '11 at 11:43

3 Answers3

1

The value of the CommandLine property contains quotes, so they need to be escaped as well.

A working, but horrible string is:

gwmi -Query "Select * from Win32_Process where CommandLine = '`"c:\\windows\\system32\\notepad.exe`"'"
craika
  • 1,062
  • 9
  • 9
  • have you tested it? return nothing! – CB. Oct 06 '11 at 11:47
  • I turn arroud it, thanks that just what I was looking for. Ijust don't see that there were "" in WBEMTEST.EXE. – JPBlanc Oct 06 '11 at 11:47
  • @craika: sure! but for me return nothing! why now? – CB. Oct 06 '11 at 11:50
  • @Christian It works for me too, don't you forgot to start a notepad before running test ? ;o) I just copy past. – JPBlanc Oct 06 '11 at 11:51
  • @JPBlanc: sure! but for me return nothing! why now? – CB. Oct 06 '11 at 11:53
  • @Chistian: x64 vs 32 maybe? 32-bit notepad path in 64-bit PowerShell is in SysWOW? – craika Oct 06 '11 at 11:57
  • @craika: nope, i'm on an XP x32 box. I'm gone mad... before your answer i had escape with backtricks but doesn't works... why?? – CB. Oct 06 '11 at 12:00
  • Now test on Seven, Server W2K8R2 and Windows 8 (PowerShell 3) work in all three, sorry @Christian – JPBlanc Oct 06 '11 at 12:00
  • 1
    INCREDIBLE! in my box commandLine have an extra space after last quote: '(backtricks)"c:\\windows\\system32\\notepad.exe(backtricks)" '". – CB. Oct 06 '11 at 12:15
  • I just encountered the same on a Seven ! I reproduce it when launching notepad via 'search' entry in start menu! – JPBlanc Oct 06 '11 at 13:35
  • a mistery issue. On my box always the same, launching by link or original notepad.exe. thank you for reporting to me your test! – CB. Oct 06 '11 at 14:38
0

You need to include the quotes, but as I can't recall how to escape them in WQL, I would do it in PSH:

gwmi -class Win32_Process -filter "CommandLine like '`"C:\\Windows\\system32\\notepad.exe`"'"

Filter expression is in double quotes, with the string argument to LIKE in single quotes. The double quotes that are part of that argument need to be quoted from PowerShell.

Richard
  • 106,783
  • 21
  • 203
  • 265
0
Get-Process | ? {$_.Path -eq 'C:\Windows\system32\notepad.exe'}

Get-Process | ? {$_.processname -eq 'notepad'}
funny
  • 1