windows batch command to determine working directory of a process
tlist from WDK to the rescue! The 2nd line of its output ("CWD: ...") shows the working directory of a process:
> tlist 944 944 postgres.exe CWD: D:\Lab\Database\pgsql\test\ CmdLine: "D:/Tools/pgsql/bin/postgres.exe" -D "." VirtualSize: 221116 KB PeakVirtualSize: 242620 KB WorkingSetSize: 17076 KB PeakWorkingSetSize: 19336 KB NumberOfThreads: 4 9084 Win32StartAddr:0x00000000 LastErr:0x00000000 State:Waiting 8504 Win32StartAddr:0x00000000 LastErr:0x000000b7 State:Waiting 8616 Win32StartAddr:0x00000000 LastErr:0x00000000 State:Waiting 7468 Win32StartAddr:0x00000000 LastErr:0x00000000 State:Waiting 9.3.5.14202 shp 0x0000000000400000 D:\Tools\pgsql\bin\postgres.exe 6.1.7601.18247 shp 0x00000000770D0000 C:\Windows\SYSTEM32\ntdll.dll ...See the doc for more info.
Handle is an utility that displays information about open handles for any process in the system. You can use it to see the programs that have a file open, or to see the object types and names of all the handles of a program.
Its GUI-based version is Process Explorer .
handle -p yourProcess.exe > log.txtIt'll list all handles for yourProcess.exe in log file and now using batch command you can easily extract 'current working directory' of yourProcess from log.txt.
added by barlop
here is the output.. for process c:\tinyweb\tiny.exe run from c:\tinyweb\rrr
C:\Users\user>handle -p tiny.exeNthandle v4.1 - Handle viewerCopyright (C) 1997-2016 Mark RussinovichSysinternals - www.sysinternals.com------------------------------------------------------------------------------tiny.exe pid: 20668 compA\user 10: File C:\Windows 1C: File C:\tinyweb\rrr 9C: File C:\tinyweb\rrr\access_log A0: File C:\tinyweb\rrr\agent_log A4: File C:\tinyweb\rrr\error_log A8: File C:\tinyweb\rrr\referer_log E4: Section \Sessions\1\BaseNamedObjects\__wmhr_msgs_buffer_name$1e74 EC: File C:\Windows\winsxs\x86_microsoft.windows.common-controls_659C:\Users\user>If you want to parse it specifically then you could do it in pure cmd.exe with e.g. for /f, or with a third party scripting language like ruby, or with windows ports of various *nix style command line tools. This line uses such tools and gets it (obviously the following line requires grep and sed, preferably decent versions of them e.g. from cygwin)
C:\Users\harvey>handle -p tiny.exe | grep "pid:" -A 3 | sed -n "3p" | grep -o ".:[\]\S*"C:\tinyweb\rrr
The following will work, though you only need "CommandLine" or "ExecutablePath" - not both:
wmic process where "ProcessID=1111" get CommandLine, ExecutablePathIt will return something like the following, showing where the program for PID 1111 is running:
"C:\Program Files (x86)\Common Files\MyProgram\Agent\agent.exe"