Using Powershell to identify Child Processes

I got a challenge yesterday on how to identify child processes, and googling it led to the conclusion that this is either not a common issue or no one knows the answer.

My issue was this: if a child process locks up or needs to be killed, how do we identify the process using powershell. The thing about finding child processes is that you need to know who their parents are. In fact, you need to use the parent process id (PID) to identify the child
.

How does it work?

First choose how to identify the parent process in Powershell. You can usually use ProcessName, Description, Path etc. Then you need to find any process which has the ParentProcessId of it’s parent (obviously)!

Here’s my solution:

$procid = (Get-WmiObject win32_process | where {$_.ProcessName -eq ‘Powershell.exe’} | select processid)
Get-WmiObject win32_process | where {$_.ParentProcessId -eq $id}

This only identifies the child process, what you’d like to do with it afterwards is your call
. Nonetheless, this could help you automate some of the tasks you’ve been using Process Explorer to solve until now.

Leave a Reply