cmd_or_ps.ps1


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

$i=1
$ppid=(gwmi win32_process -Filter "processid='$pid'").parentprocessid
$pname=(Get-Process -id $ppid).Name
While($true) {
  if($pname -eq "cmd" -Or $pname -eq "powershell") {
    Write-Host ("{0}.exe" -f $pname)
    Break
  }

  # 10 times iteration seems to be sufficient
  if($i -gt 10) {
    Break
  }

  # not found yet, find grand parant
  $ppid=(gwmi win32_process -Filter "processid='$ppid'").parentprocessid
  $pname=(Get-Process -id $ppid).Name
  $i++
}