How do I get the command-line arguments of a Windows service?

I'm looking for a way to figure out the command-line arguments of any Windows service.

For a non-service process, the command-line arguments can be found in the Windows Task Manager, or programmatically by using WMI as shown in this post.

Unfortunately, these two solutions don't work for a Windows service that is started by the ServiceController.Start(String[] args) method. Both of them show only the executable file path on the command-line, even though some arguments were passed in.

1. What is the difference between two scenarios (a service vs. a non-service process)?
2. Is there a way to figure out开发者_运维问答 the arguments of the Windows service?

I also tried creating a simple service that just logs any command-line arguments it has to the event log. I started it using "sc.exe start <my service> <arg1>" and verified that <arg1> was written to the event log.

However, none of the solutions has worked for me. I still only saw the path to the executable file. My OS version is Windows Server 2008 R2 SP1 x64 Enterprise.

There are two types of arguments for services:

• Arguments that were passed on the process start command line. You can get to those easily using Process Explorer, etc.
• Arguments that were passed to the ServiceMain function. This is the WIndows API that a service is supposed to implement. The .NET equivalent is ServiceBase.OnStart. This is what is used when you do an SC START \[arguments\]. This has nothing to do with "command line process arguments".

The second type of parameters is probably only known by the service itself, if the implementation makes any use of it which is not the case for many services. I don't think Windows keep track of this when we look at low level Windows structures like the PEB: Process and Thread Structures (MSDN), even the undocumented parts of it, Undocumented functions of NTDLL.

You can find the service EXE file details and edit or just see the commandline options in the registry entry for the service. You'll find that under

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services

Be sure to restart the Services window if you decide to change this as it won't reread it live.

Try the Process Explorer application from Sysinternals

It is like Task Manager, only it lists all the running processes. Select your service and see its properties.

1. A service process is not started as a usual EXE file. Even more, a service process could be just a .dll file. See: Windows service (Wikipedia).

   Many appear in the processes list in the Windows Task Manager, most often with a username of SYSTEM, LOCAL SERVICE or NETWORK SERVICE, though not all processes with the SYSTEM username are services. The remaining services run through svchost.exe as DLLs loaded into memory.

2. Just override the ServiceBase.OnStart(string[] args) method. See more: ServiceBase.OnStart(String[]) Method (MSDN)

Using Powershell you can call

(Get-CimInstance Win32_Service -Filter 'Name = "<my service>"').PathName

to get the full command line of the service (it returns file and arguments)

Just replace <my service> with the name of the desired service.

For example:

(Get-CimInstance Win32_Service -Filter 'Name = "Dnscache"').PathName

returns "C:\WINDOWS\system32\svchost.exe -k NetworkService -p"