C:\CHAS_S~1\COLUMN~1> wmic process|find /i "Caption" Caption CommandLine CreationClassName CreationDate CSCreationClassName CSName Description ExecutablePath ExecutionState Handle HandleCount InstallDate KernelModeTime MaximumWorkingSetSize MinimumWorkingSetSize Name OSCreationClassName OSName OtherOperationCount OtherTransferCount PageFaults PageFileUsage ParentProcessId PeakPageFileUsage PeakVirtualSize PeakWorkingSetSize Priority PrivatePageCount ProcessId QuotaNonPagedPoolUsage QuotaPagedPoolUsage QuotaPeakNonPagedPoolUsage QuotaPeakPagedPoolUsage ReadOperationCount ReadTransferCount SessionId Status TerminationDate ThreadCount UserModeTime VirtualSize WindowsVersion WorkingSetSize WriteOperationCount WriteTransferCount #### C:\CHAS_S~1\COLUMN~1> perl -ne "print" header.bin  ■C a p t i o n C o m m a n d L i n e C r e a t i o n C l a s s N a m e C r e a t i o n D a t e C S C r e a t i o n C l a s s N a m e C S N a m e D e s c r i p t i o n E x e c u t a b l e P a t h E x e c u t i o n S t a t e H a n d l e H a n d l e C o u n t I n s t a l l D a t e K e r n e l M o d e T i m e M a x i m u m W o r k i n g S e t S i z e M i n i m u m W o r k i n g S e t S i z e N a m e O S C r e a t i o n C l a s s N a m e O S N a m e O t h e r O p e r a t i o n C o u n t O t h e r T r a n s f e r C o u n t P a g e F a u l t s P a g e F i l e U s a g e P a r e n t P r o c e s s I d P e a k P a g e F i l e U s a g e P e a k V i r t u a l S i z e P e a k W o r k i n g S e t S i z e P r i o r i t y P r i v a t e P a g e C o u n t P r o c e s s I d Q u o t a N o n P a g e d P o o l U s a g e Q u o t a P a g e d P o o l U s a g e Q u o t a P e a k N o n P a g e d P o o l U s a g e Q u o t a P e a k P a g e d P o o l U s a g e R e a d O p e r a t i o n C o u n t R e a d T r a n s f e r C o u n t S e s s i o n I d S t a t u s T e r m i n a t i o n D a t e T h r e a d C o u n t U s e r M o d e T i m e V i r t u a l S i z e W i n d o w s V e r s i o n W o r k i n g S e t S i z e W r i t e O p e r a t i o n C o u n t W r i t e T r a n s f e r C o u n t C:\CHAS_S~1\COLUMN~1> #### C:\CHAS_S~1\COLUMN~1> perl -ne "($caption,$commandline)=unpack('@2U[42] U[270]',$_);print $caption;" h eader.bin 67 #### C:\CHAS_S~1\COLUMN~1> perl -ne "($caption,$commandline)=unpack('@2A[42] A[270]',$_);print $caption;" h eader.bin C a p t i o n C:\CHAS_S~1\COLUMN~1> perl -ne "($caption,$commandline)=unpack('@2a[42] a[270]',$_);print $caption;" h eader.bin C a p t i o n