ProcTree plugin for Take Command / TCC / TCC/LE

Version     2023-10-15

Charles Dye


This plugin adds one command, PROCTREE, which displays a tree-formatted list of descendants of a given process. It’s like a cross between TASKLIST and ENUMPROCESSES.

PROCTREE traces through child processes. It requires an unbroken line of descent to find descendants. If program A starts program B, which starts program C and then exits, then PROCTREE cannot make the connection between A and C. The common link B no longer exists. This situation is actually not uncommon in Windows. An application might use a ‘launcher’ program, which checks for available updates before starting the main program and exiting. Or, an application might dispense with the separate launcher, check for its own updates, launch a new instance of itself, and exit. If you find an ‘orphan’ program which is not listed in PROCTREE’s output, this kind of technique may be the reason.


To use this plugin, copy ProcTree.dll to some known location on your hard drive. (If you are still using the 32-bit version of Take Command, take ProcTree-x86.dll instead of ProcTree.dll.) Load the .DLL file with a PLUGIN /L command, for example:

plugin /l c:\bin\tcmd\test\proctree.dll

If you copy these files to a subdirectory named PlugIns within your Take Command program directory, the plugin will be loaded automatically when TCC starts.

Plugin Features:

New command: PROCTREE

Syntax Note:

The syntax definitions in the following text use these conventions for clarity:

BOLD CODEindicates text which must be typed exactly as shown.
CODEindicates optional text, which may be typed as shown or omitted.
Bold italicnames a required argument; a value must be supplied.
Regular italicnames an optional argument.
ellipsis…after an argument means that more than one may be given.

New Command:

PROCTREE — List descendants of a given process.

PROCTREE /A /C /D /E /F /H:wild /I /K /M /N:flags /O:keys /P /SVC /TC /T:flags /U /W:n /X /Z root

/Ause ASCII characters
/Cshow process priorities
/Ddisplay PIDs in decimal
/Estart from Explorer
/Fshow fully-qualified filenames
/H:wildhighlight matching strings
/Ishow additional info
/Kshow thread counts
/Mshow memory usage
/N:flagsdisable features:  CDESTWX
/O:keyssort sibling processes:  -CDEKMNPTW
/Ppage output
/SVCstart from the services root
/TCstart from Take Command
/T:flagsshow process creation times:  DSMF
/Uinclude a final summary line
/W:nspecify line width
/Xdisplay PIDs in hexadecimal (the default)
/Zshow the parent of the root process
rootthe process to start from (process ID or wildspec)

This command lists the child processes — and grandchildren, great-grandchildren, etc. — of a starting or ‘root’ process. There are several ways to specify the root process:

If you specify a nonexistent process ID, PROCTREE will check whether any current processes claim that PID as a parent. If the process no longer exists but one or more of its children do, then PROCTREE will create a ‘dummy’ process entry to use as the root of the process tree. This dummy process is pure fiction; you cannot display any meaningful information about it. It’s only there to allow you to list surviving children of a defunct process.

/A makes PROCTREE use ASCII characters instead of the fancy Unicode characters. This option might be useful if you are redirecting or piping PROCTREE’s output. /A most obviously affects the line-drawing characters used to show the tree structure, but it has other effects too. It replaces the symbols used by /I and the ellipses used to shorten long window titles and service names. Note that even with /A, there may still be Unicode characters in process names, window titles, and so on.

/C displays the current priority for each process, using a one- or two-letter abbreviation:

RTRealtime priority (the highest)
HIHigh priority
ANAbove normal
NNormal priority
BNBelow normal
IIdle (the lowest)
-unknown or other

/F displays a fully-qualified filename for each process. If PROCTREE cannot get the filename for a process, it will fall back on showing a window title or service name instead.

/H:wild displays process names, window titles, and services names which match the given wildcard spec in reverse video. You can supply multiple /H: options to match more than one wildspec. This option has no effect if output is redirected, or if you disable highlighting with /NC.

/I collects and displays additional information about each process. If a process is elevated, PROCTREE will show an up-arrow before its name. If it’s a 32-bit process running under 64-bit Windows, a right guillemet » will appear before the name.

If you’re still running Windows XP, /I will probably work only in elevated TCC sessions.

/T:flags displays the time each process was started. The colon is optional. You may include one or more optional flags: D for dates, S for seconds, M for milliseconds, or F for all of the above.

You can get help for this option by typing

proctree /t?

/M shows the amount of memory currently used by each process, in kilobytes, megabytes, or gigabytes as appropriate. Fractional units will be rounded to the nearest unit; e.g. 15.7 megabytes will be shown as ‘16M’.

/N:flags disables various features. The colon is optional, and you may combine flags in any order.

/NS and /NW are debugging options which prevent PROCTREE from gathering service names or window titles. Using either one will affect /OD and wildcard searches; you can’t search or sort on strings you don’t have. If you don’t want window titles or services names to be displayed, /ND is the right way to suppress them.

You can get help for this option by typing

proctree /n?

/O:keys tells PROCTREE how to sort sibling processes, i.e., processes with the same parent. The colon is optional, and you may give more than one key.

Without /O, the default is to sort siblings into ascending order by process ID.

You can get help for this option by typing

proctree /o?

/Z displays the parent process ID for the root process only. (It would be redundant for all the others, since the tree structure shows this information already.)

Highlight Variable:

The PROCTREE command highlights executable names when displaying to the console. You can customize this feature by setting an environment variable Highlight:

rem  Disable highlight:
set highlight=none

rem  Set the highlight foreground:
set highlight=bright cyan

rem  Set both foreground and background:
set highlight=bri whi on blu

rem  Numbers are also supported:
set highlight=46

If the Highlight environment variable is not defined, the plugin will check the registry for a value named Highlight of type REG_SZ. The plugin will search, in this order:

You can also use the /NC option to disable highlighting.

Startup Message:

This plugin displays an informational line when it initializes. The message will be suppressed in transient or pipe shells. You can disable it for all shells by defining an environment variable named NOLOADMSG, for example:

set /e /u noloadmsg=1


Version:Date:Changes: ShowCmdHelp() to include VER_PATCH. the plugin’s web address.
1.0.52023-10-05/H: highlights matching window titles / service names as well as process names. /HL: is now a synonym for /H: change: /I now uses a right guillemet instead of an arrowhead to mark 32-bit processes. Added and removed spaces in the /I info to make things line up a bit better.
1.0.42023-10-04Bug fix: If a process’s alleged parent was started after the process, then your daddy ain’t your daddy (but your daddy don’t know).
1.0.32022-04-01Added /H: to highlight matching process names.
1.0.22022-03-28Updated the help text and the error messages for /N /O /T to mention the existence of /N? /O? /T?
1.0.12022-03-25Replaced _DOSsify() with the more sophisticated FixKernelPath().
1.0.02022-03-25Added /N? /O? /T? to give more info on those three options. Removed dependency on QueryFullProcessImageNameW() in hopes of making the plugin work under Windows XP.

Status and Licensing:

This plugin is © Copyright 2023, Charles Dye. Unaltered copies of the binary and documentation files may be freely distributed without restriction. I make no guarantee and give no warranty for its operation. If you find a problem, you can report it in the JP Software support forum.


You can download the current version of the plugin from