1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

LOG entry for TCMD/TCC command line

Discussion in 'Support' started by Charles G, May 18, 2016.

  1. Charles G

    Joined:
    Apr 2, 2011
    Messages:
    1,015
    Likes Received:
    0
    Is it possible to log how TCMD/TCC was started, usually if it's "Run as Administrator" and if there was a "Start In" or CD /D entry? I looked at the LOGS already generated (I have all available LOG entries in OPTION set) and nothing is looking close to my answer.

    Might a plugin be created for this need?

    TCC 19.10.51 x64 Windows 7 [Version 6.1.7601]
    TCC Build 51 Windows 7 Build 7601 Service Pack 1
     
  2. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,883
    Likes Received:
    29
    Rex will no doubt know more, but I doubt TCC can be aware of any "Start In" entry anywhere; I believe that just tells TCC's parent what directory to specify when it (the parent) creates the TCC process. As for "CD /D", I believe TCC's start-up command line is available (not sure how) to TCSTART.BTM. From TCSTART, you could log start-up command lines and also check the _ELEVATED variable and log TCC's being run as admin.
     
  3. Charles Dye

    Charles Dye Super Moderator
    Staff Member

    Joined:
    May 20, 2008
    Messages:
    3,287
    Likes Received:
    39
    You can try %@PIDCOMMAND[%_PID]. I don't think it can be guaranteed to always return correct info, but it's worth a shot.
     
  4. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,883
    Likes Received:
    29
    And, according to the help,
    And if you use SYSUTILS, @PSTAT will give it to you.
    Code:
    v:\> echo %@pstat[.,c]
    g:\tc19\tcc.exe /q
     
  5. Charles G

    Joined:
    Apr 2, 2011
    Messages:
    1,015
    Likes Received:
    0
    Thank you. Where can I download SYSUTILS64?
     
  6. Alpengreis

    Joined:
    Jan 12, 2014
    Messages:
    229
    Likes Received:
    6
    It's because the link itself has no ":" after "ftp" ...
     
  7. Charles Dye

    Charles Dye Super Moderator
    Staff Member

    Joined:
    May 20, 2008
    Messages:
    3,287
    Likes Received:
    39
    It's been a couple of years since we last discussed this one.

    XenForo's been upgraded more than once since then, but the issue remains....
     
  8. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,883
    Likes Received:
    29
    Yeah, I remembered it too and did a little Googling. Xenforo says it's by design and for security. Considering all it can do (Java, Flash, drag in unlimited third party crap, ...) HTTP seems more dangerous than FTP (which, after all, just transfers files).
     
  9. Charles G

    Joined:
    Apr 2, 2011
    Messages:
    1,015
    Likes Received:
    0
  10. Charles G

    Joined:
    Apr 2, 2011
    Messages:
    1,015
    Likes Received:
    0
    Will it give similar details if it was TCMD and not TCC that was started?
     
  11. Charles Dye

    Charles Dye Super Moderator
    Staff Member

    Joined:
    May 20, 2008
    Messages:
    3,287
    Likes Received:
    39
    AFAIK, either @PSTAT or @PIDCOMMAND takes a PID to specify the process. Just pass %_PID to get info on the current TCC.

    Take Command's PID is harder to figure. %_PPID might be Take Command, but then again it might not. (TCC might have been launched by Take Command, or by Explorer. Or by another instance of TCC, or by CMD.EXE, which might itself in turn have been launched by any of the above.... I suppose you could walk back the chain with @PPID, examining each process with @PSTAT or @PIDCOMMAND until you find one which isn't TCC.EXE or CMD.EXE. That process might or might not be TCMD.EXE.... (And to confuse matters further, you can attach console programs to Take Command manually; these will not have TCMD as an ancester, unless they do.)
     
  12. Charles G

    Joined:
    Apr 2, 2011
    Messages:
    1,015
    Likes Received:
    0
    I use the attached registry.reg.txt exported registry data to specify Elevated status and the directory to open TCMD in. What I am looking for is basically:

    C:\Program Files\Jpsoft\TCMD19_x64\tcmd.exe /d "C:\Users\Galloway\Desktop\HoldMe\"

    assuming I had RMCed on the HoldMe folder on the desktop....
     

    Attached Files:

  13. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,883
    Likes Received:
    29
    With "." (specifying the current process) it will always give TCC's command line. As Charles pointed out you'll have to give it TCMD's PID if you want TCMD's command line.

    Does that way of starting TCMD elevated result in a UAC prompt? There's a nice way to do it without the prompt. Make a scheduled task ... no schedule, but run-on-demand and with the highest privileges. Then start the task (named TCMDAdmin) with the likes of
    Code:
    schtasks.exe /run /tn TCMDAdmin
    . I even used EDITBIN to make a GUI version of SCHTASKS.EXE so it wouldn't pop up a momentary console.
     
    Charles G likes this.
  14. Charles G

    Joined:
    Apr 2, 2011
    Messages:
    1,015
    Likes Received:
    0
    echo %@PIDCOMMAND[%_PID]

    does not seem to be what I want. I want to see the full command that started TCMD. And I start TCMD by the following reg key data:

    "C:\Program Files\JPSoft\TCMD21\tcmd.exe" /D "%L"

    so if I right clicked on Folder1 on my desktop, it would return

    "C:\Program Files\JPSoft\TCMD21\tcmd.exe" /D "%UserProfile%\Desktop\Folder1"

    but with %UserProfile% expanded....
     
  15. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,883
    Likes Received:
    29
    I don't know about the rest of explorer, but I just started TCMD from Start\Run with this command:
    Code:
    g:\tc21\tcmd /d "%UserProfile%"
    And in its TCC tab I see
    Code:
    v:\> echo %@pidcommand[%@pid[tcmd.exe]]
    "G:\tc21\tcmd.exe" /d "C:\Users\vefatica"
    
    Note that somewhere, quotes were added to the tcmd.exe path ... but %UserProfile% was expanded.
     
  16. Charles G

    Joined:
    Apr 2, 2011
    Messages:
    1,015
    Likes Received:
    0
    %@pstat[%_ppid,c]

    gives me what I want I believe.....
     

Share This Page