http://www.perlmonks.org?node_id=1060101


in reply to Windows Process Executable Path is Null

I'll mention this slightly OT thing, the "Command line" and "Current directory" fields in Process Explorer are retrieved by going through the PEB struct of the remote process with ReadProcessMemory.