Hi There,

I have a third party EXE file (on which I have no control of any modification) which invokes a new CMD window in order to execute itself. In other words it a windows console application.

Now it executes with some switches for runtime options <exe_name> /opt1 "param" /op2 All I want is if by any means I can capture the New Console output forked by this exe. Right now simple redirect as <exe_name> /opt1 "param" /op2 > File.txt cannot work.

Please help me out in order to obtain the output of the new CMD window as explained above.

8 Years
Discussion Span
Last Post by Fest3er

How does this work. Does the exe open up an xterm window and just run a command in there or are we looking at a full-blown gui?




Does the exe open up an xterm window and just run a command in there or are we looking at a full-blown gui?

Actually this is a Windows Console application so no question of xterm. And to answer your question it is an exe which will create in runtime a batch file and call the same. I cannot call the batch separately because it gets created in runtime only when the exe is called and thereafter deleted. The exe takes care to create it with the user provided options and then call it, complete the run and then delete this batch file.

Conventionally I can redirect an output of the batch but since the creation is only with the help of that of the exe hence I cannot do the same.


Hey there,

I found this on the web - it's specific to perl, but you can use the /C flag to capture that output from the exe file, I believe. If it works, thank the guy who figured it out :)


Bug in Windows shell redirection and file associations
mmmann | Tue, 2008-08-12 08:14

You cannot redirect or pipe output using cmd.exe when the Perl program is started using the Windows' file association(s) and the Perl program executes programs using open3 or system. Using a test.pl program that merely does a system(qw(netstat -an)), try this:

C:> perl test.pl > out # works
C:> test.pl > out # broken, and leaves "zombie" netstat executable

The work-around is to alter the file association:

Windows-E to bring up an explorer window
Tools -> Folder Options
Go to the [File Types] tab
Type 'PL' to move list box to PL extension
Click [Advanced]
Click [Edit] to edit the Open command

The "application used to perform action" reads, by default:

"C:\Perl\bin\perl.exe" "%1" %*

Overwrite it with the following:

C:\WINDOWS\System32\command.com /C C:\Perl\bin\perl.exe "%1" %*

...i.e. add command.com /C at the beginning and remove the double quotes around the perl executable. Yes, command.com, not cmd.exe.

This appears to be fixed in Vista.

, Mike


Thanks Mike,

I'll have a try and let you know. Thanks a lot for digging it out for me :)


Hi Mike,

This thing wont work as the EXE i am using does not provide any output. It in turn creates a .bat file with necessary contents from the command line options provided to the EXE and then calls it. After that the batch file is deleted. So it is only through the EXE i can have the batch being run.

Hence you see a new CMD window opens by this EXE which runs the batch file content. Now I want to capture the contents of the batch run from that particular bat file.

In the above example provided by you, netstat.exe itself will provide an output. It does not call any other batch file hence the output is captured but it is not the case with me.

Let me know if you find out the solution to my problem


Hi Mike,

It seems it cannot be done. When an application is using a bat file to run a set of DOS commands windows will use a named pipe for the CMD.exe window. Now even if you can get the handle of the window by ensuring that the PPID of the CMD.exe is the calling application's PID, you still cannot intrude in the pipe. This is the inherent characteristic of any OS. They would not allow you to hook to the handle one the process is created. So I think it is impossible to do what I was thinking of.

Correct me if I am wrong. :)


The only thing I can think to try is to find exactly where the .bat file is created and remove 'DELETE' privilege from that directory for all users (via Properties, Security tab and Advanced button. That *might* prevent the program from deleting the .bat script.

Or rename cmd.exe to cmd-real.exe and create cmd.bat that makes a copy of the script or program to be run (if specified) before calling cmd-real.exe to execute the program or script.

This article has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.