This is more of a question about the general processes that windows performs when a command is run in powershell
My understanding is that when the command
is run in powershell, it references a python executable stored somewhere else. This path was added for me when I installed python so I didn't have to bother with knowing where python.exe (or whatever it is called) is located. However the python command also works with scripts so you can run
to execute a python script without opening up a shell. So then is it referencing a different executable when the script.py is included, or is the python.exe command that it is referencing able to do multiple things depending how it is executed?
The shell (not only powershell, but cmd.exe, bash etc) parses the command line, takes the first token, tryes to find an internal command or an executable that matches the token, and in case of success executes what was found passing to it the command line as an argument.
In your case the shell splits
python script.py to
['python', 'script.py'], finds
c:\python27\python.exe using PATH and PATHEXT environment variables, and creates proccess
python script.py as an argument.
If you open up python.exe in IDA Pro or another disassembler or debugger, you can trace the execution and see that it has multiple paths depending on how it is run.
It is not referencing a different executable, it is looking at how it was executed (does it have arguments passed or not? what are those arguments?) and those various factors control how python.exe is executed.