In multitasking operating systems you sometimes need to find out what processes are running, or you may even need to end one of the processes.
Until Windows XP there were no native commands to manage processes from the command line.
Windows XP has its TASKLIST and TASKKILL utilities.
There are some very good alternatives available for Windows NT 4 and 2000. Some of those will be discussed briefly on this page.
KILL.EXE is part of the Windows NT 4 Resource Kit
Microsoft (R) Windows NT (TM) Version 3.5 KILL
Copyright (C) 1994-1998 Microsoft Corp. All rights reserved
usage: KILL [options] <<pid> | <pattern>>*
[options]:
-f Force process kill
<pid>
This is the process id for the task
to be killed. Use TLIST to get a
valid pid
<pattern>
The pattern can be a complete task
name or a regular expression pattern
to use as a match. Kill matches the
supplied pattern against the task names
and the window titles.
PSKILL.EXE is part of
SysInternals's PSTools suite
PsKill v1.03 - local and remote process killer
Copyright (C) 2000 Mark Russinovich
http://www.sysinternals.com
PsKill terminates processes on a local or remote NT system.
Usage: pskill.exe [\\RemoteComputer [-u Username]] <process Id or name>
-u Specifies optional user name for login to
remote computer.
PSLIST.EXE is part of SysInternals's PSTools suite
PsList v1.2 - Process Information Lister
Copyright (C) 1999-2002 Mark Russinovich
Sysinternals - www.sysinternals.com
Usage: pslist.exe [-d][-m][-x][-t][-s [n] [-r n] [\\computer [-u username][-p password][name|pid]
-d Show thread detail.
-m Show memory detail.
-x Show processes, memory information and threads.
-t Show process tree.
-s [n] Run in task-manager mode, for optional seconds specified.
Press Escape to abort.
-r n Task-manager mode refresh rate in seconds (default is 1).
\\computer Specifies remote computer.
-u Optional user name for remote login.
-p Optional password for remote login. If you don't present
on the command line pslist will prompt you for it if necessary.
name Show information about specified process.
pid Show information about specified process.
All memory values are displayed in KB.
Abbreviation key:
Pri Priority
Thd Number of Threads
Hnd Number of Handles
Mem Working Set
VM Virtual Memory
WS Working Set
WS Pk Working Set Peak
Priv Private Memory
Faults Page Faults
NonP Non-Paged Pool
Page Paged Pool
PageFile Pagefile usage
Cswtch Context Switches
PULIST.EXE is part of the Windows NT 4 Resource Kit
PULIST for Windows NT v1.00 Aug 30 1996 21:47:08 (c) Copyright 1996 Scott Field (sfield@microsoft.com) and Microsoft Corp. This utility displays all the processes running on a system. If no server name is specified, this utility will attempt to display the username associated with each process running on the local system. Usage: pulist.exe [\\Server] [\\Server...]
TASKKILL.EXE is a native Windows XP command
TASKKILL [/S system [/U username [/P [password]]]]
{ [/FI filter] [/PID processid | /IM imagename] } [/F] [/T]
Description:
This command line tool can be used to end one or more processes.
Processes can be killed by the process id or image name.
Parameter List:
/S system Specifies the remote system to connect to.
/U [domain\]user Specifies the user context under which
the command should execute.
/P [password] Specifies the password for the given
user context. Prompts for input if omitted.
/F Specifies to forcefully terminate
process(es).
/FI filter Displays a set of tasks that match a
given criteria specified by the filter.
/PID process id Specifies the PID of the process that
has to be terminated.
/IM image name Specifies the image name of the process
that has to be terminated. Wildcard '*'
can be used to specify all image names.
/T Tree kill: terminates the specified process
and any child processes which were started by it.
/? Displays this help/usage.
Filters:
Filter Name Valid Operators Valid Value(s)
----------- --------------- --------------
STATUS eq, ne RUNNING | NOT RESPONDING
IMAGENAME eq, ne Image name
PID eq, ne, gt, lt, ge, le PID value
SESSION eq, ne, gt, lt, ge, le Session number.
CPUTIME eq, ne, gt, lt, ge, le CPU time in the format
of hh:mm:ss.
hh - hours,
mm - minutes, ss - seconds
MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB
USERNAME eq, ne User name in [domain\]user
format
MODULES eq, ne DLL name
SERVICES eq, ne Service name
WINDOWTITLE eq, ne Window title
NOTE: Wildcard '*' for the /IM switch is accepted only with filters.
NOTE: Termination of remote processes will always be done forcefully
irrespective of whether /F option is specified or not.
Examples:
TASKKILL /S system /F /IM notepad.exe /T
TASKKILL /PID 1230 /PID 1241 /PID 1253 /T
TASKKILL /F /IM notepad.exe /IM mspaint.exe
TASKKILL /F /FI "PID ge 1000" /FI "WINDOWTITLE ne untitle*"
TASKKILL /F /FI "USERNAME eq NT AUTHORITY\SYSTEM" /IM notepad.exe
TASKKILL /S system /U domain\username /FI "USERNAME ne NT*" /IM *
TASKKILL /S system /U username /P password /FI "IMAGENAME eq note*"
TASKLIST.EXE is a native Windows XP command
TASKLIST [/S system [/U username [/P [password]]]]
[/M [module] | /SVC | /V] [/FI filter] [/FO format] [/NH]
Description:
This command line tool displays a list of application(s) and
associated task(s)/process(es) currently running on either a local or
remote system.
Parameter List:
/S system Specifies the remote system to connect to.
/U [domain\]user Specifies the user context under which
the command should execute.
/P [password] Specifies the password for the given
user context. Prompts for input if omitted.
/M [module] Lists all tasks that have DLL modules loaded
in them that match the given pattern name.
If the module name is not specified,
displays all modules loaded by each task.
/SVC Displays services in each process.
/V Specifies that the verbose information
is to be displayed.
/FI filter Displays a set of tasks that match a
given criteria specified by the filter.
/FO format Specifies the output format.
Valid values: "TABLE", "LIST", "CSV".
/NH Specifies that the "Column Header" should
not be displayed in the output.
Valid only for "TABLE" and "CSV" formats.
/? Displays this help/usage.
Filters:
Filter Name Valid Operators Valid Value(s)
----------- --------------- --------------
STATUS eq, ne RUNNING | NOT RESPONDING
IMAGENAME eq, ne Image name
PID eq, ne, gt, lt, ge, le PID value
SESSION eq, ne, gt, lt, ge, le Session number
SESSIONNAME eq, ne Session name
CPUTIME eq, ne, gt, lt, ge, le CPU time in the format
of hh:mm:ss.
hh - hours,
mm - minutes, ss - seconds
MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB
USERNAME eq, ne User name in [domain\]user
format
SERVICES eq, ne Service name
WINDOWTITLE eq, ne Window title
MODULES eq, ne DLL name
Examples:
TASKLIST
TASKLIST /M
TASKLIST /V
TASKLIST /SVC
TASKLIST /M wbem*
TASKLIST /S system /FO LIST
TASKLIST /S system /U domain\username /FO CSV /NH
TASKLIST /S system /U username /P password /FO TABLE /NH
TASKLIST /FI "USERNAME ne NT AUTHORITY\SYSTEM" /FI "STATUS eq running"
TLIST.EXE is part of the Windows NT 4 Resource Kit
Microsoft (R) Windows NT (TM) Version 3.51 TLIST
Copyright (C) 1994 Microsoft Corp. All rights reserved
usage: TLIST <<-t> | <pid> | <pattern>>
[options]:
-t Print Task Tree
<pid>
List module information for this task.
<pattern>
The pattern can be a complete task
name or a regular expression pattern
to use as a match. Tlist matches the
supplied pattern against the task names
and the window titles.
MYOWNPID.BAT uses TLIST from the NT 4 Resource Kit to display the batch file's own PID (Process ID).
This may prove useful to prevent "killing" itself when "killing" another batch file.
Do not call this batch file from within another batch file, but insert this code in the "killer" batch file itself instead.
Tested in Windows 2000.
@ECHO OFF
:: Trick read on John Savill's Windows NT/2000 site
:: http://www.ntfaq.com/Articles/Index.cfm?ArticleID=15339
FOR /F "tokens=1 delims= " %%A IN ('TLIST ^| FIND /I "%0"') DO SET PID=%%A
ECHO My own Process ID (PID) is %PID%
This batch file handles multiple simultaneous CMD sessions by filtering its own batch file name from TLIST's output:
736 winmgmt.exe 748 mspmspsv.exe 192 explorer.exe Program Manager 1308 EM_EXEC.EXE 996 internat.exe 1213 cmd.exe C:\WINNT\system32\cmd.exe 1456 cmd.exe C:\WINNT\system32\cmd.exe - E:\Batch\MyOwnPID.bat 728 TLIST.EXE
By using FIND /I "%0" (%0 happened to be E:\Batch\MyOwnPID.bat) the right process is found.
In order to make this filtering work, do not set the CMD session's title till after you determined the batch file's PID (TLIST actually displays the CMD session's title, which happens to be its command line unless a title is set).
This batch file will fail if it runs in multiple sessions simultaneously.
Use Daniel Scheibli's GetPIDs if that is to be expected.
Replacing TLIST by PSLIST makes it a little harder to determine the batch file's own PID, since PSLIST doesn't show the CMD sessions' command line.
However, the command:
PSLIST -d CMD
will display something similar to this:
PsList v1.2 - Process Information Lister Copyright (C) 1999-2002 Mark Russinovich Sysinternals - www.sysinternals.com Thread detail for MYCOMPUTER: cmd 1528: Tid Pri Cswtch State User Time Kernel Time Elapsed Time 1132 8 503 Wait:LpcReply 0:00:00.010 0:00:00.010 0:01:22.448 cmd 728: Tid Pri Cswtch State User Time Kernel Time Elapsed Time 908 8 520 Wait:LpcReply 0:00:00.010 0:00:00.010 0:01:19.083 cmd 1268: Tid Pri Cswtch State User Time Kernel Time Elapsed Time 988 9 579 Wait:UserReq 0:00:00.010 0:00:00.040 0:01:16.009
In this example the CMD session with process ID 1268 is the CMD session
running the batch file.
The column named "State" will either display "Wait:LpcReply", "Wait:UserReq",
"Wait:Executive" or "Ready".
After many tests it seems that only one CMD session will not be in
the "Wait:LcpReply" state, the one running the batch file.
The following code will determine which CMD session has the highest priority
and display that session's PID:
@ECHO OFF
SETLOCAL
SET PID=
FOR /F "skip=1 tokens=1,2,4 delims= " %%A IN ('PSLIST -d CMD ^| FIND ":"') DO CALL :HiPrio %%A %%B %%C
SET PID
ENDLOCAL
GOTO:EOF
:HiPrio
IF DEFINED PID GOTO:EOF
IF /I "%1"=="CMD" SET TmpPID=%2
IF /I "%1"=="CMD" SET TmpPID=%TmpPID::=%
IF /I "%3"=="Ready" SET PID=%TmpPID%
IF DEFINED PID GOTO:EOF
IF /I "%3"=="Wait:Executive" SET PID=%TmpPID%
IF DEFINED PID GOTO:EOF
IF /I "%3"=="Wait:UserReq" SET PID=%TmpPID%
GOTO:EOF
This code should be inserted in the batch file that needs to determine its own process ID.
| Warning: | This code has been tested on one computer only! It is to be considered "experimental". Use it entirely at your own risk. |
Windows XP's TASKLIST /V command will result in a list like this:
Image Name PID Session Name Session# Mem Usage Status User Name CPU Time Window Title ========================= ====== ================ ======== ============ =============== ================================================== ============ ======================================================================== System Idle Process 0 Console 0 20 K Running NT AUTHORITY\SYSTEM 0:13:02 N/A System 4 Console 0 216 K Running NT AUTHORITY\SYSTEM 0:00:07 N/A smss.exe 432 Console 0 348 K Running NT AUTHORITY\SYSTEM 0:00:00 N/A csrss.exe 488 Console 0 3.928 K Running NT AUTHORITY\SYSTEM 0:00:07 N/A winlogon.exe 512 Console 0 3.212 K Running NT AUTHORITY\SYSTEM 0:00:01 NetDDE Agent services.exe 556 Console 0 2.740 K Running NT AUTHORITY\SYSTEM 0:00:02 N/A lsass.exe 568 Console 0 1.524 K Running NT AUTHORITY\SYSTEM 0:00:00 N/A svchost.exe 732 Console 0 3.440 K Running NT AUTHORITY\SYSTEM 0:00:00 N/A svchost.exe 804 Console 0 12.728 K Running NT AUTHORITY\SYSTEM 0:00:03 N/A svchost.exe 888 Console 0 2.740 K Running NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A svchost.exe 936 Console 0 3.660 K Running NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A spoolsv.exe 1124 Console 0 4.000 K Running NT AUTHORITY\SYSTEM 0:00:00 N/A explorer.exe 1348 Console 0 21.648 K Running MYCOMPUTER\MyID 0:00:17 N/A point32.exe 1604 Console 0 2.604 K Running MYCOMPUTER\MyID 0:00:00 N/A qttask.exe 1676 Console 0 896 K Running MYCOMPUTER\MyID 0:00:00 N/A ctfmon.exe 1780 Console 0 2.016 K Running MYCOMPUTER\MyID 0:00:00 N/A cmd.exe 1354 Console 0 1.296 K Running MYCOMPUTER\MyID 0:00:00 C:\WINDOWS\System32\cmd.exe - dir i:\ /s/b/on msmsgs.exe 1788 Console 0 3.232 K Running MYCOMPUTER\MyID 0:00:00 N/A nvsvc32.exe 1952 Console 0 1.824 K Running NT AUTHORITY\SYSTEM 0:00:00 NVSVCPMMWindowClass svchost.exe 204 Console 0 2.472 K Running NT AUTHORITY\SYSTEM 0:00:00 N/A devldr32.exe 344 Console 0 2.544 K Running MYCOMPUTER\MyID 0:00:00 DEVLDR cmd.exe 1252 Console 0 1.296 K Running MYCOMPUTER\MyID 0:00:00 C:\WINDOWS\System32\cmd.exe - tasklist /v wmiprvse.exe 1928 Console 0 3.956 K Running NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A tasklist.exe 332 Console 0 2.740 K Running MYCOMPUTER\MyID 0:00:00 OleMainThreadWndName
Each line starting with cmd.exe displays — amongst others — the console's command line.
This can be used to determine the batch file's own PID in a simple one liner:
@ECHO OFF
:: Determine the PID in Windows XP
FOR /F "tokens=2 delims= " %%A IN ('TASKLIST /V ^| FIND /I "%~0"') DO SET MyPID=%%A
The same limitations mentioned for TLIST are valid for this batch file as well:
Have you ever wondered why there are multiple instances of SvcHost running on your computer, and what services each of these SvcHost processes "hosts"?
Well, probably not, but I'll continue anyway.
The following command (for Windows XP and later) will show you more details for each SvcHost process:
TASKLIST /FI "imagename eq svchost.exe" /SVC
The result will most likely look like this:
Image Name PID Services
========================= ====== =============================================
svchost.exe 1500 DcomLaunch, TermService
svchost.exe 1604 RpcSs
svchost.exe 1720 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
dmserver, ERSvc, EventSystem, helpsvc,
HidServ, lanmanserver, lanmanworkstation,
Netman, Nla, RasMan, Schedule, seclogon,
SENS, SharedAccess, srservice, TapiSrv,
Themes, TrkWks, W32Time, winmgmt, wscsvc,
wuauserv, WZCSVC
svchost.exe 1816 Dnscache
svchost.exe 1964 LmHosts, RemoteRegistry, WebClient
svchost.exe 2248 stisvc
Credits: mygreenpaste.blogspot.com
page last modified: 2018-12-24; loaded in 0.0072 seconds