Using the Command prompt to see and kill processes

by Sanju 2009-06-30 19:28:34

Using the Command prompt to see and kill processes


1. Tasklist : This command is similar to "ps" command on Linux and is used to see the details of the programs and processes that are running in Windows. Tasklist can be applied to see how much memory and CPU time running processes are using, what DLL files they rely on, and other information. Thus it can be a very useful troubleshooting tool.



  • Processes info: When you enter
    tasklist
    on the command prompt, you can see the following informations by default. Image Name, PID, Session Name, Session#, Mem Usage

  • Processes detailed info: Additional info like, Status, User Name, CPU Time, Window Title can be displayed using
    tasklist /v

  • Services and Processes info: Use
    tasklist /svc
    to get a table relating Image Name, PID, and Services, very useful to know the relationship between a process and the services that are running on a system.

  • dlls and Processes info: Tasks and Use
    tasklist /m to
    find which DLLs are used by each process.

  • Filtering processes: Processes can be filtered using ImageName, PID, MemUsage, Status, Username and WindowTitle. For Example,

    • Use the following command to to find processes that are not responding.

      • tasklist /fi "status eq not responding"



    • Use the folliwing to list the processes eating up more than 10MB.

      • tasklist /fi "memusage gt 10000"





  • More Info: To get more info on advanced syntax of the command use
    tasklist /?



2. Tskill : This command is used to end a process, using its name of its PID.



  • Kill with name: Use
    tskill processname
    to kill a process with name processname. For example:

    • tskill winword
      (closes all the Microsoft documents that you have open)



  • Kill with PID : Similarly use
    tskill
    processid
    to kill a process with PID processid. Tasklist can be used to find the PID of a process.


3. Taskkill : Similar to Tskill, this command is also used to end a process but it provides us more options in doing so. Apart from specifying the PID or the image name of the process to kill, we can also use ceratin filters to kill the matching processes as explained below.



  • Kill with name: Use
    taskill /IM imagename
    to kill a process with the given Image name. For example:

    • taskkill /im notepad.exe /f
      (forces notepad to be killed.)



  • Kill with PID : Use
    taskill /PID processid
    to kill a process with the given processid.

  • Filtering Taskkill: Processes to be killed can be filtered using ImageName, PID, MemUsage, CPUTime, Session, Status, Username, WindowTitle, Services or Modules (dll). For Example,

    • Use the following command to forcefully shut down all the processes that are not responding.

      • taskkill /f /fi "status eq not responding"





    • Use the folliwing to close down all programs using more than 10 MB..

      • taskkill /f /fi "memusage gt 10000"







Go on, show the power of your commands to the processes. Happy killing them. Wink


Tagged in:

1552
like
0
dislike
0
mail
flag

You must LOGIN to add comments