In multitasking operating systems you sometimes need to find out what processes are running, or you may even need to end one of the processes.
Until Windows XP there were no native commands to manage processes from the command line.
Windows XP has its TASKLIST and TASKKILL utilities.
There are some very good alternatives available for Windows NT 4 and 2000. Some of those will be discussed briefly on this page.
KILL.EXE
is part of the Windows NT 4 Resource Kit
Microsoft (R) Windows NT (TM) Version 3.5 KILL Copyright (C) 1994-1998 Microsoft Corp. All rights reserved usage: KILL [options] <<pid> | <pattern>>* [options]: -f Force process kill <pid> This is the process id for the task to be killed. Use TLIST to get a valid pid <pattern> The pattern can be a complete task name or a regular expression pattern to use as a match. Kill matches the supplied pattern against the task names and the window titles.
PSKILL.EXE
is part of
SysInternals's PSTools suite
PsKill v1.03 - local and remote process killer Copyright (C) 2000 Mark Russinovich http://www.sysinternals.com PsKill terminates processes on a local or remote NT system. Usage: pskill.exe [\\RemoteComputer [-u Username]] <process Id or name> -u Specifies optional user name for login to remote computer.
PSLIST.EXE
is part of SysInternals's PSTools suite
PsList v1.2 - Process Information Lister Copyright (C) 1999-2002 Mark Russinovich Sysinternals - www.sysinternals.com Usage: pslist.exe [-d][-m][-x][-t][-s [n] [-r n] [\\computer [-u username][-p password][name|pid] -d Show thread detail. -m Show memory detail. -x Show processes, memory information and threads. -t Show process tree. -s [n] Run in task-manager mode, for optional seconds specified. Press Escape to abort. -r n Task-manager mode refresh rate in seconds (default is 1). \\computer Specifies remote computer. -u Optional user name for remote login. -p Optional password for remote login. If you don't present on the command line pslist will prompt you for it if necessary. name Show information about specified process. pid Show information about specified process. All memory values are displayed in KB. Abbreviation key: Pri Priority Thd Number of Threads Hnd Number of Handles Mem Working Set VM Virtual Memory WS Working Set WS Pk Working Set Peak Priv Private Memory Faults Page Faults NonP Non-Paged Pool Page Paged Pool PageFile Pagefile usage Cswtch Context Switches
PULIST.EXE
is part of the Windows NT 4 Resource Kit
PULIST for Windows NT v1.00 Aug 30 1996 21:47:08 (c) Copyright 1996 Scott Field (sfield@microsoft.com) and Microsoft Corp. This utility displays all the processes running on a system. If no server name is specified, this utility will attempt to display the username associated with each process running on the local system. Usage: pulist.exe [\\Server] [\\Server...]
TASKKILL.EXE
is a native Windows XP command
TASKKILL [/S system [/U username [/P [password]]]] { [/FI filter] [/PID processid | /IM imagename] } [/F] [/T] Description: This command line tool can be used to end one or more processes. Processes can be killed by the process id or image name. Parameter List: /S system Specifies the remote system to connect to. /U [domain\]user Specifies the user context under which the command should execute. /P [password] Specifies the password for the given user context. Prompts for input if omitted. /F Specifies to forcefully terminate process(es). /FI filter Displays a set of tasks that match a given criteria specified by the filter. /PID process id Specifies the PID of the process that has to be terminated. /IM image name Specifies the image name of the process that has to be terminated. Wildcard '*' can be used to specify all image names. /T Tree kill: terminates the specified process and any child processes which were started by it. /? Displays this help/usage. Filters: Filter Name Valid Operators Valid Value(s) ----------- --------------- -------------- STATUS eq, ne RUNNING | NOT RESPONDING IMAGENAME eq, ne Image name PID eq, ne, gt, lt, ge, le PID value SESSION eq, ne, gt, lt, ge, le Session number. CPUTIME eq, ne, gt, lt, ge, le CPU time in the format of hh:mm:ss. hh - hours, mm - minutes, ss - seconds MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB USERNAME eq, ne User name in [domain\]user format MODULES eq, ne DLL name SERVICES eq, ne Service name WINDOWTITLE eq, ne Window title NOTE: Wildcard '*' for the /IM switch is accepted only with filters. NOTE: Termination of remote processes will always be done forcefully irrespective of whether /F option is specified or not. Examples: TASKKILL /S system /F /IM notepad.exe /T TASKKILL /PID 1230 /PID 1241 /PID 1253 /T TASKKILL /F /IM notepad.exe /IM mspaint.exe TASKKILL /F /FI "PID ge 1000" /FI "WINDOWTITLE ne untitle*" TASKKILL /F /FI "USERNAME eq NT AUTHORITY\SYSTEM" /IM notepad.exe TASKKILL /S system /U domain\username /FI "USERNAME ne NT*" /IM * TASKKILL /S system /U username /P password /FI "IMAGENAME eq note*"
TASKLIST.EXE
is a native Windows XP command
TASKLIST [/S system [/U username [/P [password]]]] [/M [module] | /SVC | /V] [/FI filter] [/FO format] [/NH] Description: This command line tool displays a list of application(s) and associated task(s)/process(es) currently running on either a local or remote system. Parameter List: /S system Specifies the remote system to connect to. /U [domain\]user Specifies the user context under which the command should execute. /P [password] Specifies the password for the given user context. Prompts for input if omitted. /M [module] Lists all tasks that have DLL modules loaded in them that match the given pattern name. If the module name is not specified, displays all modules loaded by each task. /SVC Displays services in each process. /V Specifies that the verbose information is to be displayed. /FI filter Displays a set of tasks that match a given criteria specified by the filter. /FO format Specifies the output format. Valid values: "TABLE", "LIST", "CSV". /NH Specifies that the "Column Header" should not be displayed in the output. Valid only for "TABLE" and "CSV" formats. /? Displays this help/usage. Filters: Filter Name Valid Operators Valid Value(s) ----------- --------------- -------------- STATUS eq, ne RUNNING | NOT RESPONDING IMAGENAME eq, ne Image name PID eq, ne, gt, lt, ge, le PID value SESSION eq, ne, gt, lt, ge, le Session number SESSIONNAME eq, ne Session name CPUTIME eq, ne, gt, lt, ge, le CPU time in the format of hh:mm:ss. hh - hours, mm - minutes, ss - seconds MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB USERNAME eq, ne User name in [domain\]user format SERVICES eq, ne Service name WINDOWTITLE eq, ne Window title MODULES eq, ne DLL name Examples: TASKLIST TASKLIST /M TASKLIST /V TASKLIST /SVC TASKLIST /M wbem* TASKLIST /S system /FO LIST TASKLIST /S system /U domain\username /FO CSV /NH TASKLIST /S system /U username /P password /FO TABLE /NH TASKLIST /FI "USERNAME ne NT AUTHORITY\SYSTEM" /FI "STATUS eq running"
TLIST.EXE
is part of the Windows NT 4 Resource Kit
Microsoft (R) Windows NT (TM) Version 3.51 TLIST Copyright (C) 1994 Microsoft Corp. All rights reserved usage: TLIST <<-t> | <pid> | <pattern>> [options]: -t Print Task Tree <pid> List module information for this task. <pattern> The pattern can be a complete task name or a regular expression pattern to use as a match. Tlist matches the supplied pattern against the task names and the window titles.
MYOWNPID.BAT uses TLIST from the NT 4 Resource Kit to display the batch file's own PID (Process ID).
This may prove useful to prevent "killing" itself when "killing" another batch file.
Do not call this batch file from within another batch file, but insert this code in the "killer" batch file itself instead.
Tested in Windows 2000.
@ECHO OFF :: Trick read on John Savill's Windows NT/2000 site :: http://www.ntfaq.com/Articles/Index.cfm?ArticleID=15339 FOR /F "tokens=1 delims= " %%A IN ('TLIST ^| FIND /I "%0"') DO SET PID=%%A ECHO My own Process ID (PID) is %PID%
This batch file handles multiple simultaneous CMD sessions by filtering its own batch file name from TLIST's output:
736 winmgmt.exe 748 mspmspsv.exe 192 explorer.exe Program Manager 1308 EM_EXEC.EXE 996 internat.exe 1213 cmd.exe C:\WINNT\system32\cmd.exe 1456 cmd.exe C:\WINNT\system32\cmd.exe - E:\Batch\MyOwnPID.bat 728 TLIST.EXE
By using FIND /I "%0"
(%0 happened to be E:\Batch\MyOwnPID.bat) the right process is found.
In order to make this filtering work, do not set the CMD session's title till after you determined the batch file's PID (TLIST actually displays the CMD session's title, which happens to be its command line unless a title is set).
This batch file will fail if it runs in multiple sessions simultaneously.
Use Daniel Scheibli's GetPIDs if that is to be expected.
Replacing TLIST by PSLIST makes it a little harder to determine the batch file's own PID, since PSLIST doesn't show the CMD sessions' command line.
However, the command:
PSLIST -d CMD
will display something similar to this:
PsList v1.2 - Process Information Lister Copyright (C) 1999-2002 Mark Russinovich Sysinternals - www.sysinternals.com Thread detail for MYCOMPUTER: cmd 1528: Tid Pri Cswtch State User Time Kernel Time Elapsed Time 1132 8 503 Wait:LpcReply 0:00:00.010 0:00:00.010 0:01:22.448 cmd 728: Tid Pri Cswtch State User Time Kernel Time Elapsed Time 908 8 520 Wait:LpcReply 0:00:00.010 0:00:00.010 0:01:19.083 cmd 1268: Tid Pri Cswtch State User Time Kernel Time Elapsed Time 988 9 579 Wait:UserReq 0:00:00.010 0:00:00.040 0:01:16.009
In this example the CMD session with process ID 1268 is the CMD session
running the batch file.
The column named "State" will either display "Wait:LpcReply", "Wait:UserReq",
"Wait:Executive" or "Ready".
After many tests it seems that only one CMD session will not be in
the "Wait:LcpReply" state, the one running the batch file.
The following code will determine which CMD session has the highest priority
and display that session's PID:
@ECHO OFF SETLOCAL SET PID= FOR /F "skip=1 tokens=1,2,4 delims= " %%A IN ('PSLIST -d CMD ^| FIND ":"') DO CALL :HiPrio %%A %%B %%C SET PID ENDLOCAL GOTO:EOF :HiPrio IF DEFINED PID GOTO:EOF IF /I "%1"=="CMD" SET TmpPID=%2 IF /I "%1"=="CMD" SET TmpPID=%TmpPID::=% IF /I "%3"=="Ready" SET PID=%TmpPID% IF DEFINED PID GOTO:EOF IF /I "%3"=="Wait:Executive" SET PID=%TmpPID% IF DEFINED PID GOTO:EOF IF /I "%3"=="Wait:UserReq" SET PID=%TmpPID% GOTO:EOF
This code should be inserted in the batch file that needs to determine its own process ID.
Warning: | This code has been tested on one computer only! It is to be considered "experimental". Use it entirely at your own risk. |
Windows XP's TASKLIST /V
command will result in a list like this:
Image Name PID Session Name Session# Mem Usage Status User Name CPU Time Window Title ========================= ====== ================ ======== ============ =============== ================================================== ============ ======================================================================== System Idle Process 0 Console 0 20 K Running NT AUTHORITY\SYSTEM 0:13:02 N/A System 4 Console 0 216 K Running NT AUTHORITY\SYSTEM 0:00:07 N/A smss.exe 432 Console 0 348 K Running NT AUTHORITY\SYSTEM 0:00:00 N/A csrss.exe 488 Console 0 3.928 K Running NT AUTHORITY\SYSTEM 0:00:07 N/A winlogon.exe 512 Console 0 3.212 K Running NT AUTHORITY\SYSTEM 0:00:01 NetDDE Agent services.exe 556 Console 0 2.740 K Running NT AUTHORITY\SYSTEM 0:00:02 N/A lsass.exe 568 Console 0 1.524 K Running NT AUTHORITY\SYSTEM 0:00:00 N/A svchost.exe 732 Console 0 3.440 K Running NT AUTHORITY\SYSTEM 0:00:00 N/A svchost.exe 804 Console 0 12.728 K Running NT AUTHORITY\SYSTEM 0:00:03 N/A svchost.exe 888 Console 0 2.740 K Running NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A svchost.exe 936 Console 0 3.660 K Running NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A spoolsv.exe 1124 Console 0 4.000 K Running NT AUTHORITY\SYSTEM 0:00:00 N/A explorer.exe 1348 Console 0 21.648 K Running MYCOMPUTER\MyID 0:00:17 N/A point32.exe 1604 Console 0 2.604 K Running MYCOMPUTER\MyID 0:00:00 N/A qttask.exe 1676 Console 0 896 K Running MYCOMPUTER\MyID 0:00:00 N/A ctfmon.exe 1780 Console 0 2.016 K Running MYCOMPUTER\MyID 0:00:00 N/A cmd.exe 1354 Console 0 1.296 K Running MYCOMPUTER\MyID 0:00:00 C:\WINDOWS\System32\cmd.exe - dir i:\ /s/b/on msmsgs.exe 1788 Console 0 3.232 K Running MYCOMPUTER\MyID 0:00:00 N/A nvsvc32.exe 1952 Console 0 1.824 K Running NT AUTHORITY\SYSTEM 0:00:00 NVSVCPMMWindowClass svchost.exe 204 Console 0 2.472 K Running NT AUTHORITY\SYSTEM 0:00:00 N/A devldr32.exe 344 Console 0 2.544 K Running MYCOMPUTER\MyID 0:00:00 DEVLDR cmd.exe 1252 Console 0 1.296 K Running MYCOMPUTER\MyID 0:00:00 C:\WINDOWS\System32\cmd.exe - tasklist /v wmiprvse.exe 1928 Console 0 3.956 K Running NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A tasklist.exe 332 Console 0 2.740 K Running MYCOMPUTER\MyID 0:00:00 OleMainThreadWndName
Each line starting with cmd.exe displays — amongst others — the console's command line.
This can be used to determine the batch file's own PID in a simple one liner:
@ECHO OFF :: Determine the PID in Windows XP FOR /F "tokens=2 delims= " %%A IN ('TASKLIST /V ^| FIND /I "%~0"') DO SET MyPID=%%A
The same limitations mentioned for TLIST are valid for this batch file as well:
Have you ever wondered why there are multiple instances of SvcHost running on your computer, and what services each of these SvcHost processes "hosts"?
Well, probably not, but I'll continue anyway.
The following command (for Windows XP and later) will show you more details for each SvcHost process:
TASKLIST /FI "imagename eq svchost.exe" /SVC
The result will most likely look like this:
Image Name PID Services ========================= ====== ============================================= svchost.exe 1500 DcomLaunch, TermService svchost.exe 1604 RpcSs svchost.exe 1720 AudioSrv, BITS, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, helpsvc, HidServ, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, SharedAccess, srservice, TapiSrv, Themes, TrkWks, W32Time, winmgmt, wscsvc, wuauserv, WZCSVC svchost.exe 1816 Dnscache svchost.exe 1964 LmHosts, RemoteRegistry, WebClient svchost.exe 2248 stisvc
Credits: mygreenpaste.blogspot.com
page last modified: 2018-12-24; loaded in 0.0032 seconds