-
Taskkill ~ A Command line utility equivalent of its GUI i.e.
Task
Manager
Almost all of us came across of situation when Windows Task
Manager becomes disabled due to some
malware or virus or some other infectious code. At that time we
cant get the details about the processes
running and have to take help of some 3rd
party tools in order to kill the application or process which
is
running in background and creating problem in computer system.
Instead of using any 3rd
party tool we
can also play a hand on a command line utility already present
in Windows Command Prompts command
list. This utility is called as Tasklist and Taskkill.
Tasklist: Tasklist is a utility which lists out the currently
running processes either on a local computer or on
a remote machine. We can easily check which processes are
running in background unwillingly and
then to terminate such processes we can use Taskkill (explained
after tasklist).
Syntax:
tasklist [/s [/u [\] [/p ]]] [{/m /svc /v}] [/fo {table list
csv}] [/nh] [/fi [/fi [ ... ]]]
Parameter description:
/s :- To provide IP specification or name of the remote
computer; if not provided local computer is
considered. Do not use backslashes in the value of the
parameter.
/u \ :-To provide UserName or Domain\UserName under whose
permission command should execute. If
not provided then command run under the permission of person who
is logged on. Option /u can be used
only if /s is specified.
/p :-For the passwordof that user account which is provided with
/u parameter. Password is prompted in
case this field is omitted.
/m :- All tasks are listed that are currently using the given
pattern name. In case no match found all
modules are displayed.
/svc :- All service information is listed hosted in each process
without truncation. It is only valid when /fo
(format) parameter is used.
/v :-Task information is displayed in verbose mode. Parameters
/v and /svc are used together in order to
display the complete verbose output without truncation.
/fo {table list csv}:- Displays formatted output with default
format table. Other valid values are list, csv.
csv is the comma separated value format.
/nh:- Valid only for table and csv formats. Used to specify that
the Column Header not to be displayed
in the output.
/fi :-To display a set of tasks matching a given criteria as
specified in filter.
Filters description:
Filters are provided to filter the result. This filtering is
based on some Filter names which are checked with
some relational operators. You will observe that the filter
names are the column names which comes in task
manager.
Filter NameValid OperatorsValid Values
STATUSeq,neRUNNINGNOT RESPONDINGUNKNOWN
IMAGENAMEeq, ne Name of image
PIDeq, ne, gt, lt, ge, leProcessID number
SESSIONeq, ne, gt, lt, ge, leSession number
CPUTIME eq, ne, gt, lt, ge, leCPU time in the format HH:MM:SS,
where MM and SS are between 0 and 59
and HH is any unsigned number
MEMUSAGEeq, ne, gt, lt, ge, le Memory usage(in KB)
USERNAMEeq, ne Any valid user name (User or Domain\User)
SERVICESeq, neService name
WINDOWTITLEeq, ne Window title
MODULESeq, neDLL name
Points to be noted:
In case of remote process WINDOWTITLE and STATUS filters are not
supported.
Examples:
To list all process running without any parameters to list of
process with column headers image name, PID,
session name & no, and memory usage.
tasklist
To list all those processes which have PID greater than or equal
to 1500 and output in CSV format.
taskkill /v /fi PID ge 2151 /fo csv
To list all the processes that are currently in running status
under admin account.
Unlock Windows: Taskkill ~ A Command line utility equivalent of
its G...
http://unlock-windows.blogspot.in/2008/12/taskkill-command-line-utilit...
1 of 3 9/1/2014 4:26 PM
-
To list all those processes which have PID greater than or equal
to 1500 and output in CSV format.
taskkill /v /fi PID ge 2151 /fo csv
To list all the processes that are currently in running status
under admin account.
tasklist /fi USERNAME eq admin /fi STATUS eq running
To list all process on a remote system named serverpc under user
name administrator having its
password as qu@dc()r3.
tasklist /s serverpc /u administrator /p qu@dc()r3
To list all service information for processes having a DLL name
beginning with ntdll.
tasklist /m ntdll*
Taskkill: As the name of the utility taskkill suggests that it
is simply used to see the running processes
and to kill one or more processes either by using its PID i.e.
ProcessID or by using its Image name i.e.
by which it is present in system and being executed. We can also
filter the results on the basis of user
name, PID, image name, CPU time, memory usage etc at the time of
killing or terminating a process.
Syntax:
taskkill [/s [/u [\] [/p []]]] {[/fi ] [...] [/pid /im ]} [/f]
[/t]
Parameters description:
/s :- To provide IP specification or name of the remote
computer; if not provided local computer is
considered. Do not use backslashes in the value of the
parameter.
/u \ :-To provide UserName or Domain\UserName under whose
permission command should execute. If
not provided then command run under the permission of person who
is logged on. Option /u can be used
only if /s is specified.
/p :-For the passwordof that user account which is provided with
/u parameter. Password is prompted in
case this field is omitted.
/fi :-To apply filter to select a set of tasks. Wildcard
character (*) can be used for specifying all tasks or
image names. Filter names are provided after parameter
description.
/pid >ProcessID>:-For specifying PID of the process to be
killed.
/im :-For providing image name of the process to be terminated.
Also Wildcard character (*) can be used
to specify all image names.
/t:-To terminate the whole tree of the process including all
child processes started by it.
/f :-For forceful termination of process. It is not omitted in
case of remote process as they are terminated
forcefully in default.
Filters description:
Filters are provided to filter the result. This filtering is
based on some Filter names which are checked with
some relational operators. You will observe that the filter
names are the column names which comes in task
manager.
Filter NameValid OperatorsValid Values
STATUSeq,neRUNNINGNOT RESPONDINGUNKNOWN
IMAGENAMEeq, ne Name of image
PIDeq, ne, gt, lt, ge, leProcessID number
SESSIONeq, ne, gt, lt, ge, leSession number
CPUTIMEeq, ne, gt, lt, ge, leCPU time in the format HH:MM:SS,
where MM and SS are between 0 and 59
and HH is any unsigned number
MEMUSAGEeq, ne, gt, lt, ge, leMemory usage(in KB)
USERNAMEeq, neAny valid user name (User or Domain\User)
SERVICESeq, neService name
WINDOWTITLEeq, neWindow title
MODULESeq, neDLL name
where eq, ne, gt, lt, ge & le are meant for equal to, not
equal to, greater than, less than, greater than equal
to and less than equal to respectively.
Points to be noted:
In case of remote process WINDOWTITLE and STATUS filters are not
supported.
Wildcard (*) character is accepted for /im option only when
filter is applied.
Not necessary that /f is specified in case of remote process
termination as in default that is terminated
forcefully.
Dont specify computer name to HOSTNAME filter as it will result
in a shutdown and all processes are
stopped.
For specifying ProcessID (PID) tasklist command can be used.
Examples:
To terminate a process with PID 3276 use parameter /pid.
taskkill /pid 3276
To terminate more than one process with pid as 2001, 2224,
4083.
taskkill /pid 2001 /pid 2224 /pid 4083
To terminate a process with its image name like wmplayer.exe for
Windows Media Player use /im
Unlock Windows: Taskkill ~ A Command line utility equivalent of
its G...
http://unlock-windows.blogspot.in/2008/12/taskkill-command-line-utilit...
2 of 3 9/1/2014 4:26 PM
-
2 comments:
Surfopedia Admin said...
To list all those processes which have PID greater than or equal
to 1500 and output in CSV format.
taskkill /v /fi PID ge 2151 /fo csv
You probably meant 1500 there, not 2151.
To terminate more than one process with pid as 2001, 2224,
4083.
taskkill /pid 2001 /pid 2224 /pid 4083
To terminate a process with its image name like wmplayer.exe for
Windows Media Player use /im
parameter.
taskkill /im wmplayer.exe
To terminate a process and all its child process i.e. to end
process tree in task manager use /t parameter.
taskkill /f /im explorer.exe /t
To terminate all those processes which have PID greater than or
equal to 1500 without considering their
image names use filter ge with wildcard character.
taskkill /f /fi PID ge 1500 /im *
To terminate the process tree with PID 2521 which is started by
account name admin.
taskkill /pid 2521 /t /fi USERNAME eq admin
To terminate all process beginning with note on a remote system
named serverpc under user name
administrator having its password as qu@dc()r3.
askkill /s serverpc /u administrator /p qu@dc()r3 /fi IMAGENAME
eq note* /im *
To terminate a process with its windows title as paint
taskkill /f /fi WINDOWTITLE eq paint
Labels: Windows Vista
Unlock Windows: Taskkill ~ A Command line utility equivalent of
its G...
http://unlock-windows.blogspot.in/2008/12/taskkill-command-line-utilit...
3 of 3 9/1/2014 4:26 PM
