Upload
webbiz
View
12
Download
3
Embed Size (px)
DESCRIPTION
CLI based usage of Taskkill
Citation preview
Taskkill ~ A Command line utility equivalent of its GUI i.e. Task
Manager
Almost all of us came across of situation when Windows Task Manager becomes disabled due to some
malware or virus or some other infectious code. At that time we cant get the details about the processes
running and have to take help of some 3rd
party tools in order to kill the application or process which is
running in background and creating problem in computer system. Instead of using any 3rd
party tool we
can also play a hand on a command line utility already present in Windows Command Prompts command
list. This utility is called as Tasklist and Taskkill.
Tasklist: Tasklist is a utility which lists out the currently running processes either on a local computer or on
a remote machine. We can easily check which processes are running in background unwillingly and
then to terminate such processes we can use Taskkill (explained after tasklist).
Syntax:
tasklist [/s [/u [\] [/p ]]] [{/m /svc /v}] [/fo {table list csv}] [/nh] [/fi [/fi [ ... ]]]
Parameter description:
/s :- To provide IP specification or name of the remote computer; if not provided local computer is
considered. Do not use backslashes in the value of the parameter.
/u \ :-To provide UserName or Domain\UserName under whose permission command should execute. If
not provided then command run under the permission of person who is logged on. Option /u can be used
only if /s is specified.
/p :-For the passwordof that user account which is provided with /u parameter. Password is prompted in
case this field is omitted.
/m :- All tasks are listed that are currently using the given pattern name. In case no match found all
modules are displayed.
/svc :- All service information is listed hosted in each process without truncation. It is only valid when /fo
(format) parameter is used.
/v :-Task information is displayed in verbose mode. Parameters /v and /svc are used together in order to
display the complete verbose output without truncation.
/fo {table list csv}:- Displays formatted output with default format table. Other valid values are list, csv.
csv is the comma separated value format.
/nh:- Valid only for table and csv formats. Used to specify that the Column Header not to be displayed
in the output.
/fi :-To display a set of tasks matching a given criteria as specified in filter.
Filters description:
Filters are provided to filter the result. This filtering is based on some Filter names which are checked with
some relational operators. You will observe that the filter names are the column names which comes in task
manager.
Filter NameValid OperatorsValid Values
STATUSeq,neRUNNINGNOT RESPONDINGUNKNOWN
IMAGENAMEeq, ne Name of image
PIDeq, ne, gt, lt, ge, leProcessID number
SESSIONeq, ne, gt, lt, ge, leSession number
CPUTIME eq, ne, gt, lt, ge, leCPU time in the format HH:MM:SS, where MM and SS are between 0 and 59
and HH is any unsigned number
MEMUSAGEeq, ne, gt, lt, ge, le Memory usage(in KB)
USERNAMEeq, ne Any valid user name (User or Domain\User)
SERVICESeq, neService name
WINDOWTITLEeq, ne Window title
MODULESeq, neDLL name
Points to be noted:
In case of remote process WINDOWTITLE and STATUS filters are not supported.
Examples:
To list all process running without any parameters to list of process with column headers image name, PID,
session name & no, and memory usage.
tasklist
To list all those processes which have PID greater than or equal to 1500 and output in CSV format.
taskkill /v /fi PID ge 2151 /fo csv
To list all the processes that are currently in running status under admin account.
Unlock Windows: Taskkill ~ A Command line utility equivalent of its G... http://unlock-windows.blogspot.in/2008/12/taskkill-command-line-utilit...
1 of 3 9/1/2014 4:26 PM
To list all those processes which have PID greater than or equal to 1500 and output in CSV format.
taskkill /v /fi PID ge 2151 /fo csv
To list all the processes that are currently in running status under admin account.
tasklist /fi USERNAME eq admin /fi STATUS eq running
To list all process on a remote system named serverpc under user name administrator having its
password as qu@dc()r3.
tasklist /s serverpc /u administrator /p qu@dc()r3
To list all service information for processes having a DLL name beginning with ntdll.
tasklist /m ntdll*
Taskkill: As the name of the utility taskkill suggests that it is simply used to see the running processes
and to kill one or more processes either by using its PID i.e. ProcessID or by using its Image name i.e.
by which it is present in system and being executed. We can also filter the results on the basis of user
name, PID, image name, CPU time, memory usage etc at the time of killing or terminating a process.
Syntax:
taskkill [/s [/u [\] [/p []]]] {[/fi ] [...] [/pid /im ]} [/f] [/t]
Parameters description:
/s :- To provide IP specification or name of the remote computer; if not provided local computer is
considered. Do not use backslashes in the value of the parameter.
/u \ :-To provide UserName or Domain\UserName under whose permission command should execute. If
not provided then command run under the permission of person who is logged on. Option /u can be used
only if /s is specified.
/p :-For the passwordof that user account which is provided with /u parameter. Password is prompted in
case this field is omitted.
/fi :-To apply filter to select a set of tasks. Wildcard character (*) can be used for specifying all tasks or
image names. Filter names are provided after parameter description.
/pid >ProcessID>:-For specifying PID of the process to be killed.
/im :-For providing image name of the process to be terminated. Also Wildcard character (*) can be used
to specify all image names.
/t:-To terminate the whole tree of the process including all child processes started by it.
/f :-For forceful termination of process. It is not omitted in case of remote process as they are terminated
forcefully in default.
Filters description:
Filters are provided to filter the result. This filtering is based on some Filter names which are checked with
some relational operators. You will observe that the filter names are the column names which comes in task
manager.
Filter NameValid OperatorsValid Values
STATUSeq,neRUNNINGNOT RESPONDINGUNKNOWN
IMAGENAMEeq, ne Name of image
PIDeq, ne, gt, lt, ge, leProcessID number
SESSIONeq, ne, gt, lt, ge, leSession number
CPUTIMEeq, ne, gt, lt, ge, leCPU time in the format HH:MM:SS, where MM and SS are between 0 and 59
and HH is any unsigned number
MEMUSAGEeq, ne, gt, lt, ge, leMemory usage(in KB)
USERNAMEeq, neAny valid user name (User or Domain\User)
SERVICESeq, neService name
WINDOWTITLEeq, neWindow title
MODULESeq, neDLL name
where eq, ne, gt, lt, ge & le are meant for equal to, not equal to, greater than, less than, greater than equal
to and less than equal to respectively.
Points to be noted:
In case of remote process WINDOWTITLE and STATUS filters are not supported.
Wildcard (*) character is accepted for /im option only when filter is applied.
Not necessary that /f is specified in case of remote process termination as in default that is terminated
forcefully.
Dont specify computer name to HOSTNAME filter as it will result in a shutdown and all processes are
stopped.
For specifying ProcessID (PID) tasklist command can be used.
Examples:
To terminate a process with PID 3276 use parameter /pid.
taskkill /pid 3276
To terminate more than one process with pid as 2001, 2224, 4083.
taskkill /pid 2001 /pid 2224 /pid 4083
To terminate a process with its image name like wmplayer.exe for Windows Media Player use /im
Unlock Windows: Taskkill ~ A Command line utility equivalent of its G... http://unlock-windows.blogspot.in/2008/12/taskkill-command-line-utilit...
2 of 3 9/1/2014 4:26 PM
2 comments:
Surfopedia Admin said...
To list all those processes which have PID greater than or equal to 1500 and output in CSV format.
taskkill /v /fi PID ge 2151 /fo csv
You probably meant 1500 there, not 2151.
To terminate more than one process with pid as 2001, 2224, 4083.
taskkill /pid 2001 /pid 2224 /pid 4083
To terminate a process with its image name like wmplayer.exe for Windows Media Player use /im
parameter.
taskkill /im wmplayer.exe
To terminate a process and all its child process i.e. to end process tree in task manager use /t parameter.
taskkill /f /im explorer.exe /t
To terminate all those processes which have PID greater than or equal to 1500 without considering their
image names use filter ge with wildcard character.
taskkill /f /fi PID ge 1500 /im *
To terminate the process tree with PID 2521 which is started by account name admin.
taskkill /pid 2521 /t /fi USERNAME eq admin
To terminate all process beginning with note on a remote system named serverpc under user name
administrator having its password as qu@dc()r3.
askkill /s serverpc /u administrator /p qu@dc()r3 /fi IMAGENAME eq note* /im *
To terminate a process with its windows title as paint
taskkill /f /fi WINDOWTITLE eq paint
Labels: Windows Vista
Unlock Windows: Taskkill ~ A Command line utility equivalent of its G... http://unlock-windows.blogspot.in/2008/12/taskkill-command-line-utilit...
3 of 3 9/1/2014 4:26 PM