Archive for August 22, 2009

Kill Processes from Command Prompt

Posted: August 22, 2009 in System Tricks, Tweaking, Vista, Windows XP
Tags:
0


I’m sure you are familiar with the traditional way to kill or end a process in Windowsusing Task Manager.  This method is effective but not nearly as fun as killing a process in Command Prompt.  Additionally, killing processes in Command Prompt provides much more control and the ability to end multiple processes at once.

All of this is possible with the TaskKill command. First, let’s cover the basics.  You can kill a process by the process ID (PID) or by image name (EXE filename).

Open up an Administrative level Command Prompt and run tasklist to see all of the running processes:

C:\>tasklist

Image Name                     PID Session Name        Mem Usage
========================= ======== ================ ============
firefox.exe                  26356 Console             139,352 K
regedit.exe                  24244 Console               9,768 K
cmd.exe                      18664 Console               2,380 K
conhost.exe                   2528 Console               7,852 K
notepad.exe                  17364 Console               7,892 K
notepad.exe                  24696 Console              22,028 K
notepad.exe                  25304 Console               5,852 K
explorer.exe                  2864 Console              72,232 K

In the example above you can see the image name and the PID for each process. If you want to kill the firefox process run:

C:\>Taskkill /IM firefox.exe /F

or

C:\>Taskkill /PID 26356 /F

The /f flag is kills the process forcefully.  Failure to use the /F flag will result in nothing happening in some cases.  One example is whenever I want to kill the explorer.exe process I have to use the /F flag or else the process just does not terminate.

If you have multiple instances of an image open such as multiple firefox.exe processes, running the taskkill /IM firefox.exe command will kill all instances. When you specify the PID only the specific instane of firefox will be terminated.

The real power of taskkill are the filtering options that allow you to use the following variables and operators.

Variables:

  • STATUS
  • IMAGENAME
  • PID
  • SESSION
  • CPUTIME
  • MEMUSAGE
  • USERNAME
  • MODULES
  • SERVICES
  • WINDOWTITLE

Operators:

  • eq (equals)
  • ne (not equal)
  • gt (greater than)
  • lt (less than)
  • ge (greater than or equal)
  • le (less than or equal)

“*” is the wildcard.

You can use the variables and operators with the /FI filtering flag.  For example, let’s say you want to end all processes that have a window title that starts with “Internet”:

C:\>taskkill /FI “WINDOWTITLE eq Internet*” /F

How about killing all processes running under the Steve account:

C:\>taskkill /FI “USERNAME eq Ignited” /F

It is also possible to kill a process running on a remote computer with taskkill.  Just run the following to kill notepad.exe on a remote computer called IgnitedDesktop:

C:\>taskkill /S IgnitedDesktop /U RemoteAccountName /P RemoteAccountPassword /IM notepad.exe /F

To learn more about taskkill run it with the /? command just like any other Windows command.

everything about svchost.exe

Posted: August 22, 2009 in System Information, Vista, Windows 7, Windows XP
Tags:
0


One of the most common questions about system processes is what is svchost.exe and why are there so many processes running? First appearing in Windows XP, svchost.exe hosts multiple services within one process.  This allows the operating system to save memory by reducing process overhead by cutting down on the number of processes that need to be running.

Every system service such as Windows Update, Event Log, Terminal Services, Audio Service, etc. runs within svchost.exe.  Depending on the access the services need, they are grouped together and are run in a number of processes which explains why you see so many in Task Manager running under different accounts such as System, Local Service and Network Service.

Identifying what services are running is different depending on the version of Windows you have.

Windows XP

In Windows XP at a command prompt run:

tasklist /svc

The tasklist utility will show you what processes are running under each svchost.exe process.

Windows Vista and Windows 7

Task manager in Windows Vista and Windows 7 has been enhanced so you can easily see what services are running inside a host process such as svchost.exe.

Click on the Start Button, type in taskmgr and hit Enter. When task manager loads, click on the Processes tab and click Show processes from all users to see all of the svchost.exe processes. Then, right click on a svchost.exe process and select Go to Service(s). You will be taken to the Services tab with all services running in that process highlighted.

All Versions of Windows

Microsoft Sysinternals has a great free utility called Process Explorer that is like a task manager on steroids.  It works on all versions of Windows and allows you to easily see services running inside of svchost.exe.  Download Process Explorer here.  Once you have it running right click on any process and select Properties. Then click on the Services tab and you will see all processes running inside the host process.

Newer Entries