Taskkill ~ A Command line utility equivalent of its GUI i.e. Task Manager
Almost all of us came across of situation when Windows Task Manager becomes disabled due to some malware or virus or some other infectious code. At that time we can’t get the details about the processes running and have to take help of some 3rd party tools in order to kill the application or process which is running in background and creating problem in computer system. Instead of using any 3rd party tool we can also play a hand on a command line utility already present in Windows Command Prompt’s command list. This utility is called as Tasklist and Taskkill.
Tasklist: Tasklist is a utility which lists out the currently running processes either on a local computer or on a remote machine. We can easily check which processes are running in background unwillingly and then to terminate such processes we can use Taskkill (explained after tasklist).
Syntax:
tasklist [/s 
Parameter description:
/s 
/u 
/p 
/m 
/svc :- All service information is listed hosted in each process without truncation. It is only valid when /fo (format) parameter is used.
/v :- Task information is displayed in verbose mode. Parameters /v and /svc are used together in order to display the complete verbose output without truncation.
/fo {table list csv} :- Displays formatted output with default format table. Other valid values are list, csv. csv is the comma separated value format.
/nh :- Valid only for table and csv formats. Used to specify that the “Column Header” not to be displayed in the output.
/fi 
Filters description:
Filters are provided to filter the result. This filtering is based on some Filter names which are checked with some relational operators. You will observe that the filter names are the column names which comes in task manager.
Filter Name Valid Operators Valid Values
STATUS eq,ne RUNNINGNOT RESPONDINGUNKNOWN
IMAGENAME eq, ne Name of image
PID eq, ne, gt, lt, ge, le ProcessID number
SESSION eq, ne, gt, lt, ge, le Session number
CPUTIME eq, ne, gt, lt, ge, le CPU time in the format HH:MM:SS, where MM and SS are between 0 and 59 and HH is any unsigned number
MEMUSAGE eq, ne, gt, lt, ge, le Memory usage(in KB)
USERNAME eq, ne Any valid user name (User or Domain\User)
SERVICES eq, ne Service name
WINDOWTITLE eq, ne Window title
MODULES eq, ne DLL name
Points to be noted:
In case of remote process WINDOWTITLE and STATUS filters are not supported.
Examples:
To list all process running without any parameters to list of process with column headers image name, PID, session name & no, and memory usage.
To list all those processes which have PID greater than or equal to 1500 and output in CSV format.
·taskkill /v /fi “PID ge 2151” /fo csv
To list all the processes that are currently in running status under admin account.
·tasklist /fi “USERNAME eq admin” /fi “STATUS eq running”
To list all process on a remote system named serverpc under user name “administrator” having its password as “qu@dc()r3”.
·tasklist /s serverpc /u administrator /p qu@dc()r3
To list all service information for processes having a DLL name beginning with “ntdll”.
·tasklist /m ntdll*
Taskkill: As the name of the utility “taskkill” suggests that it is simply used to see the running processes and to kill one or more processes either by using its PID i.e. ProcessID or by using its Image name i.e. by which it is present in system and being executed. We can also filter the results on the basis of user name, PID, image name, CPU time, memory usage etc at the time of killing or terminating a process.
Syntax: 
taskkill [/s 
Parameters description:
/s 
/u 
/p 
/fi 
/pid >ProcessID> :- For specifying PID of the process to be killed.
/im 
/t :- To terminate the whole tree of the process including all child processes started by it.
/f :- For forceful termination of process. It is not omitted in case of remote process as they are terminated forcefully in default.
Filters are provided to filter the result. This filtering is based on some Filter names which are checked with some relational operators. You will observe that the filter names are the column names which comes in task manager.
Filter Name Valid Operators Valid Values
STATUS eq,ne RUNNINGNOT RESPONDINGUNKNOWN
IMAGENAME eq, ne Name of image
PID eq, ne, gt, lt, ge, le ProcessID number
SESSION eq, ne, gt, lt, ge, le Session number
CPUTIME eq, ne, gt, lt, ge, le CPU time in the format HH:MM:SS, where MM and SS are between 0 and 59 and HH is any unsigned number
MEMUSAGE eq, ne, gt, lt, ge, le Memory usage(in KB)
USERNAME eq, ne Any valid user name (User or Domain\User)
SERVICES eq, ne Service name
WINDOWTITLE eq, ne Window title
MODULES eq, ne DLL name
where eq, ne, gt, lt, ge & le are meant for equal to, not equal to, greater than, less than, greater than equal to and less than equal to respectively.
Points to be noted:
In case of remote process WINDOWTITLE and STATUS filters are not supported.
Wildcard (*) character is accepted for /im option only when filter is applied.
Not necessary that /f is specified in case of remote process termination as in default that is terminated forcefully.
Don’t specify computer name to HOSTNAME filter as it will result in a shutdown and all processes are stopped.
For specifying ProcessID (PID) tasklist command can be used.
Examples:
To terminate a process with PID 3276 use parameter /pid.
·taskkill /pid 3276
To terminate more than one process with pid as 2001, 2224, 4083.
·taskkill /pid 2001 /pid 2224 /pid 4083
To terminate a process with its image name like wmplayer.exe for Windows Media Player use /im parameter.
·taskkill /im wmplayer.exe
To terminate a process and all its child process i.e. to end process tree in task manager use /t parameter. ·taskkill /f /im explorer.exe /t
To terminate all those processes which have PID greater than or equal to 1500 without considering their image names use filter ge with wildcard character.
·taskkill /f /fi “PID ge 1500” /im *
To terminate the process tree with PID 2521 which is started by account name admin.
·taskkill /pid 2521 /t /fi “USERNAME eq admin”
To terminate all process beginning with note on a remote system named serverpc under user name “administrator” having its password as “qu@dc()r3”.
·taskkill /s serverpc /u administrator /p qu@dc()r3 /fi “IMAGENAME eq note*” /im *
To terminate a process with its windows title as “paint”
·taskkill /f /fi “WINDOWTITLE eq paint”
Unlock Windows
Search
Subscribe
Translator
Popular Posts
Blog Archive
- March 2011 (3)
- February 2011 (2)
- January 2011 (4)
- December 2010 (13)
- November 2010 (7)
- October 2010 (7)
- September 2010 (1)
- August 2010 (2)
- July 2010 (3)
- June 2010 (8)
- May 2010 (18)
- April 2010 (12)
- March 2010 (15)
- February 2010 (9)
- January 2010 (15)
- December 2009 (21)
- November 2009 (28)
- October 2009 (35)
- September 2009 (14)
- August 2009 (23)
- July 2009 (19)
- June 2009 (20)
- May 2009 (12)
- April 2009 (18)
- March 2009 (8)
- February 2009 (7)
- January 2009 (14)
- December 2008 (16)
Labels
- Anti Virus
- Apple
- Beta Products
- Bing
- Bugs
- Creativity
- Download Center
- Ebooks
- Events
- Expression
- Games
- Internet Explorer
- Keyboard Shortcuts
- Microsoft Hardware
- Microsoft Office
- Microsoft Research
- News
- Offers
- Review
- Security
- Silverlight
- Software
- SQL Server
- Themes
- Tips 'n' Tricks
- Unsorted
- Visual Studio
- Wallpapers
- Windows 7
- Windows 8
- Windows Live
- Windows Mobile
- Windows Phone
- Windows Server
- Windows Vista
- Windows XP
- Zune
Friends
About Me
 
- Arvind Kumar
- I'm Arvind Kumar from India, B.Tech, now working in a MNC. I love to use Microsoft Products and learn from that. Bill Gates is my ideal person.


 








 
2 comments:
To list all those processes which have PID greater than or equal to 1500 and output in CSV format.
·taskkill /v /fi “PID ge 2151” /fo csv
You probably meant 1500 there, not 2151.
My cousin recommended this blog and she was totally right keep up the fantastic work!
Post a Comment