Windows view the process thread commands PsList

PsList is to view threads with the command line; Processexplorer is a graphical view thread, all in an attachment.

1. View the process

Tasklist

or pslist-t

Name Pid Pri Thd Hnd VM WS Priv
Idle 0 0 2 0 0 28 0
System 4 8 69 1222 1824 308 0
SMSS 832 11 3 20 3748 408 172
CSRSS 900 13 12 807 72428 16152 2568
Winlogon 924 13 21 516 61272 4704 8536
Services 968 9 15 280 22556 4516 1868
AVP 256 8 36 7185 190528 22332 50308
Explorer 2060 8 16 575 122880 13400 17752
MSNMSGR 1604 8 33 778 222560 19240 32792
CMD 3680 8 1 31 31084 3004 2164
PsList 5476 13 2 91 30500 2744 1236
Notepad 4276 8 1 45 33692 3956 1344
IEXPLORE 5184 8 61 2143 403392 31236 105436
Eclipse 6088 8 1 33 29884 3184 960
JAVAW 4484 8 40 1197 729124 139424 193496
JAVAW 4252 8 11 (11 threads) 310 187820 8080 13908

2. View Thread http://technet.microsoft.com/en-us/sysinternals/bb896682.aspx in a process

PSLIST-DMX 4252

Name Pid VM WS Priv Priv Pk faults Nonp Page
JAVAW 4252 202224 21848 23968 24476 7927 4 47
Tid Pri Cswtch State User time Kernel time Elapsed time
5428 8 2617 wait:userreq 0:00:01.312 0:00:00.515 0:06:41.625
5312 614 wait:userreq 0:00:00.078 0:00:00.000 0:06:41.484
1380 7 Wait:userreq 0:00:00.000 0:00:00.000 0:06:41.468
7 Wait:userreq 0:00:00.000 0:00:00.000 0:06:41.468
3876 9 1037 wait:userreq 0:00:00.046 0:00:00.187 0:06:41.187
5884 9 wait:userreq 0:00:00.000 0:00:00.015 0:06:41.187
4444 236 wait:userreq 0:00:00.000 0:00:00.015 0:06:41.171
4564 wait:userreq 0:00:00.000 0:00:00.000 0:06:40.953
4644 wait:userreq 0:00:00.234 0:00:00.015 0:06:40.953
4292 8 5 wait:userreq 0:00:00.000 0:00:00.000 0:06:40.953
5964 6422 wait:delayexec 0:00:00.000 0:00:00.000 0:06:40.937

Introduction

PsList EXP	Would show statistics for all the processes so start with "exp", which would include Explorer.
-D	Show thread detail.
-M	Show memory detail.
-X	Show processes, memory information and threads.
-T	Show process tree.
-S [n]	Run in Task-manager mode, for optional seconds specified. Press Escape to abort.
-R N	Task-manager mode refresh rate in seconds (default is 1).
\\computer	Instead of showing process information for the local system, PsList 'll show information for the NT/WIN2K system Specified. Include the-u switch with a username and password to login to the remote system if your security credentials does not permi T-obtain performance counter information from the remote system.
-U	Username If you want to kill a process on a remote system with the account is executing in does not having Administrativ e privileges on the remote system then you must login as a administrator using this command-line option. If you don't include the password with THE-P option then PsList 'll prompt you for the password without echoin G your input to the display.
-P	Password This option lets your specify the login password on the command line so it can use PsList from BATC H files. If you specify the account name and omit the-p option PsList prompts you interactively for a password.
Name	Show information about processes this begin with the name specified.
-E	Exact match the process name.
Pid	Instead of listing all the running processes on the system, this parameter narrows PsList ' s scan to tthe process That has the specified PID. Thus: PsList 53 Would dump statistics for the process with the PID 53.

How it Works

Like Windows nt/2k ' s built-in PerfMon monitoring tool, PsList uses the Windows nt/2k performance counters to OBTA In the information it displays. You can find documentation for Windows NT/2K performance counters, including the source code to Windows NT ' s built-in perf Ormance Monitor, PerfMon, in MSDN.

Memory abbreviation Key

All memory values is displayed in KB.

• Pri:priority
• Thd:number of Threads
• Hnd:number of Handles
• Vm:virtual Memory
• Ws:working Set
• Priv:private Virtual Memory
• Priv pk:private Virtual Memory Peak
• Faults:page faults
• Nonp:non-paged Pool
• Page:paged Pool
• Cswtch:context Switches

The following external commands, which are not included with the Windows system itself, are stored in the System32 directory under the CD-ROM PE system directory.

Autoramresizer. EXE automatically adjusts the virtual disk size (PE) based on physical memory.
CHOICE. EXE DOS Select command supports extensions
DEVCON. EXE Device Console command-line tool
Findpass. EXE to find the system Administrator Password command-line tool (may have virus false alarm)
FPort. EXE TCP/IP and Port detection tools
HWPnp.exe utility to re-detect Plug and Play hardware to activate Removable Storage, etc.
KEYBOARD. EXE to change the keyboard area properties of the command-line tool
KEYDOWN. EXE Detection Keyboard key command-line tool
NC. EXE Famous Network powerful command-line tool!
NETCFG. EXE Windows PE Environment Network Configuration command-line tool
Passwdrenew. EXE Windows Password Offline modification tool
Penetcfg. EXE cattle written by the PE Network Environment Configuration Tool
PSINFO. EXE local and remote system Information detection command line tool
PsKill. EXE to end a local or remote process command-line tool
PSLIST. EXE System Process View tool
PSPASSWD. EXE changing the local or remote system Password command-line tool
PSSERVICE. EXE Management System Services command-line tool
Pulist. EXE System Process List view
Tcpvcon. EXE View the status of the active process's TCP connection
TFTPD32. EXE Simple TFTP Tool
Wget. EXE powerful command-line download tool
Xcacls. EXE file and Directory Access control List command-line enhancement tool
XNVIEW. EXE Pocket Image viewing tool (compact enough, no upgrade required)

Windows view the process thread commands PsList