In Windows XP, press Ctrl + Alt + Del to go to Windows Task Manager. On the process tab, you can view the complete process list of the local machine, in addition, you can manually customize the process list to obtain more process information, such as the session ID and user name. Unfortunately, we cannot see which system services these processes provide. In fact, the new command line tool named tasklist.exe in Windows XP can implement the above functions.
The Tasklist command is used to display all processes running on a local or remote computer with multiple execution parameters. Format:
Tasklist [/S system [/U username [/P [password] [/M [module] |/SVC |/V] [/FI filter [/FO format] [/NH]
Parameter description:
/S ystem specifies the remote system to connect.
/U [omain] user specifies which user to use to execute this command.
/P [password] specifies the password for the specified user.
/M [module] lists all processes that call the specified DLL module. If no module name is specified, all modules loaded by each process are displayed.
/SVC displays the services in each process.
/V displays details.
/FI filter displays a series of processes that match the filter.
/FO format specifies the output format. Valid values: TABLE, LIST, and CSV.
/NH specifies that the output does not display the topic title. Valid only for TABLE and CSV formats.
Next, let's take a look at the application instance of the Tasklist command.
1. View local processes
Enter the Tasklist command in the "command prompt" to display all processes on the local machine (figure 1 ). The display result of the local machine is composed of five parts: image name (process name), PID, session name, session # And memory usage.
Figure 1
2. view the process of the remote system
Enter "Tasklist/s 218.22.123.26/u jtdd/p 12345678" (excluding quotation marks) at the command prompt to view the process of the remote system with the IP address 218.22.123.26 (figure 2 ). "218.22.123.26" after the/s parameter indicates the IP address of the remote system to be viewed, and "jtdd" after the/u indicates the user account used by the Tasklist command, it must be a valid account on the remote system, and "12345678" after/p indicates the password of the jtdd account.
Figure 2
Note: When you use the Tasklist command to view the processes in the remote system, you must support the remote machine's RPC service. Otherwise, the command cannot be used normally.
3. view the services provided by System Processes
The Tasklist command can not only view system processes, but also view the services provided by each process. For example, to view the services provided by the local process SVCHOST. EXE, enter the "Tasklist/svc" command at the command prompt (Figure 3 ). You will be surprised to find that there are four SVCHOST. EXE processes, and a total of more than 20 services use this process.
Figure 3
For remote systems, it is also very easy to view system services. Use the "Tasklist/s 218.22.123.26/u jtdd/p 12345678/svc" command, you can view the services provided by remote system processes whose IP address is 218.22.123.26.
4. view the process list of calling the DLL module File
To view which processes in the Local System Call the shell32.dll module File, you only need to enter "Tasklist/m shell32.dll" at the command prompt to display the list of these processes.
5. Use a filter to find the specified process
Enter "TASKLIST/FI" USERNAME ne nt authoritysystem "/FI" STATUS eq running "at the command prompt to list all processes running in non-SYSTEM state in the SYSTEM. "/FI" is the filter parameter, and "ne" and "eq" are the Relational operators "not equal" and "equal ".