Command:
Tasklist
Function: A command is used to display all processes running on a local computer or a remote computer. It can monitor user operations.
Command Format:
Tasklist [/S system [/u username [/P [Password] [/M [module] |/svc |/V] [/FI filter] [/FO format] [/NH]
Parameter description
/S system specifies the remote system to connect.
/U [domain \] User specifies which user to use to execute this command.
/P [Password] specifies the password for the specified user.
/M [module] lists all processes that call the specified DLL module. If no module name is specified, all modules loaded by each process are displayed.
/Svc displays the services in each process.
/V displays details.
Instance analysis:
If you only want to view the process information of the local host, run the command directly. The following instance is used to remotely view the time history of a host in the Intranet from the client.
Suppose we have a server:
Intranet address: 192.168.0.1,
Administrator Account: Administrator
Administrator Password: Password
In the CMD window, enter:
Tasklist/s 192.168.0.1/u administrator/P Password
This command allows us to conveniently view the running status of the remote host, provided that the RPC service is started properly.
Command:Tskill
Function: used to disable the process
Command Format:
Tskill processid | processname [/Server: servername] [/ID: sessionid |/A] [/V]
Parameter description
The process ID of the process whose processid is to end.
The name of the process whose processname is to end.
/Server: the server whose servername contains processid (the default value is the current value ).
When using the process name and/server, you must specify
/ID or/
/ID: sessionid ends the process running in the specified session.
/A ends the processes running in all sessions.
/V displays the information of the operation being executed.
This tskill is easy to use. Simply enter the tskill image name or PID.
If you encounter a process that cannot be terminated by tskill, you can also try the ntsd command,
Format: ntsd-C q-PN {process name}
Parameter description:
-C indicates executing the DEBUG command;
Q indicates that the execution is terminated;
-P indicates that the PID corresponding to the process to be completed is followed;
-PN indicates that the name of the process to be completed is followed;