command to close a process under the cmd command line

Source: Internet
Author: User
Tags stack trace terminates

"Important" command to close a process under the cmd command line
━━━━━━━━━━━━━━━━━━━━━━━━━━

Method One:

Enter in run: ntsd-c Q-PN program name (the role in MS-DOS is the same)

Method Two:

The NTSD uses the following parameters to kill the process.
C:\>ntsd-c q-p pid As long as you can provide the PID of the process, then you can kill the process.

Law II:

Tskill command

This command corresponds to the tasklist command! The tasklist command is to show which processes are running!

The Tskill command is to close a running process.

But I tried, it seems no use Oh! ^O^

How many different kinds of command-line death laws are there?
Three kinds of!tskill command, taskkill command, NTSD command.
The Tskill command is the simplest to use, C:\>tskill

TSKILL ProcessID | ProcessName [/server:servername] [/id:sessionid |/a] [/V]

The process ID of the ProcessID to end.
ProcessName the name of the process to end.
/server:servername the server that contains the ProcessID (the default value is the current value).
When using the process name and/server, you must specify/ID or/A
/id:sessionid ends a process that runs under a specified session.
/A ends a process that runs under all sessions.
/V Displays information about the operation that is being performed.

The main benefit of the Taskkill command is that with many filters, you can end the process in bulk
C:\>taskkill/?

TASKKILL [/S system [/u username [/p [password]]]
{[/FI filter] [/pid ProcessID |/im imagename]} [/F] [/T]
Describe:
This command-line tool can be used to end at least one process. You can end a process based on the process ID or image name.
Parameter list:
/S system Specifies the remote system to connect to.
/u [domain\]user Specifies the user context in which the command should be executed.
/p [Password] specifies the password for the provided user context. If omitted, prompt for input.
/f Specifies to forcibly terminate the process.
The/FI filter specifies the task to filter in or out of the query.
The/PID process ID specifies the PID of the processes to be terminated.
/IM image name Specifies the picture name of the process to terminate. The wildcard ' * ' can be used to specify all image names.
/T Tree Kill: Terminates the specified process and any child processes that are started from this.
/? Displays help/usage.
Filter:
Filter name valid operator valid value
----------- --------------- --------------
STATUS eq, ne run | No response
IMAGENAME eq, NE image name
PID eq, NE, GT, lt, GE, le PID value
Session eq, NE, GT, lt, GE, le session number
CPUTime eq, NE, GT, lt, GE, le CPU time, formatted as HH:MM:SS. HH-When, MM-clock, SS-Sec
Memusage eq, NE, GT, lt, GE, le memory used, in kilobytes
USERNAME eq, NE user name, in the format [domain\]user
MODULES eq, NE DLL name
Services EQ, NE service name
WindowTitle eq, NE window title
Note: The wildcard ' * ' can be used with the/im switch only with a filter.
Note: The remote process is always forced to terminate, regardless of whether the/F option is specified.
For example:
taskkill/s system/f/im notepad.exe/t
Taskkill/pid 1230/pid 1241/pid 1253/t
taskkill/f/im notepad.exe/im MSPaint.exe
taskkill/f/fi "PID ge/fi" windowtitle ne untitle* "
taskkill/f/fi "USERNAME eq NT authority\system"/im notepad.exe
taskkill/s system/u domain\username/fi "username ne nt*"/im *
taskkill/s system/u username/p password/fi "IMAGENAME eq note*"

There are some high-level processes, Tskill and taskkill may not end, then we have a more powerful tool, that is, the system debug level of NTSD. To be precise, NTSD is a system debugging tool that is only available to administrators at the system development level. But it's cool for us to kill the process. Basically, except for the Windows system's own management process, NTSD can be killed.

Of course, some rootkit-level super Trojan, or helpless, fortunately, this cattle-level Trojan is still very few.
The NTSD debugger requires the user to specify a process to connect at startup. With TLIST or pviewer, you can get the process ID of an existing process and then type the ntsd-p PID to debug the process. The NTSD command line uses the following syntax:
NTSD [Options] ImageFile
Where ImageFile is the name of the image to debug, options is one of the following:
Option Description-2 Open a new window for debugging character mode application-D to redirect output to debug terminal-G to make the execution automatically pass the first breakpoint-G so that NTSD exits immediately when the subroutine terminates O enable debugging of multiple processes, the default value is a process derived by the debugger-p specifies debug by the process ID Identifies the process-V produces verbose output
For example, suppose Inetinfo.exe has a process ID of 104. Type the following command to connect the NTSD debugger to the Inetinfo process (IIS).
Ntsd-p 104
You can also use NTSD to start a new process for debugging. For example, NTSD notepad.exe will start a new Notepad.exe process and establish a connection with it.
Once you are connected to a process, you can use various commands to view the stack, set breakpoints, dump memory, and so on.
Command meaning ~ show a list of all threads KB displays the stack trace of the current thread ~*kb displays the stack trace of all threads R displays the current frame's register output U disassembly code and displays the procedure name and offset d[type][< Range>] Dump memory bp[#]

set breakpoint bc[] clear one or more breakpoints bd[] disable one or more breakpoints be[< Bp>] enable one or more breakpoints bl[] list one or more breakpoints
personal opinion, there is a very important parameter is the-v parameter, We can find out which connection library files are hooked up under a process. There are many viruses, trojans, or malicious software, like to make themselves into a dynamic library, and then register to the system normal program load library list, to hide their purpose.
First we need to set a NTSD output redirect, preferably redirected to a text file, so that we can analyze the study.
C:\>set _nt_debug_log_file_append=c:\pdw.txt
Note that although the output is redirected, our output will continue to appear on the screen and will go into DEBUG mode, we use the-C q parameter, You can avoid this problem.

Http://www.cmdmingling.com/post/247.html
C:\>ntsd-c q-v notepad.exe
Now we can see the debug information for the Notepad.exe file in our Pdw.txt file.
The NTSD uses the following parameters to kill the process.
C:\>ntsd-c q-p pid As long as you can provide the PID of the process, then you can kill the process.


command to close a process under the cmd command line

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.