There are two very important commands in cmd. After we get the dosshell of the other party, we want to send messages to the other party. Remote control software such as Ma or rdmin, but the opposite party has enabled the firewall that comes with win, or Skynet, or It is the real-time monitoring of Rising Star (which is the most troublesome of rising star because it is associated with services). At this time, we can The "tsd-c q-p PID" is used. The PID is obtained using a vbs script. You can also use tasklist... Tasklist... (execute tasklist in cmd to obtain detailed information about the process, as shown in) PID, that is, process id -- process id, to obtain the role of the process id. Taskkill format Taskkill has the following parameters: /S system specifies the remote system to connect. /U [domain/] user specifies the user Context /P [password] specifies the user context provided /F indicates forcible termination /FI filter specifies to filter in or out the query /PID process ID specifies the process to terminate /Im image name specifies the process to terminate /T tree kill: Terminate the specified process /? Show Help/usage
For example: I generally use taskkill/f/PID <relative PID value>/T For example, if we want to upload qq.exe under dos, first use tasklist to check the qq pid value. My current value is 3108, then enter Taskkill/f/pid 3108/t This command forcibly terminates a specific process with the remote computer process ID 3108 and This process opens any sub-process... Finally, use the vbs script to view the pid Method, save the following code as a vbs file, and pass it to the other party under dos. And then run cscript pid. vbs Wscript. echo "PID ProcessName" |
Additional information is provided below:
Q: How can I disable a process that cannot be closed by the task manager? Some time ago, I found that I had another process in my machine. As long as I started the machine, I couldn't close it with the task manager.
Answer 1: It is easy to kill the process. You can find any tool. For example, IceSword. The key is to find the starting method of the process, or restart it again next time. By the way, let's take a look. In fact, most processes can be killed using tools provided by Windows:
C:/> ntsd-c q-p PID
Only System, SMSS. EXE, and CSRSS. EXE cannot be killed. The first two are pure kernel state, and the last one is the Win32 subsystem. ntsd needs it. Ntsd is a user-mode debugging tool provided by the system starting from 2000. The attach process exits along with the debugger, so it can be used to terminate the process under the command line. You can use ntsd to automatically obtain the debug permission to kill most processes. Ntsd will open a new debugging window, which cannot be controlled in pure command lines, but if it is just a simple command, such as exit (q ), use the-c parameter to pass it from the command line. NtsdNtsd is also provided to software developers by convention. Only system developers use this command. For more information, see the Help file attached to NTSD. Usage: Open the cmd.exe window and enter:
Ntsd-c q-p PID
Change the last PID to the ID of the process to be terminated. If you do not know the process ID, choose Task Manager> process tab> View> Select column> check PID (process identifier.
Answer 2: There are two good tasklists and tskill in xp. Tasklist can list all processes and related information. Tskill can scan and kill processes. The syntax is simple: tskill program name !!
Windows XP Task Manager, you will not be unfamiliar. Press CTRL + ALT + DEL and select Task Manager to view the complete process list of the local machine, in addition, you can manually customize the process list to obtain more process information, such as session ID and user name. Unfortunately, we cannot see which system services these processes provide. In Windows XP, a new command line tool named tasklist.exe is added to implement the above functions.
The "tasklist" command is a command line tool used to display all processes running on a local or remote computer, with multiple execution parameters.
The format is as follows:
Tasklist [/S system [/u username [/P [Password]
[/M [module] |/svc |/V] [/FI filter] [/FO format] [/NH]
Parameter List:
/S system specifies the remote system to connect.
/U [domain/] User specifies which user to use to execute this command.
/P [Password] specifies the password for the specified user.
/M [module] lists all processes that call the specified DLL module.
If no module name is specified, all modules loaded by each process are displayed.
/Svc displays the services in each process.
/V: Specify to display detailed information.
/FI filter displays a series of processes that match the filter.
/FO format specifies the output format. Valid values: "table", "list", and "CSV ".
/NH the specified column header should not be displayed in the output.
Only valid for "table" and "CSV" formats.
1. Run the "tasklist" command to view local processes.
Run the "command prompt" program and enter the "tasklist" command in the prompt window (figure 1) to display all processes on the local machine. The display result of the local machine consists of the image name (process name), PID, session name, session #, and memory usage.
2. view the process of the remote system
Enter at the command prompt (Figure 2 ):
"Tasklist/s 218.22.123.26/u jtdd/p 12345678" (excluding quotation marks)
"218.22.123.26" after the/s parameter indicates the IP address of the remote system to be viewed, and "jtdd" after the/u indicates the user account used by the tasklist command, it is a valid account on the remote system, and "12345678" after/p indicates the password of the jtdd account ,.
In this way, we can view the process of the remote system through the above command.
TIPS: when you use the tasklist command to view the processes in the remote system, you must support the remote machine's RPC server. Otherwise, the command cannot be used normally.
3. view the services provided by System Processes
The tasklist command can not only view system processes, but also view the services provided by each process.
For example, to view the services provided by the local process "SVCHOST. EXE", enter:
The "tasklist/svc" command can be used (Figure 3). You will be surprised to find four "SVCHOST. EXE process, which has been used by more than 20 services. For remote systems, it is also very easy to view system services, run the "tasklist/s 218.22.123.26/u jtdd/p 12345678/svc" command to view the services provided by remote system processes whose IP address is "218.22.123.26.
4. view the process list of calling the DLL module File
For example, we want to check which processes in the local system call the "shell32.dll" DLL module File.
(Figure 4) input at the command prompt:
Tasklist/m shell32.dll
The system displays the list of calling processes.
5. Use a filter to find the specified process
Enter:
"TASKLIST/FI" USERNAME ne nt authority/SYSTEM "/FI" STATUS eq running"
This lists all processes that are running in a non-"SYSTEM" state (figure 5 ).
"/FI" is the filter parameter, "ne" and "eq" are Relational operators "not equal" and "equal".
Supplement:
Speaking of the "Tasklist" command, we have to mention it as the twin brother "taskkill" command. As the name suggests, it is used to kill the process.
To kill the local notepad.exe process.
First, use tasklistto search for the corresponding PIDs. The system displays the PID value of the local notepad.exe process as "1132", and then run "taskkill/pid 1132" or "taskkill/IM notepad.exe,
The "/pid" parameter is followed by the PID value of the process to be terminated, and the "/IM" parameter is followed by the process image name.
The "Tasklist" command has many usage issues. Let's take a look at it.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
