How to manage Processes in DOS

Learning how to parse a process in DOS can be very useful when you are unable to enter the desktop environment. The way to look at it is simple:

Step 1: Open the Command Prompt window with the "CMD" command in the "Run" column in the Win7 flagship.

Step 2: Enter the "Tasklist" command and press ENTER, and you will see all of the processes in this machine as shown in the feedback that appears in the picture.

As you can see from the above illustration, the results of this machine's process display are composed of five parts: image name (process name), PID, session name, session #, memory usage. At this point, if you want to close a process (such as to terminate the "QQ.exe" process on this machine), you should first use the tasklist command to find its PID. You can see from the image above that the system shows the PID value of "948" for the "QQ.exe" process. At this point, you can run the taskkill/pid948 command to terminate the QQ.exe process.

For some system processes, you can use a method that adds the "/F" parameter to force the shutdown, as shown in the figure.

In addition to the processes that we can see, there are some hidden processes and remote processes that need to be managed using different methods-hiding the process as a common trick for hackers or virus programs, and looking at the hidden process in many ways, we recommend that you log in "http://bbs.duze.net/ downxx.asp?irl=39 "Download the Hide Process Management tool" to complete the management of the hidden process.

Step 1: Download the software to finish and after the decompression, run the

Ecq-ps.exe file, you can see a list of all the processes in the system in the open window.

Step 2: After each process, you can see how many threads there are, what the main associated program name and path are, and whether it is a suspicious program, as shown in the figure.

Step 3: For a process that prompts for "suspicious". After viewing the specific file path, when it is considered a malicious program, you can select the process and right-click and select "Force End Process" from the pop-up menu.

In the hacker guard, the security Gao hand often through "the process" to understand whether the system exists each kind of security hidden danger. After a dangerous process has been discovered, the shutdown process can temporarily terminate the corresponding program operation. However, this is undoubtedly a solution that cannot be eradicated. So, what is the process that is triggered by which program is running? Can you solve a problem more thoroughly if you can find out what programs or files The process initiates?

Obviously, this is a problem that has puzzled a lot of people, to see "Svchost" This process is initiated by which program as an example, can be solved by the following methods:

First, enter and execute the "Netstatabnov" command in the command Prompt window.

Next, you can see a list of programs or files that each process initiates, as shown in the anti-W message that you press ENTER.

At this point, please note the feedback information for each process the right maid has a corresponding PID number. When we are in the Processes tab of Windows Task Manager, when you click the check-select column-PID (process identifier) item, you can easily find the corresponding PID number in the Processes list, where the process is much more convenient to check with the initiator.

In Win7, in addition to a number of system processes will be associated with the service (the application of the service, see the relevant examples of this book), some Trojan process will also be associated with its own services. For this kind of Trojan, must start from the process, the service and the corresponding program three aspects simultaneously, can remove it from the system.

Take a look at what services are associated with a process SVCHOST.EXE, just use the following methods:

First, use the command "Cmri" in the Run column to open the Command Prompt window.

Then, at the command line, you lose the "tasklist/svc" command, and you can see the list shown in the figure after you enter.

You can see that there are five SVCHOST.EXE processes in total and nearly 20 services are using this process. At this point, you can root out this "list" of the malicious process and its corresponding services.