1.ntsd.exe
How can I turn off a process that can't be closed with Task Manager? Most people think of special tools, such as IceSword. In fact, using Windows with its own tools can kill most processes:
C:\>ntsd-cq-p PID
Only system, SMSS. EXE and CSRSS.EXE can't kill. The first two are pure kernel state, the last one is the WIN32 subsystem, NTSD itself needs it. NTSD starting from 2000 is the system's own user-state debugging tool. A process that is attached to the debugger (attach) exits with the debugger, so it can be used to terminate the process at the command line. Using NTSD automatically gets debug permissions, which kills most of the process. NTSD will open a new debugging window, which could not be controlled at the pure command line, but if it is simply a command, such as exit (Q), it can be passed from the command line with the-c parameter. NTSD is also provided to software developers in accordance with established practice. This command is only used by system developers. For more information, see the Help file that is attached to the NTSD. Usage: Open a cmd.exe window and enter:
Ntsd-cq-p PID
Change the last PID to the ID of the process you want to terminate. If you do not know the ID of the process, Task Manager-> process tab-> view-> Select column-> tick "PID (process Identifier)" and then you can see it.
2.taskkill.exe
TASKKILL [/S system [/u username [/p [password]]]]
{[/FI filter] [/pid ProcessID |/im imagename]} [/T] [/F]
Describe:
Use the tool to terminate a task by Process ID (PID) or image name.
Parameter list:
/S system Specifies the remote system to which you want to connect.
/u [domain\]user specifies in which user context the command should be executed.
/p [Password] specifies the password for the provided user context. If omitted, prompts
Input.
/FI Filter applies filters to select a set of tasks.
Allow the use of "*". For example, the image name EQ acme*
/pid ProcessID Specifies the PID of the process to terminate.
Use TaskList to get PID.
/im imagename Specifies the image name of the process to terminate. The wildcard character ' * ' can be used to
Specifies all task or image names.
/T terminates the specified process and the child processes that are enabled by it.
/f Specifies that the process be forced to terminate.
/? Displays a help message.
Filter:
Filter name valid operator valid value
----------- --------------- -------------------------
STATUS eq, ne RUNNING |
Not Responding | UNKNOWN
imagename eq, NE image name
PID eq, NE, GT, lt, GE, le PID values
Session eq, NE, GT, lt, GE, le conversation number.
CPUTime eq, NE, GT, lt, GE, le CPU time, format for
Hh:mm:ss.
HH--When,
MM-min, ss-Sec
Memusage eq, NE, GT, lt, ge, le memory usage, per KB
USERNAME eq, NE user name, in format [Domain\]user
MODULES eq, NE DLL name
Services EQ, NE service name
WindowTitle eq, NE window title
Description
----
1 only if the filter is applied, the/IM switch can use the wildcard ' * '.
2 The remote process is always forced to terminate (/f).
3 the "WindowTitle" and "STATUS" filters are not supported when the remote machine is specified.
For example:
Taskkill/im notepad.exe
Taskkill/pid 1230/pid 1241/pid 1253/t
taskkill/f/im cmd.exe/t
taskkill/f/fi "PID ge 1000"/fi "windowtitle ne untitle*"
taskkill/f/fi "USERNAME eq NT authority\system"/im notepad.exe
taskkill/s system/u domain\username/fi "username ne nt*"/im *
taskkill/s system/u username/p password/fi "imagename eq note*"
For example:
Copy Code code as follows:
taskkill/f/im ServUDaemon.exe
