How to use the Tasklist command
Tasklist command to display running on local or remote computer, all processes, with multiple performance parameters.
Use the format
Tasklist [/ S system [/ U username [/ P [password]]]] [/ M [module] | / SVC | / V] [/ FI filter] [/ FO format] [/ NH]
Parameter meaning
/ S system designated to connect to the remote system.
/ U [domain \] user Specifies which users run this command.
/ P [password] specify a password for the specified user.
/ M [module] call the specified DLL module list all processes. If you do not specify a module name, display all the modules loaded for each process.
/ SVC displays each process in the service.
/ V display for more information.
/ FI filter shows a series of line filters specified process.
/ FO format specifies the output format, valid values: TABLE, LIST, CSV.
/ NH specify the output columns are not displayed in the title. TABLE and CSV formats only effective.
Application examples.
1. View of the machine process
In the “Command Prompt”, type Tasklist command to display all the processes of the machine (Figure 1). The machine displays the results from the five parts: image name (process name), PID, session name, session #, and memory usage.
2. View the process of the remote system
At the command prompt, enter “Tasklist / s 218.22.123.26 / u jtdd / p 12345678″ (without the quotes) to see the IP address 218.22.123.26 remote system process (Figure 2). Where / s parameters for “218.22.123.26″ plunge view of the remote system IP address, / u after the “jtdd” means the Tasklist command to use the user account, it must be a legitimate remote system account, / p, after of “12345678″ means jtdd account password.
Note: Use the Tasklist command to view the process of the remote system, you need the remote machine’s RPC services support, otherwise, the command is not working.
3. View the system processes the services provided
Tasklist command not only can see system processes, but also can view the services provided by each process. Such as the view of the machine process SVCHOST.EXE services provided at the command prompt, type “Tasklist / svc” command can be (Figure 3). You will be surprised to find that there are four SVCHOST.EXE process, and a total of 20 number of service uses this process.
For remote systems, view the system service is also very simple to use “Tasklist / s 218.22.123.26 / u jtdd / p 12345678 / svc” command, you can view the IP address 218.22.123.26 remote system processes the services provided.
4. See the process of calling DLL module file list
To view the local system in which the process module file called shell32.dll, just at the command prompt, enter “Tasklist / m shell32.dll” to display a list of these processes.
5. Use filters to find the specified process
At the command prompt, enter “TASKLIST / FI” USERNAME ne NT AUTHORITY \ SYSTEM “/ FI” STATUS eq running “, you can list the system running status of all non-SYSTEM process. One” / FI “for the filter parameters, “ne” and “eq” for the relational operators “not equal” and “equal.”
Tips
On “Tasklist” command, we have to mention it’s the twin brother of “Taskkill” command, the name suggests, it is used to turn off the process.
To turn off the machine notepad.exe process, there are two ways:
1. First use Tasklist to find its PID, assume that the system shows the process of the machine notepad.exe PID value is 1132, and then run “Taskkill / pid 1132″ command can. One “/ pid” parameter is to terminate the process behind the PID value.
2. The direct run “Taskkill / IM notepad.exe” command, where “/ IM” parameter for the process behind the image name.
