Taskkill ~ A Command line utility equivalent of its GUI i.e.

Task
Manager
Almost all of us came across of situation when indows Task Manager !ecomes disa!led due to some
malware or virus or some other infectious code. At that time we can"t get the details a!out the #rocesses
running and have to take hel# of some $
rd
#arty tools in order to kill the a##lication or #rocess which is
running in !ackground and creating #ro!lem in com#uter system. Instead of using any $
rd
#arty tool we
can also #lay a hand on a command line utility already #resent in indows Command %rom#t"s command
list. This utility is called as Tasklist and Taskkill.
Tasklist& Tasklist is a utility which lists out the currently running #rocesses either on a local com#uter or on
a remote machine. e can easily check which #rocesses are running in !ackground unwillingly and
then to terminate such #rocesses we can use Taskkill 'e(#lained after tasklist).
*ynta(&
tasklist +,s +,u +-. +,# ... +/,m ,svc ,v0. +,fo /ta!le list csv0. +,nh. +,fi +,fi + ... ...
Parameter description:
/s &1 To #rovide I% s#ecification or name of the remote com#uter2 if not #rovided local com#uter is
considered. 3o not use !ackslashes in the value of the #arameter.
/u \&1To #rovide User4ame or 3omain-User4ame under whose #ermission command should e(ecute. If
not #rovided then command run under the #ermission of #erson who is logged on. 5#tion ,u can !e used
only if ,s is s#ecified.
/p &16or the #asswordof that user account which is #rovided with ,u #arameter. %assword is #rom#ted in
case this field is omitted.
/m &1 All tasks are listed that are currently using the given #attern name. In case no match found all
modules are dis#layed.
/svc&1 All service information is listed hosted in each #rocess without truncation. It is only valid when /fo
'format) #arameter is used.
/v&1Task information is dis#layed in ver!ose mode. %arameters /v and /svc are used together in order to
dis#lay the com#lete ver!ose out#ut without truncation.
/fo {table list csv}&1 3is#lays formatted out#ut with default format table. 5ther valid values are list7 csv.
csv is the comma se#arated value format.
/nh&1 8alid only for table and csv formats. Used to s#ecify that the 9Column :eader; not to !e dis#layed
in the out#ut.
/fi &1To dis#lay a set of tasks matching a given criteria as s#ecified in filter.
Filters description:
6ilters are #rovided to filter the result. This filtering is !ased on some 6ilter names which are checked with
some relational o#erators. <ou will o!serve that the filter names are the column names which comes in task
manager.
Filter NameValid OperatorsValid Values
*TATU*eq7ne=U44I4G45T =>*%543I4GU4?454
IMAG>4AM>eq7 ne 4ame of image
%I3eq7 ne7 gt7 lt7 ge7 le%rocessI3 num!er
*>**I54eq7 ne7 gt7 lt7 ge7 le*ession num!er
C%UTIM> eq7 ne7 gt7 lt7 ge7 leC%U time in the format ::&MM&**7 where MM and ** are !etween @ and AB
and :: is any unsigned num!er
M>MU*AG>eq7 ne7 gt7 lt7 ge7 le Memory usage'in ?C)
U*>=4AM>eq7 ne Any valid user name 'User or 3omain-User)
*>=8IC>*eq7 ne*ervice name
I435TITD>eq7 ne indow title
M53UD>*eq7 ne3DD name
Points to be noted:
In case of remote #rocess I435TITD> and *TATU* filters are not su##orted.
!amples:
To list all #rocess running without any #arameters to list of #rocess with column headers image name7 %I37
session name E no7 and memory usage.
tasklist
To list all those #rocesses which have %I3 greater than or equal to FA@@ and out#ut in C*8 format.
taskkill ,v ,fi 9%I3 ge GFAF; ,fo csv
To list all the #rocesses that are currently in running status under admin account.
Unlock Windows: Taskkill ~ A Command line utility equivalent of its G... http://unlock-windows.blogspot.in/2008/12/taskkill-command-line-utilit...
1 of 3 9/1/2014 4:26 PM
To list all those #rocesses which have %I3 greater than or equal to FA@@ and out#ut in C*8 format.
taskkill ,v ,fi 9%I3 ge GFAF; ,fo csv
To list all the #rocesses that are currently in running status under admin account.
tasklist ,fi 9U*>=4AM> eq admin; ,fi 9*TATU* eq running;
To list all #rocess on a remote system named server#c under user name 9administrator; having its
#assword as 9quHdc')r$;.
tasklist ,s server#c ,u administrator ,# quHdc')r$
To list all service information for #rocesses having a 3DD name !eginning with 9ntdll;.
tasklist ,m ntdllI
Taskkill& As the name of the utility 9taskkill; suggests that it is sim#ly used to see the running #rocesses
and to kill one or more #rocesses either !y using its %I3 i.e. %rocessI3 or !y using its Image name i.e.
!y which it is #resent in system and !eing e(ecuted. e can also filter the results on the !asis of user
name7 %I37 image name7 C%U time7 memory usage etc at the time of killing or terminating a #rocess.
*ynta(&
taskkill +,s +,u +-. +,# +.... /+,fi . +.... +,#id ,im .0 +,f. +,t.
Parameters description:
/s &1 To #rovide I% s#ecification or name of the remote com#uter2 if not #rovided local com#uter is
considered. 3o not use !ackslashes in the value of the #arameter.
/u \&1To #rovide User4ame or 3omain-User4ame under whose #ermission command should e(ecute. If
not #rovided then command run under the #ermission of #erson who is logged on. 5#tion ,u can !e used
only if ,s is s#ecified.
/p &16or the #asswordof that user account which is #rovided with ,u #arameter. %assword is #rom#ted in
case this field is omitted.
/fi &1To a##ly filter to select a set of tasks. ildcard character 'I) can !e used for s#ecifying all tasks or
image names. 6ilter names are #rovided after #arameter descri#tion.
/pid "Process#$"&16or s#ecifying %I3 of the #rocess to !e killed.
/im &16or #roviding image name of the #rocess to !e terminated. Also ildcard character 'I) can !e used
to s#ecify all image names.
/t&1To terminate the whole tree of the #rocess including all child #rocesses started !y it.
/f&16or forceful termination of #rocess. It is not omitted in case of remote #rocess as they are terminated
forcefully in default.
Filters description:
6ilters are #rovided to filter the result. This filtering is !ased on some 6ilter names which are checked with
some relational o#erators. <ou will o!serve that the filter names are the column names which comes in task
manager.
Filter NameValid OperatorsValid Values
*TATU*eq7ne=U44I4G45T =>*%543I4GU4?454
IMAG>4AM>eq7 ne 4ame of image
%I3eq7 ne7 gt7 lt7 ge7 le%rocessI3 num!er
*>**I54eq7 ne7 gt7 lt7 ge7 le*ession num!er
C%UTIM>eq7 ne7 gt7 lt7 ge7 leC%U time in the format ::&MM&**7 where MM and ** are !etween @ and AB
and :: is any unsigned num!er
M>MU*AG>eq7 ne7 gt7 lt7 ge7 leMemory usage'in ?C)
U*>=4AM>eq7 neAny valid user name 'User or 3omain-User)
*>=8IC>*eq7 ne*ervice name
I435TITD>eq7 neindow title
M53UD>*eq7 ne3DD name
where eq7 ne7 gt7 lt7 ge E le are meant for equal to7 not equal to7 greater than7 less than7 greater than equal
to and less than equal to res#ectively.
Points to be noted:
In case of remote #rocess I435TITD> and *TATU* filters are not su##orted.
ildcard 'I) character is acce#ted for ,im o#tion only when filter is a##lied.
4ot necessary that ,f is s#ecified in case of remote #rocess termination as in default that is terminated
forcefully.
3on"t s#ecify com#uter name to :5*T4AM> filter as it will result in a shutdown and all #rocesses are
sto##ed.
6or s#ecifying %rocessI3 '%I3) tasklist command can !e used.
Examples:
To terminate a #rocess with %I3 $GJK use #arameter ,#id.
taskkill ,#id $GJK
To terminate more than one #rocess with #id as G@@F7 GGGL7 L@M$.
taskkill ,#id G@@F ,#id GGGL ,#id L@M$
To terminate a #rocess with its image name like wm#layer.e(e for indows Media %layer use ,im
Unlock Windows: Taskkill ~ A Command line utility equivalent of its G... http://unlock-windows.blogspot.in/2008/12/taskkill-command-line-utilit...
2 of 3 9/1/2014 4:26 PM
% comments:
*urfo#edia Admin said...
To list all those #rocesses which have %I3 greater than or equal to FA@@ and out#ut in C*8 format.
Ntaskkill ,v ,fi 9%I3 ge GFAF; ,fo csv
<ou #ro!a!ly meant FA@@ there7 not GFAF.
To terminate more than one #rocess with #id as G@@F7 GGGL7 L@M$.
taskkill ,#id G@@F ,#id GGGL ,#id L@M$
To terminate a #rocess with its image name like wm#layer.e(e for indows Media %layer use ,im
#arameter.
taskkill ,im wm#layer.e(e
To terminate a #rocess and all its child #rocess i.e. to end #rocess tree in task manager use ,t #arameter.
taskkill ,f ,im e(#lorer.e(e ,t
To terminate all those #rocesses which have %I3 greater than or equal to FA@@ without considering their
image names use filter ge with wildcard character.
taskkill ,f ,fi 9%I3 ge FA@@; ,im I
To terminate the #rocess tree with %I3 GAGF which is started !y account name admin.
taskkill ,#id GAGF ,t ,fi 9U*>=4AM> eq admin;
To terminate all #rocess !eginning with note on a remote system named server#c under user name
9administrator; having its #assword as 9quHdc')r$;.
askkill ,s server#c ,u administrator ,# quHdc')r$ ,fi 9IMAG>4AM> eq noteI; ,im I
To terminate a #rocess with its windows title as 9#aint;
taskkill ,f ,fi 9I435TITD> eq #aint;
Da!els& indows 8ista
Unlock Windows: Taskkill ~ A Command line utility equivalent of its G... http://unlock-windows.blogspot.in/2008/12/taskkill-command-line-utilit...
3 of 3 9/1/2014 4:26 PM