Kill Processes from Command Prompt | JamiiForums | The Home of Great Thinkers

Dismiss Notice
You are browsing this site as a guest. It takes 2 minutes to CREATE AN ACCOUNT and less than 1 minute to LOGIN

Kill Processes from Command Prompt

Discussion in 'Tech, Gadgets & Science Forum' started by MziziMkavu, Jul 17, 2011.

  1. MziziMkavu

    MziziMkavu JF-Expert Member

    Jul 17, 2011
    Joined: Feb 3, 2009
    Messages: 39,607
    Likes Received: 4,599
    Trophy Points: 280
    I'm sure you are familiar with the traditional way to kill or end a process in Windows using Task Manager. This method is effective but not nearly as fun as killing a process in Command Prompt. Additionally, killing processes in Command Prompt provides much more control and the ability to end multiple processes at once. All of this is possible with the TaskKill command. First, let's cover the basics. You can kill a process by the process ID (PID) or by image name (EXE filename).
    Open up an Administrative level Command Prompt and run tasklist to see all of the running processes:


    Image Name PID Session Name Mem Usage
    ========================= ======== ================ ============
    firefox.exe 26356 Console 139,352 K
    regedit.exe 24244 Console 9,768 K
    cmd.exe 18664 Console 2,380 K
    conhost.exe 2528 Console 7,852 K
    notepad.exe 17364 Console 7,892 K
    notepad.exe 24696 Console 22,028 K
    notepad.exe 25304 Console 5,852 K
    explorer.exe 2864 Console 72,232 K

    In the example above you can see the image name and the PID for each process. If you want to kill the firefox process run:
    C:\>Taskkill /IM firefox.exe /F

    C:\>Taskkill /PID 26356 /F

    The /f flag is kills the process forcefully. Failure to use the /F flag will result in nothing happening in some cases. One example is whenever I want to kill the explorer.exe process I have to use the /F flag or else the process just does not terminate.
    If you have multiple instances of an image open such as multiple firefox.exe processes, running the taskkill /IM firefox.exe command will kill all instances. When you specify the PID only the specific instane of firefox will be terminated.

    The real power of taskkill are the filtering options that allow you to use the following variables and operators.

    • STATUS
    • PID

    • eq (equals)
    • ne (not equal)
    • gt (greater than)
    • lt (less than)
    • ge (greater than or equal)
    • le (less than or equal)
    "*" is the wildcard.
    You can use the variables and operators with the /FI filtering flag. For example, let's say you want to end all processes that have a window title that starts with "Internet":
    C:\>taskkill /FI "WINDOWTITLE eq Internet*" /F
    How about killing all processes running under the Steve account:

    C:\>taskkill /FI "USERNAME eq Steve" /F
    It is also possible to kill a process running on a remote computer with taskkill. Just run the following to kill notepad.exe on a remote computer called SteveDesktop:

    C:\>taskkill /S SteveDesktop /U RemoteAccountName /P RemoteAccountPassword /IM notepad.exe /F

    To learn more about taskkill run it with the /? command just like any other Windows command.
  2. MziziMkavu

    MziziMkavu JF-Expert Member

    Jul 17, 2011
    Joined: Feb 3, 2009
    Messages: 39,607
    Likes Received: 4,599
    Trophy Points: 280
    Access Sysinternals utilities over the web with command prompt

    The Microsoft acquisition Sysinternals that is famous for their useful Windows utilities has a new site up that allows you to easily access any of their utilities for free over the internet in your command prompt. This allows you to run any of their utilities without first downloading it to your computer. Just open an administrative level command prompt and type in:

    For example if you want to run Autoruns (a great program to see what starts up automatically) type \\\tools\autoruns.exe and hit Enter.
    Every Sysinternals utility is available for “live” use.
    Available Commands

    • accesschk.exe
    • AccessEnum.exe
    • accvio.EXE
    • ADExplorer.exe
    • ADInsight.exe
    • adrestore.exe
    • Autologon.exe
    • autoruns.exe
    • autorunsc.exe
    • Bginfo.exe
    • Cacheset.exe
    • Clockres.exe
    • Contig.exe
    • ctrl2cap.exe
    • Dbgview.exe
    • diskext.exe
    • Diskmnt.exe
    • Diskmon.exe
    • DiskView.exe
    • du.exe
    • efsdump.exe
    • Filemon.exe
    • handle.exe
    • hex2dec.exe
    • junction.exe
    • ldmdump.exe
    • Listdlls.exe
    • livekd.exe
    • LoadOrd.exe
    • logonsessions.exe
    • movefile.exe
    • newsid.exe
    • NotMyfault.exe
    • ntfsinfo.exe
    • pagedfrg.exe
    • pendmoves.exe
    • pipelist.exe
    • portmon.exe
    • procexp.exe
    • ProcFeatures.exe
    • Procmon.exe
    • psexec.exe
    • psfile.exe
    • psgetsid.exe
    • Psinfo.exe
    • pskill.exe
    • pslist.exe
    • psloggedon.exe
    • psloglist.exe
    • pspasswd.exe
    • psservice.exe
    • psshutdown.exe
    • pssuspend.exe
    • RegDelNull.exe
    • Reghide.exe
    • regjump.exe
    • Regmon.exe
    • RootkitRevealer.exe
    • sdelete.exe
    • ShareEnum.exe
    • ShellRunas.exe
    • sigcheck.exe
    • streams.exe
    • strings.exe
    • sync.exe
    • SysInternalsBluescreen.scr
    • tcpvcon.exe
    • Tcpview.exe
    • Testlimit.exe
    • testlimit64.exe
    • Volumeid.exe
    • whois.exe
    • Winobj.exe
    • ZoomIt.exe
    For a “live” list visit - /Tools/
    Tip: When you are typing in a command hit the Tab key to automatically fill in the rest of the file name. E.g. type autor and then hit Tab to get autoruns.exe