Windows XP comes with several tools for ending programs or processes from the command line. The features and application of Taskkill and Tskill are discussed.
Sometimes it is desirable to end a program or a process from the command line. The process may be hung or not responding or it may be desirable to have a script for ending it. Both the Home and Professional version of Windows XP come with the tool Tskill . In addition, XP Professional has the more powerful tool Taskkill. Although the graphical utility Task Manager can be used to terminate programs that are hung up, the command line can be faster and easier to use. Also, there may be situations where it is convenient to have a batch file that can be run as a script. In addition, Taskkill is capable of sophisticated filters
TskillThe syntax for the command is TSKILL processid processname [/SERVER:servername] [/ID:sessionid /A] [/V] The meaning of the various parameters is given in Table I.
Table I. Parameters for the command Tskill
Parameter
Description
processid
PID for process to be terminated. Use only if processname is not used
processname
Process name to be terminated. Wildcards can be used here . Do not use if PID is used
/SERVER:servername
Server containing processID (default is current). Usually not needed on home PCs
/ID:sessionid
End process running under the specified session. Often not needed on home PCs
/A
End process running under ALL sessions (administrator privileges required)
/V
Display information about actions being performed
An example of a simple command that would end Notepad would be tskill notepad Another example is ending all the Microsoft documents that you have open tskill winword All open Word documents will be closed but the contents will not be saved so make sure to save important work. An administrator can close processes that might be running in sessions started by other users. The command tskill winword /a will close everybody's open Word documents.
It may not always be obvious what process name to use for a program. Usually the name of the program executable file (minus the EXE extension) will work. One way is to use Tasklist to find the PID and use that. Another is to use Task Manager to find the process associated with a program. (Of course, Task Manager itself can be used to terminate a program.).
Taskkill
A tool with more options is provided by Taskkill. The command syntax is TASKKILL [/S system [/U username [/P[password]]]]{ [/FI filter] [/PID processid /IM imagename] } [/F] [/T] The various parameters are described in Table II.
Table II. Parameters for Taskkill command
Parameter
Description
/S system
Specifies the remote system to connect to. Not needed for most home PCs
/U username
User context under which the command should execute. Often not needed on home PCs
/P password
Password for username
/FI filter
Displays a set of tasks that match criteria specified by the filter
/PID process id
Specifies the PID of the process that has to be terminated. Not used when image name is given in the command
/IM imagename
Specifies the image name of the process that has to be terminated. Wildcard '*' can be used to specify all image names. Not used if PID is given in the command
/F
Forces the termination of all processes
/T
Tree kill: terminates the specified process and any child processes which were started by it
Parameters like the image name or the PID may not be immediately obvious and Tasklist can be used to obtain them. Taskkill has more options than Tskill and is accordingly more complicated to use. For example, the simple command "Taskkill notepad" won't work. First of all the image name is "notepad.exe" and not the program name "notepad". Also, generally you will have to use the forcing switch. The command to close notepad would be taskkill /im notepad.exe /f Another example is to close down several programs at once.taskkill /f /im notepad.exe /im mspaint.exe The Microsoft literature is not consistent about whether the /f switch goes before or after the image name but it doesn't seem to matter.
Filtering Taskkill output
Taskkill becomes especially powerful when filters are used with the switch "/fi". Various rules can be formed by using the comparison operators shown in Table III.
Table III. Comparison operators for filters
Operator
Description
eq
Equals
ne
Does not equal
gt
Greater than. Only used with numeric values
lt
Less than. Only used with numeric values
ge
Greater than or equal to. Only used with numeric values
le
Less than or equal to. Only used with numeric values
Table IV shows the variables that can be used in a filter.
Table IV. Filter operators and allowed values
Parameter
Valid operators
Valid values
ImageName
eq, ne
Any valid string
PID
eq, ne, gt, lt, ge, le
Any valid positive integer
MemUsage
eq, ne, gt, lt, ge, le
Any valid positive integer in kilobytes
CPUTime
eq, ne, gt, lt, ge, le
CPU time in the format of hh:mm:ss.
Session
eq, ne, gt, lt, ge, le
Session number
Status
eq, ne
Running, Not Responding
Username
eq, ne
Any valid user name (includes SYSTEM, LOCAL SERVICE , NETWORK SERVICE)
WindowTitle
eq, ne
Any valid string
Services
eq, ne
Service name
Modules
eq, ne
DLL name
Examples of using filters in TaskkillWith filters, you can impose some specific set of conditions that must be met. Filters give Taskkill considerable versatility and allow you to fine-tune the target..Some examples are given below. Note that a specific image name or PID does not have to be included when using filters.
Forcefully shut down all the processes that are not responding. Can be used to make a little batch file to shut down hung or frozen programs.
taskkill /f /fi "status eq not responding"
Forcefully shut down all programs using a specific DLL file named "some.dll". This should be used with care but one application might be to stop processes thought to be associated with a DLL from spyware or a Trojan. Use Tasklist to see what processes are using a given DLL.
taskkill /f /fi "modules eq some.dll"
Close down all programs using large amounts of memory, say 40 MB. Use with care.
taskkill /f /fi "memusage gt 40000"
Close down programs using more than 40 MB of memory but not Windows Explorer
taskkill /f /fi "imagename ne explorer.exe" /fi "memusage gt 40000"
Technical blogging is a great way to share my expertise while building a potentially valuable readership. Imagination & Innovation is more important than knowledge.
Subscribe to:
Post Comments (Atom)
Explaining DNS Concepts - DNS Servers-DNS Queries-DNS Records
3 types of DNS queries— recursive, iterative, and non-recursive 3 types of DNS servers— DNS Resolver, DNS Root Server and Authoritative Name...
-
Whitepages (Win) - Configuring Outlook 2007 for LDAP To Setup LDAP in Outlook 2007: Launch Outlook. Click on the Tools menu and select ...
-
Issue 1: Troubleshooting a Hard Drive If your system has a RAID controller and your hard drives are configured in a RAID array, perform ...
-
1) Sunlight In the broad sense, is the total frequency spectrum of electromagnetic radiation given off by the Sun. On Earth, sunlight is fi...
1 comment:
Very Nice and Useful
Post a Comment