Windows XP Task Manager, everyone will not be unfamiliar. With the "Ctrl Alt Del" key key, select "Task Manager" to view the list of processes in this machine, and you can get more process information, such as session ID, user name, etc. by manual custom process list, such as session ID, user name, etc. Unfortunately, we can't see which system services are available until these processes. In Windows XP, a command line tool "Tasklist.exe" can implement the above features.
The "tasklist" command is a command line tool for displaying all processes running on a local or remote computer with multiple execution parameters.
Its usage format is:
Tasklist [/ s system [/ u Username [/ p [password]]]]
[/ M [Module] | / SVC | / V] [/ Fi Filter] [/ fo format] [/ NH]
parameter list:
/ S System Specifies the connected remote system.
/ U [domain /] user specifies which user who uses this command.
/ P [password] specifies the password for the specified user.
/ M [Module] lists all processes that call the specified DLL module.
If no module name is specified, all modules loaded by each process are displayed.
/ SVC displays the service in each process.
/ V Specify the details to display.
/ Fi Filter displays a series of processes specified by the filter.
/ Fo format Specifies the output format, the valid value: "Table", "List", "CSV".
/ NH Specify field headers should not be displayed in the output.
Only valid for "Table" and "CSV" format.
1. Use the "tasklist" command to view the machine process
Run the "Command Prompt" program, enter: "tasklist" command (Figure 1) in the prompt window, which shows all the processes of the unit. The display result of this unit consists of five parts: image name (process name), PID, session name, session #, memory usage.
2, check the process of remote system
Enter the command prompt
"Tasklist / s 218.22.123.26 / u jtdd / p 12345678" (excluding quotation marks)
"218.22.123.26" after / s parameters refers to the IP address of the remote system, "JTDD" after / u, refers to the user account used by the tasklist command, which is a legal account on the remote system, / p "12345678" means the password of the JTDD account.
This way, we can check the process of the remote system through the above command.
Tip: When using the tasklist command to view the process of the remote system, you need the support of the RPC server of the remote machine, otherwise, the command cannot be used normally.
3. View the service provided by the system process
The tasklist command can not only view the system process, but also view the services provided by each process.
If you are viewed by the service "SVCHOST.exe" service, enter: "tasklist / svc" command in the command prompt, you will be surprised, there are four "svchost.exe" processes, there are two More than a dozen services use this process. For remote systems, check system services are also very simple. You can view the IP address as "218.22.123.26 using the" Tasklist / S218.22.123.26 / U JTDD / P 12345678 / SVC "command. "The service provided by the remote system process. 4, check the process list that calls the DLL module file
For example, we want to see which processes in the local system call the "shell32.dll" DLL module file.
(Figure 4) Enter: Enter:
Tasklist / m shell32.dll
At this time, the system will display the calling process list.
5, use filter to find the specified process
Enter the command prompt: "Tasklist / Fi" Username Ne Nt Authority / System "/ Fi" status eq running "
This lists all the processes of non-"System" status in the system.
Where "/ Fi" is the filter parameters, "NE" and "EQ" are the relational operator "not equal" and "equal".
supplement:
When talking about the "tasklist" command, we have to mention the twin brothers "taskkill" command, as the name suggests, it is used to kill the process.
To kill the "NOTEPAD.EXE" process.
First, use Tasklist to find its PID, the system displays the PID value of the "NOTEPAD.exe" process to "1132", then "Taskkill / PID 1132", or run "taskkill / im notepad.exe" can,
The "/ PID" parameter is followed by the PID value of the process, and the "/ IM" parameter is the image name of the process.
There are still many usages of the "tasklist" command. Due to the relationship, it will not be described in detail. Interested friends can refer to relevant technical information to conduct in-depth research.
