The command of the end process: 1. Tskill
Tskill Processid | ProcessName [/ Server: ServerName] [/ ID: sessionID | / A] [/ v]
Process ID The process ID of the process to end. ProcessName The process name to end. / Server: ServerName contains the server with ProcessID (the default is the current value). When using process names and / Server, you must specify / ID or / A / ID: SessionID to end the process running under the specified session. / A End the process running under all sessions. / V Displays information about the operation being executed. 2. TaskkillTaskkill [/ s system [/ u Username [/ p [password]]] {[/ fi filter] [/ pid processid | / imagename]} [/ f] [/ t]
Description: This command line tool can be used to end at least one process. The process can be ended based on the process ID or the image name.
Parameter list: / s System Specifies the remote system to connect to.
/ U [Domain /] user specifies which user context to execute this command.
/ P [password] specifies the password for the user context. If ignored, prompt the input.
/ F Specifies to force the process to terminate the process.
/ FI FILTER Specifies the task of filtering or filtering out the query.
/ PID Process ID Specifies the PID of the process to be terminated.
/ IM Image Name Specifies the image name of the process to be terminated. Wildcard '*' can be used to specify all image names.
/ T Tree Kill: Terminate the specified process and any sub-process that is started.
/? Display help / usage.
Filter: Filter name effective operator valid value ------------------------- - STATUS EQ, NE Run | No response imagename EQ, Ne Image Name PID EQ, NE, GT, LT, GE, Le PID Value Session EQ, NE, GT, LT, GE, LE Session Number CPUTIME EQ, NE, GT, LT, GE, LE CPU time, format HH: mm: SS. HH - Time, MM - Clock, SS - Second Memusage EQ, NE, GT, LT, GE, Le Semism, the unit is KB UserName EQ, NE Username, Format is [Domain /] User Modules EQ, NE DLL Name Services EQ, NE Service Name WINDOWTITLE EQ, NE Window Title Note: Only with / IM '*' can be switched with / IM.
Note: The remote process always wants to terminate, regardless of whether or not the / f option is specified.
For example: taskkill / s system / f / im note / pid 1230 / pid 1241 / pid 1253 / t taskkill / f / im notepad.exe / im mspaint.exe taskkill / f / fi "PID GE 1000" / Fi "WINDOWTILE NE UnTitle *" Taskkill / F / Fi "Username EQ NT Authority / System" / IM Notepad.exe Taskill / S System / U Domain / UserName / Fi "Username Ne NT *" / Im * Taskkill / S System / U Username / P Password / Fi "ImageName Eq Note *" 3. NTSDUSAGE: NTSD [-?] [-2] [-d] [-g] [-g] [-myob] [-line] [ ] [-O] [-S] [-V] [- [-r BreakerRlevel] [-TprinTerrorlevel] [-HD] [-pd] [-pe] [-pt #] [-PV] [-x | -x {e | d | n | i}
WHERE: -? Displays this help text command-line is the command to run under the debugger - is the Same as -g -g -g -p -1 -d -pd -adllname sets the default extension dll -c executes the following debugger command -clines number of lines of output history retrieved by a remote clien -failinc causes incomplete symbol and module loads to fail -d sends all debugger output to via kernel debugger DbgPrint -d can not be used with debugger remoting -d can only be used when the kernel debugger is enabled -g ignores initial breakpoint in debuggee -G ignores final breakpoint at process termination -hd specifies that the debug heap should not be used for created processes. This only works on Windows Whistler. -o debugs all processes launched By debuggee -p pid specifies the decimal process id to attach to -pd specifies That the debugger shop automaticly detach -pe specifies That Any A ttach should be to an existing debug port -pn name specifies the name of the process to attach to -pt # specifies the interrupt timeout -pv specifies that any attach should be noninvasive -r specifies the (0-3) error level to break on (SeeSetErrorLevel) -robp allows breakpoints to be set in read-only memory -t specifies the (0-3) error level to display (SeeSetErrorLevel) -w specifies to debug 16 bit applications in a separate VDM -x sets second-chance break On AV EXCEPTIONS -X {E | D | N | i}
sets the break status for the specified event -2 creates a separate console window for debuggee -i ImagePath specifies the location of the executables that generated the fault (see _NT_EXECUTABLE_IMAGE_PATH) -lines requests that line number information be used if present -myob ignores version mismatches in DBGHELP.DLL -n enables verbose output from symbol handler -noio disables all I / O for dedicated remoting servers -noshell disables the .shell (!!) command -QR queries for remote servers -s disables lazy symbol loading -ses enables strict symbol loading -sfce fails critical errors encountered during file searching -sicv ignores the CV record when symbol loading -snul disables automatic symbol loading for unqualified names -srcpath
Name of Pipe> for 1394 Use: channel =
_NT_SYMBOL_PATH = [Drive:] [Path] Specify Symbol Image Path.
_NT_ALT_SYMBOL_PATH = [Drive:] [Path] Specify An Alternate Symbol Image Path.
_NT_DEBUGGGER_EXTENSION_PATH = [Drive:] [PATH] Specify A Path Which SHOULD BE Searched First for Extensions DLLS
_NT_EXECUTABLE_IMAGE_PATH = [Drive:] [PATH] Specify Executable Image Path.
_NT_Source_path = [Drive:] [Path] Specify Source File Path.
_NT_DEBUG_LOG_FILE_OPEN = filename If specified, all output will be written to this file from offset 0._NT_DEBUG_LOG_FILE_APPEND = filename If specified, all output will be APPENDed to this file.
_NT_Debug_history_size = size specifies the size of a server's output history in kilobytes
Control Keys:
