List running processes on command prompt

[spencer]

List processes load on command prompt same as Task Manager in GUI, it’s easy to handle and kill the process causing problem. UNIX users find its easy to handle processes at command prompt than GUI. Following illustration will help you to understand the use of couple of commands to control server processes. They are TASKLIST and TASKKILL.

With the use of tasklist, you can get the list of all the processes running on the Server.

Quote:

C::\>tasklist
Image Name------PID---Session Name---Session#---Mem Usage
==============================================
System Idle Process--0---Console--0---16 K
System----------4---Console------0---212 K
w3wp.exe------567---Console-----0---34472 K

By using Taskkill, you can terminate particular process by using its PID as follows,

Quote:

C:\>taskkill /pid 567
SUCCESS: The process with PID 567 has been terminated.

If you find PID option difficult to handle at command prompt, instead you can use its image name in the command as follows,

Quote:

C:\>taskkill /IM w3wp.exe /F
SUCCESS: The process "w3wp.exe" with PID 567 has been terminated.

ASP.NET and IIS6.0 will routinely start on a fresh worker process the next time a demand is received by the application. So whenever taskkill command is used for particular worker process, will shutdown all running ASP.NET Worker processes. When the site is accessed once more, a new one will be automatically launched for it with a new PID.

Note: TaskList and TaskKill support a "/S" switch that permits to indicate a remote server to run the commands against. (If you have remote admin rights)

[Sean]

Also, let me add to this. Tasklist is the same as "ps" command on linux to view the programs and process on the windows servers. Through this, we can see memory and CPU time processes and also which DLL files. It can provide more assistance towards troubleshooting a problem. ;)

[BodShane]

Windows Servers have services that run on them, they are basically programs that operate in background and logs with every user of the windows machine. Those servers are in DLLs than in stand-alone. svchost loads DLL on the machine.

svchost.exe has a common problem that is used by malware that can hide their presence. In the following, svchost.exe has no much information in Windows Task Manger and it's very difficult to recognize DLL

In command prompt, type the following command :

"tasklist /svc /fi "IMAGENAME eq svchost.exe"




To check the service name, go to windows service browser. In order to do that, you need to do the following :

- My Computer > Manage > Computer Management > Services and Application > Services



Now, you need to check between window service and human readable name. In the following, it is DNS Client, you ma y open the properties for DNS client.



Here, you will notice the service name matches DNScache. You need to look at executables that run in svchost.exe. You download tasklist.exe

You can also use Process Explorer by Syninternals. You can also check the service name from there.