All of this is possible with the TaskKill command. First, let's cover the basics. You can kill a process by the process ID (PID) or by image name (EXE filename).
1. Open up an Administrative level Command Prompt and run tasklist to see all of the running processes:
C:\>tasklist
tasklist.exe /SVC
Notice the additional information that is shown about which instances services are run from.
3. You can list services and applications on a remote system by running
tasklist.exe /s remoteIPaddress
or
tasklist.exe /s remoteComputerName
4. If you want even more detail about the process and applications running, type:
tasklist /M
This will show which .dlls are in use by the processes.
In the example on the left you can see the image name and the PID for each process. If you want to kill the firefox process run:
or
The /f flag is kills the process forcefully. Failure to use the /F flag will result in nothing happening in some cases. One example is whenever I want to kill the explorer.exe process I have to use the /F flag or else the process just does not terminate.
If you have multiple instances of an image open such as multiple firefox.exe processes, running the taskkill /IM firefox.exe command will kill all instances. When you specify the PID only the specific instane of firefox will be terminated.
The real power of taskkill are the filtering options that allow you to use the following variables and operators.
Variables:
- STATUS
- IMAGENAME
- PID
- SESSION
- CPUTIME
- MEMUSAGE
- USERNAME
- MODULES
- SERVICES
- WINDOWTITLE
Operators:
- eq (equals)
- ne (not equal)
- gt (greater than)
- lt (less than)
- ge (greater than or equal)
- le (less than or equal)
"*" is the wildcard.
You can use the variables and operators with the /FI filtering flag. For example, let's say you want to end all processes that have a window title that starts with "Internet":
How about killing all processes running under the Steve account:
It is also possible to kill a process running on a remote computer with taskkill. Just run the following to kill notepad.exe on a remote computer called SteveDesktop:
To learn more about taskkill run it with the /? command just like any other Windows command.
