Share

Managing Windows XP Programs: Tskill and Taskkill
Windows XP comes with several tools for ending programs or processes from the command line. The features and application of Taskkill and Tskill are discussed.
Sometimes it is desirable to end a program or a process from the command line. The process may be hung or not responding or it may be desirable to have a script for ending it. Both the Home and Professional version of Windows XP come with the tool Tskill . In addition, XP Professional has the more powerful tool Taskkill . Although the graphical utility Task Manager can be used to terminate programs that are hung up, the command line can be faster and easier to use. Also, there may be situations where it is convenient to have a batch file that can be run as a script. In addition, Taskkill is capable of sophisticated filters

Tskill

The syntax for the command is TSKILL processid | processname [/SERVER:servername] [/ID:sessionid | /A] [/V] The meaning of the various parameters is given in Table I.
Parameter Description
processid PID for process to be terminated. Use only if processname is not used
processname Process name to be terminated. Wildcards can be used here . Do not use if PID is used
/SERVER:servername Server containing processID (default is current). Usually not needed on home PCs
/ID:sessionid End process running under the specified session. Often not needed on home PCs
/A End process running under ALL sessions (administrator privileges required)
/V Display information about actions being performed

An example of a simple command that would end Notepad would be tskill notepad Another example is ending all the Microsoft documents that you have open tskill winword All open Word documents will be closed but the contents will not be saved so make sure to save important work. An administrator can close processes that might be running in sessions started by other users. The command tskill winword /a will close everybody's open Word documents.

It may not always be obvious what process name to use for a program. Usually the name of the program executable file (minus the EXE extension) will work. One way is to use Tasklist to find the PID and use that. Another is to use Task Manager to find the process associated with a program. (Of course, Task Manager itself can be used to terminate a program.).

Taskkill

A tool with more options is provided by Taskkill. The command syntax is TASKKILL [/S system [/U username [/P[password]]]]{ [/FI filter] [/PID processid | /IM imagename] } [/F] [/T] The various parameters are described in Table II.

Parameter Description
/S system Specifies the remote system to connect to. Not needed for most home PCs
/U username User context under which the command should execute. Often not needed on home PCs
/P password Password for username
/FI filter Displays a set of tasks that match criteria specified by the filter
/PID process id Specifies the PID of the process that has to be terminated. Not used when image name is given in the command
/IM imagename Specifies the image name of the process that has to be terminated. Wildcard '*' can be used to specify all image names. Not used if PID is given in the command
/F Forces the termination of all processes
/T Tree kill: terminates the specified process and any child processes which were started by it

Parameters like the image name or the PID may not be immediately obvious and Tasklist can be used to obtain them. Taskkill has more options than Tskill and is accordingly more complicated to use. For example, the simple command "Taskkill notepad" won't work. First of all the image name is "notepad.exe" and not the program name "notepad". Also, generally you will have to use the forcing switch. The command to close notepad would be taskkill /im notepad.exe /f Another example is to close down several programs at once.taskkill /f /im notepad.exe /im mspaint.exe The Microsoft literature is not consistent about whether the /f switch goes before or after the image name but it doesn't seem to matter.

Filtering Taskkill output

Taskkill becomes especially powerful when filters are used with the switch "/fi". Various rules can be formed by using the comparison operators shown in Table III.

Operator Description
eq Equals
ne Does not equal
gt Greater than. Only used with numeric values
lt Less than. Only used with numeric values
ge Greater than or equal to. Only used with numeric values
le Less than or equal to. Only used with numeric values

Table IV shows the variables that can be used in a filter.

Parameter Valid operators Valid values
ImageName eq, ne Any valid string
PID eq, ne, gt, lt, ge, le Any valid positive integer
MemUsage eq, ne, gt, lt, ge, le Any valid positive integer in kilobytes
CPUTime eq, ne, gt, lt, ge, le CPU time in the format of hh:mm:ss.
Session eq, ne, gt, lt, ge, le Session number
Status eq, ne Running, Not Responding
Username eq, ne Any valid user name (includes SYSTEM, LOCAL SERVICE , NETWORK SERVICE)
WindowTitle eq, ne Any valid string
Services eq, ne Service name
Modules eq, ne DLL name

Examples of using filters in Taskkill

With filters, you can impose some specific set of conditions that must be met. Filters give Taskkill considerable versatility and allow you to fine-tune the target..Some examples are given below. Note that a specific image name or PID does not have to be included when using filters.
Forcefully shut down all the processes that are not responding. Can be used to make a little batch file to shut down hung or frozen programs.
taskkill /f /fi "status eq not responding"
Forcefully shut down all programs using a specific DLL file named "some.dll". This should be used with care but one application might be to stop processes thought to be associated with a DLL from spyware or a Trojan. Use Tasklist to see what processes are using a given DLL.
taskkill /f /fi "modules eq some.dll"
Close down all programs using large amounts of memory, say 40 MB. Use with care.
taskkill /f /fi "memusage gt 40000"
Close down programs using more than 40 MB of memory but not Windows Explorer
taskkill /f /fi "imagename ne explorer.exe" /fi "memusage gt 40000"

Back to top