CommandWindows.com

    Site navigation

    Related links

    Managing Windows XP Programs: Tskill and Taskkill
    Windows XP comes with several tools for ending programs or processes from the command line. The features and application of Taskkill and Tskill are discussed.
    Sometimes it is desirable to end a program or a process from the command line. The process may be hung or not responding or it may be desirable to have a script for ending it. Both the Home and Professional version of Windows XP come with the tool . In addition, XP Professional has the more powerful tool . Although the graphical utility can be used to terminate programs that are hung up, the command line can be faster and easier to use. Also, there may be situations where it is convenient to have a batch file that can be run as a script. In addition, Taskkill is capable of sophisticated filters

    Tskill

    The syntax for the command is
    TSKILL processid | processname [/SERVER:servername] [/ID:sessionid | /A] [/V]
    The meaning of the various parameters is given in Table I.
    Parameter
    Description
    processid
    PID for process to be terminated. Use only if processname is not used
    processname
    Process name to be terminated. Wildcards can be used here . Do not use if PID is used
    /SERVER:servername
    Server containing processID (default is current). Usually not needed on home PCs
    /ID:sessionid
    End process running under the specified session. Often not needed on home PCs
    /A
    End process running under ALL sessions (administrator privileges required)
    /V
    Display information about actions being performed

    An example of a simple command that would end Notepad would be tskill notepad Another example is ending all the Microsoft documents that you have open tskill winword All open Word documents will be closed but the contents will not be saved so make sure to save important work. An administrator can close processes that might be running in sessions started by other users. The command tskill winword /a will close everybody's open Word documents.

    It may not always be obvious what process name to use for a program. Usually the name of the program executable file (minus the EXE extension) will work. One way is to use Tasklist to find the PID and use that. Another is to use Task Manager to find the process associated with a program. (Of course, Task Manager itself can be used to terminate a program.).

    Taskkill

    A tool with more options is provided by Taskkill. The command syntax is TASKKILL [/S system [/U username [/P[password]]]]{ [/FI filter] [/PID processid | /IM imagename] } [/F] [/T] The various parameters are described in Table II.

    Parameter
    Description
    /S system
    Specifies the remote system to connect to. Not needed for most home PCs
    /U username
    User context under which the command should execute. Often not needed on home PCs
    /P password
    Password for username
    /FI filter
    Displays a set of tasks that match criteria specified by the filter
    /PID process id
    Specifies the PID of the process that has to be terminated. Not used when image name is given in the command
    /IM imagename
    Specifies the image name of the process that has to be terminated. Wildcard '*' can be used to specify all image names. Not used if PID is given in the command
    /F
    Forces the termination of all processes
    /T
    Tree kill: terminates the specified process and any child processes which were started by it

    Parameters like the image name or the PID may not be immediately obvious and Tasklist can be used to obtain them. Taskkill has more options than Tskill and is accordingly more complicated to use. For example, the simple command "Taskkill notepad" won't work. First of all the image name is "notepad.exe" and not the program name "notepad". Also, generally you will have to use the forcing switch. The command to close notepad would be taskkill /im notepad.exe /f Another example is to close down several programs at once.taskkill /f /im notepad.exe /im mspaint.exe The Microsoft literature is not consistent about whether the /f switch goes before or after the image name but it doesn't seem to matter.

    Filtering Taskkill output

    Taskkill becomes especially powerful when filters are used with the switch "/fi". Various rules can be formed by using the comparison operators shown in Table III.

    Operator
    Description
    eq
    Equals
    ne
    Does not equal
    gt
    Greater than. Only used with numeric values
    lt
    Less than. Only used with numeric values
    ge
    Greater than or equal to. Only used with numeric values
    le
    Less than or equal to. Only used with numeric values

    Table IV shows the variables that can be used in a filter.

    Parameter
    Valid operators
    Valid values
    ImageName
    eq, ne
    Any valid string
    PID
    eq, ne, gt, lt, ge, le
    Any valid positive integer
    MemUsage
    eq, ne, gt, lt, ge, le
    Any valid positive integer in kilobytes
    CPUTime
    eq, ne, gt, lt, ge, le
    CPU time in the format of hh:mm:ss.
    Session
    eq, ne, gt, lt, ge, le
    Session number
    Status
    eq, ne
    Running, Not Responding
    Username
    eq, ne
    Any valid user name (includes SYSTEM, LOCAL SERVICE , NETWORK SERVICE)
    WindowTitle
    eq, ne
    Any valid string
    Services
    eq, ne
    Service name
    Modules
    eq, ne
    DLL name

    Examples of using filters in Taskkill

    With filters, you can impose some specific set of conditions that must be met. Filters give Taskkill considerable versatility and allow you to fine-tune the target..Some examples are given below. Note that a specific image name or PID does not have to be included when using filters.
    Forcefully shut down all the processes that are not responding. Can be used to make a little batch file to shut down hung or frozen programs.
    taskkill /f /fi "status eq not responding"
    Forcefully shut down all programs using a specific DLL file named "some.dll". This should be used with care but one application might be to stop processes thought to be associated with a DLL from spyware or a Trojan. Use Tasklist to see what processes are using a given DLL.
    taskkill /f /fi "modules eq some.dll"
    Close down all programs using large amounts of memory, say 40 MB. Use with care.
    taskkill /f /fi "memusage gt 40000"
    Close down programs using more than 40 MB of memory but not Windows Explorer
    taskkill /f /fi "imagename ne explorer.exe" /fi "memusage gt 40000"
    Share this page:
    More To Explore

    You May Like


    Contact & About