Many will be familiar with the graphical tool Task Manager, which I have discussed elsewhere, and which provides various kinds of information about the applications and processes that are running on a system. There are also several command-line tools that provide similar but even more detailed information. In this article I will discuss the features of the tool called Tasklist (the system file is tasklist.exe). This tool is part of the regular installation of the Professional version of XP but does not come with the Home edition. However, those with the Home version of XP can download Tasklist here. Tasklist can be applied to see how much memory and CPU time running processes are using, what DLL files they rely on, and other information. Thus it can be a very useful troubleshooting tool.
Basic Tasklist command
If all you want to know is what tasks are running, enter TASKLIST into the command line. The output can be redirected to a file if you wish. The default format is a table with several columns of information. An example of a partial console output is shown in the figure below. There are five columns of information. The following list gives the meanings of the various column headings:
- Image Name
- The name of the process or the executable file running the process.
- The process ID. The system assigns a number to each process so it can keep track of it. It is possible to have several processes running with identical names but the PID will be unique. Note that the PID may not be the same each time you open a particular program. You may need the PID to run certain other diagnostic tools and Tasklist is one way to obtain this information.
- Session Name
- Unless you are on a network, this will read "Console" indicating that the process was started locally. Home PC users can usually ignore this column.
- Each session is assigned a number. Home PC users can usually ignore this column also.
- Mem Usage
- This gives the very useful information about how much memory (in KB) that a process was using at the time Tasklist was run.
- Additional columns will be displayed in the so-called "verbose" mode that is obtained with the switch /v. These columns are:
- Gives the current status of the process as "Running", "Not Responding", or "Unknown". Useful for finding hung processes. Unknown status may refer to a normal process but Not Responding indicates a process that should be stopped.
- User Name
- User account under which the process is running, Windows itself will be running many processes and the various system accounts SYSTEM, LOCAL SERVICE , or NETWORK SERVICE. will appear, coupled with the local domain name NT AUTHORITY.
- CPU Time
- The total amount of CPU cycle time used by the process since its start. This can be a big number if you never turn off the computer.
- Window Title
- Windows display name of the process if it exists. Can sometimes help identify what program is involved.
More advanced options for Tasklist
There are many more options and these are provided by switches. The full syntax is:
TASKLIST [/S system [/U username [/P [password]]]] [/M [module] | /SVC | /V] [/FI filter]
[/FO format] [/NH] Upper case has been used for clarity but the command is not case-sensitive. Table I describes the various parameters.
These additional parameters enable Tasklist to provide very detailed information about the system. Some examples will be shown in the next sections.
Find which Services use a processIt can be very useful to know the relationship between a process and the services that are running on a system (for a discussion of
tasklist /svc >list.txt
Find which DLL files are used by a processProcesses can be using many different DLL files by calling on various procedures from their libraries. It is not uncommon for a problem to arise because a DLL is corrupted or is the wrong version. To find which DLLs are used by each process use the command
tasklist /m oleaut32.dll
Filtering Tasklist output
The output can be narrowed down to specific parameters by using filters and the switch /FI. There are a number of comparison operators and these are given in Table II. Not all operators can be used with every parameter and allowed values are shown for the most useful parameters in Table III.
An example of using a filter is a command to find processes that are not responding. The command would be
tasklist /fi "status eq not responding" Another example is to find processes using a lot of memory, say more than 40 MB. The
tasklist /fi "memusage gt 40000"
A final example shows how to clarify the multiple entries for the process "svchost.exe" that occur. (Each has a different PID.) Service Host (svchost.exe) is a basic piece of the Windows XP OS that is involved with many low-level system services. These are placed in several service groups, all running under the generic service name
"svchost.exe" .(See the discussion here.) To see which services are associated with each instance of svchost.exe, use the command
tasklist /svc /fi "imagename eq
More infornation on Tasklist is at this Microsoft site.