Tuesday, October 10, 2006

Kill Processes from Command Prompt

Yes, you can do that in Windows XP. The command for that is "tskill" (Terminal Services End Process Utility). For example:
tskill mspaint - will kill all Paint windows
tskill 1234 - will kill the specified process
The switch /v will output some extra information (verbose mode) like:
C:\WINDOWS\system32>tskill mspaint /v
End Process(208)
End Process(3656)

Now sky is the limit...
Note: it does not work in Windows 2000 and I didn't checked in Windows 2003. Let me know if it works on it and on Vista.

Update June, 24 2009

There is another tool as other have commented: taskkill. I have studied it a bit, and in turn it is much more complex than tskill. It can terminate processes on remote systems as well. Just type taskkill /? and read the help. To my example how to kill mspaint, here is the required syntax:

C:\>taskkill /im mspaint.exe
SUCCESS: The process "mspaint.exe" with PID 8836 has been terminated.
SUCCESS: The process "mspaint.exe" with PID 7612 has been terminated.
SUCCESS: The process "mspaint.exe" with PID 9036 has been terminated.


or if you know the process id:

C:\>taskkill /pid 7760
SUCCESS: The process with PID 7760 has been terminated.


For Windows 2000 users:

The techniques that I’ll be showing you involve using the TLIST and the KILL command. These commands are a part of the Windows Support Tools, which are not installed by default. Instead, these tools are kept on the Windows 2000 installation CD until you manually install them. Installing the support tools requires a little over 18 MB of hard disk space.To install the Windows Support Tools, log on as an administrator and insert your Windows 2000 installation CD. When you see the Windows 2000 splash screen, select the Browse This CD option. When the browse window opens, navigate through the CD’s directory to the \SUPPORT\TOOLS directory. Next, run the SETUP.EXE program.

With the support tools installed, without looking to Task Manager, a way of determining the process ID is by opening a Command Prompt window and entering the TLIST command.

The command line syntax of the KILL command is as follows:
KILL [-F] < >

As you’ve probably already figured out, the PID is the process ID and the pattern is the name of the process. Therefore, you can shut down a process by simply entering the KILL command followed by one of the two parameters. For example:

kill 2304

kill mspaint


The -F switch parameter will force a process to shut down. "Most of the time, you won’t want to use the -F switch. It’s intended for emergency use only." But that's the point right? To kill the process...

You can actually use the KILL command combined with the -F parameter to shut down critical systems services, thus resulting in the Blue Screen of Death. Coincidentally, several years ago I was at Microsoft’s TechEd conference, and one of the speakers had developed a virus based on the KILL -F command. He had used a common utility to create a service that issued the KILL -F command followed by the name of a critical system service. He then configured his service in a way that would cause it to load on startup. The result was that every time the machine would boot, it would instantly go to the Blue Screen of Death because he was killing a low level service. The only way that the speaker was able to undo the damage was to use ERD Commander to disable the virus service from outside of the operating system.

14 comments:

Anonymous said...

It's working perfect on Windows Server 2003

Anonymous said...

If your administrater has taken away your ability to open the task manager (like when you are a school or the office)

open command propt (start>run>cmd) [NOTE* they may have taken this away as well, google to find more ways into it]

type tasklist /svc and press enter there will now be a list of processes. use the above article to kill the process. [NOTE* Dont include the .exe or whatever when yuo do tskill

Anonymous said...

you can access command prompt from notepad; open new document, type "cmd", save as a .bat file and run it, the only problem is it will keep looping, i am not exactly sure how to fix this

Lusu said...

This is the wrong approach probably... Just right click your desktop and choose New > Shortcut. When it asks for location type in "cmd" (no quotes). Press "Next", change the name as you like and press "Finish". Easy enough?

Anonymous said...

works on vista :)

Anonymous said...

For vista instead of using tskill you use taskkill

so it would be

taskkill mspaint

instead of tskill mspaint

Anonymous said...

The same with XP (I have Media Center) use taskkill.

Using taskkill /? will explain all the values of this command.

Anonymous said...

It works with vista, but you have to type it a little different for me. I have to type, taskkill /pid 1234, or to do it forcefully, taskkill /f /pid 1234.

Nikhil said...

what works for windows 2000 professional ?

Nikhil said...

i wish to terminate a process on windows 2000 professional ....

how do i do that ?

Lusu said...

No, it works on Terminal Server only if you are running Windows 2000.

Nikhil said...

well .... i need to kill a process on windows 2000 (thru command prompt).... so can u suggest any solution ?

Lusu said...

You are lucky:

I will update the post in few minutes with windows 2000 specific instructions. Please check again a little later.

Anonymous said...

cheers for that tip.
I've just tried tskill on Win7x64 and it works.
I'm now going to deploy it across my site (2K, XP, 7x32, 7x64) to kill certain processes that users keep leaving open over night.