Kill processes from the command prompt

Kill processes from the command prompt is not a prerogative solely of the GNU / Linux operating system since the advent of Windows 7 the home of Redmond Microsoft has included this possibility within their systems not reporting sufficiently to those who use Windows especially for reasons di work.

Kill the processes from the command prompt, it is not a well known technique and there are not many system operators familiar with this procedure, however, very easy and in this article we will discuss and explain how it works.

Kill processes, kill windows processes, windows processes

Surely you will all know how to kill or terminate a process in Windows using Task Manager, but surely you are not aware that everything that is done from the command prompt, acts deeper in the operating system and offers much more control and possibility of terminate multiple processes at the same time.

The command we are talking about is TaskKill, but before tackling its use, we need to explain how a process is identified within an operating system.

Any process that also runs at this time in the memory of your computer can be identified by a process number or ID (PID) or more significantly is often identified by a mnemonic name (EXE or COM file name) and each process commits the our CPU with machine cycles that determine the percentage of occupancy and therefore the time that the microprocessor must pass to process what was expected by the programmer of that process, obviously using more or less expensive portions of memory.

Now that we know what a process is and how it is processed by our microprocessor, we can open an administrative level command prompt and run the command tasklist that will propose to us all the administrative processes that are currently running on our machine; obviously for the sake of convenience, we can also, for those who have Windows 10, press the Alt-R key and open a window in which we will simply write cmd.exe / K then pressing the enter key and you will open our command prompt in the same way.

C: \> tasklist

Image Name PID Session Name Mem Usage
========================= ======== ================ = ===========
firefox.exe 26356 Console 139,352 K
cmd.exe 18664 Console 2,380 K
conhost.exe 2528 Console 7,852 K
notepad.exe 17364 Console 7,892 K
explorer.exe 2864 Console 72,232 K

In this example, we will notice how the tasklist will be proposed to us, ie the list of processes that are running on our machine.

If we want to try the operation, it will be sufficient to open our notepad also known as notepad and kill the process.

C: \> Taskkill / IM notepad.exe / F

or

C: \> Taskkill / PID 17364 / F

Many will wonder why I used the F flag and the IM and PID flags.

The Taskkill command has the possibility of not interfering with the system if we find ourselves in the presence of a task or process, particularly difficult, for the most varied that we are not here to list and with the / F option we have done nothing but request the 'help of the Force ... ..Force.

As for the IM and PID flags, it is easy to understand that they identify the type of process that we intend to kill, that is a process that we recall with its PID or a process that we intend to recall for its Image Name or simply, for the his name.

The Taskkill command has an infinite number of filter options, which support the kill procedure to allow us to act in the most disparate ways, and now we list them:

variables:

  • STATE
  • ImageName
  • PID
  • SESSION
  • CPUTIME
  • MEMUSAGE
  • USERNAME
  • FORMS
  • SERVICES
  • WINDOWTITLE

operators:

  • eq (equal)
  • ne (not the same)
  • gt (greater than)
  • lt (less than)
  • ge (greater or equal)
  • le (less or equal)

"*" Is the wildcard character.

You can use variables and operators with the filter / FI flag. For example, suppose you want to terminate all processes that have a window title that starts with "Web":

C: \> taskkill / FI "WINDOWTITLE eq Web *" / F

But, if we wanted to kill all the processes of a user who probably hung up with a RDP sedion with the Pippo account, how could we do?

Nothing could be simpler, we will give the command:

C: \> taskkill / FI "USERNAME eq Pippo" / F

You can also kill a running process on a remote computer with taskkill by doing the following to delete notepad.exe on a remote computer called PippoDesktop:

C: \> taskkill / S PippoDesktop / U RemoteAccountName / P RemoteAccountPassword / IM notepad.exe / F

Obviously, we will have to replace RemoteAccountName the name of the remote user and instead of RemoteAccountPassword write the password of the remote user and the notepad.exe will be killed.

Back Blog IT