Guest
[Entry]
"I believe you're looking for the tasklist command.
C:\Documents and Settings\Administrator>tasklist /?
TASKLIST [/S system [/U username [/P [password]]]] [/M [module] | /SVC | /V] [/FI filter] [/FO format] [/NH]
Description: This command line tool displays a list of application(s) and associated task(s)/process(es) currently running on either a local or remote system.
Parameter List: /S system Specifies the remote system to connect to.
/U [domain\]user Specifies the user context under which the command should execute.
/P [password] Specifies the password for the given user context. Prompts for input if omitted.
/M [module] Lists all tasks that have DLL modules loaded in them that match the given pattern name. If the module name is not specified, displays all modules loaded by each task.
/SVC Displays services in each process.
/V Specifies that the verbose information is to be displayed.
/FI filter Displays a set of tasks that match a given criteria specified by the filter.
/FO format Specifies the output format. Valid values: ""TABLE"", ""LIST"", ""CSV"".
/NH Specifies that the ""Column Header"" should not be displayed in the output. Valid only for ""TABLE"" and ""CSV"" formats.
/? Displays this help/usage.
Filters: Filter Name Valid Operators Valid Value(s) ----------- --------------- -------------- STATUS eq, ne RUNNING | NOT RESPONDING IMAGENAME eq, ne Image name PID eq, ne, gt, lt, ge, le PID value SESSION eq, ne, gt, lt, ge, le Session number SESSIONNAME eq, ne Session name CPUTIME eq, ne, gt, lt, ge, le CPU time in the format of hh:mm:ss. hh - hours, mm - minutes, ss - seconds MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB USERNAME eq, ne User name in [domain\]user format SERVICES eq, ne Service name WINDOWTITLE eq, ne Window title MODULES eq, ne DLL name
Examples: TASKLIST TASKLIST /M TASKLIST /V TASKLIST /SVC TASKLIST /M wbem* TASKLIST /S system /FO LIST TASKLIST /S system /U domain\username /FO CSV /NH TASKLIST /S system /U username /P password /FO TABLE /NH TASKLIST /FI ""USERNAME ne NT AUTHORITY\SYSTEM"" /FI ""STATUS eq running""
Example output:
C:\Documents and Settings\Administrator>tasklist
Image Name PID Session Name Session# Mem Usage ========================= ====== ================ ======== ============ System Idle Process 0 Console 0 16 K System 4 Console 0 40 K smss.exe 564 Console 0 52 K csrss.exe 628 Console 0 2,168 K winlogon.exe 652 Console 0 1,052 K services.exe 696 Console 0 1,452 K lsass.exe 708 Console 0 1,272 K svchost.exe 860 Console 0 1,620 K svchost.exe 940 Console 0 1,324 K svchost.exe 1032 Console 0 8,204 K svchost.exe 1080 Console 0 1,200 K svchost.exe 1132 Console 0 544 K spoolsv.exe 1436 Console 0 940 K explorer.exe 1676 Console 0 6,500 K svchost.exe 1920 Console 0 1,372 K cmd.exe 1520 Console 0 92 K firefox.exe 796 Console 0 77,080 K cmd.exe 436 Console 0 2,280 K tasklist.exe 196 Console 0 3,984 K
you can also use the /V argument (verbose) to get more detailed information, but simply using tasklist will list the program and it's PID."
|