| tasklist | new in WS2003 |
tasklist [/s Computer] [/u Domain\User [/p Password]] [{/m Module
| /svc | /v}] [/fo {TABLE | LIST | CSV}] [/nh] [/fi FilterName [/fi
FilterName2 [ ... ]]]
/s Computer
Name or IP address of a remote computer (if omitted, defaults to local computer).
/u [Domain\User[ /p [Password]]]
Credentials for running the command (if omitted, defaults to currently logged-on user).
/m Module
Lists tasks having DLLs loaded that match the pattern.
/svc
Lists service information for each process without truncation (requires TABLE).
/fo {TABLE | LIST | CSV}
Format for displaying driver properties (if omitted, default is TABLE).
/nh
Omits header row from displayed information if /fo is set to TABLE or CSV.
/v
Displays verbose information.
/fi FilterName
Filters the types of process(es) to kill (be sure to put the filter in quotes):
Status {eq | ne} {RUNNING | NOT RESPONDING | UNKNOWN}
Imagename {eq | ne}
Any valid string
PID {eg | ne | gt | lt | ge | le}
Any valid positive integer
Session {eg | ne | gt | lt | ge | le}
Any valid session number
CPUTime {eg | ne | gt | lt | ge | le}
Valid time in format HH:MM:SS
Memusage {eg | ne | gt | lt | ge | le}
Any valid integer
Username {eq | ne}
Any valid username in format Domain\UserName
Services {eq | ne}
Any valid string
Windowtitle {eq | ne}
Any valid string
Modules {eq | ne}
Any valid string
Display all running processes:
tasklist Image Name PID Session Name Session# Mem Usage = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = System Idle Process 0 Console 0 16 K System 4 Console 0 220 K smss.exe 280 Console 0 484 K csrss.exe 356 Console 0 3,092 K winlogon.exe 380 Console 0 5,500 K services.exe 424 Console 0 3,052 K lsass.exe 436 Console 0 22,168 K svchost.exe 664 Console 0 3,048 K svchost.exe 796 Console 0 3,948 K svchost.exe 812 Console 0 2,044 K svchost.exe 840 Console 0 21,448 K spoolsv.exe 1080 Console 0 7,696 K msdtc.exe 1104 Console 0 3,708 K dfssvc.exe 1172 Console 0 3,668 K dns.exe 1208 Console 0 5,128 K svchost.exe 1256 Console 0 1,628 K ismserv.exe 1292 Console 0 3,332 K ntfrs.exe 1304 Console 0 820 K svchost.exe 1400 Console 0 1,224 K tcpsvcs.exe 1436 Console 0 8,564 K svchost.exe 1652 Console 0 3,968 K alg.exe 1688 Console 0 3,444 K svchost.exe 1904 Console 0 3,344 K wmiprvse.exe 2208 Console 0 4,208 K csrss.exe 2384 RDP-Tcp#1 1 964 K winlogon.exe 2412 RDP-Tcp#1 1 3,092 K rdpclip.exe 2636 RDP-Tcp#1 1 2,280 K explorer.exe 2696 RDP-Tcp#1 1 10,312 K HelpCtr.exe 2836 RDP-Tcp#1 1 17,140 K HelpSvc.exe 2888 Console 0 8,368 K cmd.exe 3012 RDP-Tcp#1 1 564 K logon.scr 4008 Console 0 1,348 K wmiprvse.exe 704 Console 0 4,588 K notepad.exe 2548 RDP-Tcp#1 1 1,748 K tasklist.exe 2644 RDP-Tcp#1 1 3,036 K
List verbose info for process with ID 840:
tasklist /fi "PID eq 840" /fo list /v Image Name: svchost.exe PID: 840 Session Name: Console Session#: 0 Mem Usage: 21,440 K Status: Unknown usernames: NT AUTHORITY\SYSTEM CPU Time: 0:00:08 Window Title: N/A
List service info for this process:
tasklist /fi "PID eq 840" /fo list /svc Image Name: svchost.exe PID: 840 Services: Browser CryptSvc dmserver EventSystem helpsvc lanmanserver lanmanworkstation Netman Nla RasMan RemoteAccess Schedule seclogon SENS ShellHWDetection W32Time winmgmt wuauserv WZCSVC
tasklist replaces the
tlist support tool.
Tasks