Mini-Tip: Windows CLI Task manager > Tasklist

Özgür Kolukısa
3 min readOct 12, 2023

--

Managing a process in Windows OS is generally (Actually almost always ) done using GUI tools like Task Manager. It is a best friend of a Sysadmin/Windows admin through the decades.

Even task maneager is an essential tool for process management, you can use it just interactively. This means that you can’t use it for automation scripting purposes. If you need some scripting support, you need a better option, like tasklist & taskkill.

Tasklist is an equilavent of taskmgr.exe (Task Manager) and used to show process related information to you. If you run tasklist command directly, probably you couldn’t follow the output nor find the thing you want to look for. So it is better to run it with “more” tool like that:

PS C:\Users\ozgur> tasklist | more

Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 8 K
System 4 Services 0 100 K
Secure System 120 Services 0 74.716 K
Registry 204 Services 0 53.364 K
smss.exe 872 Services 0 996 K
csrss.exe 1400 Services 0 4.368 K
wininit.exe 1720 Services 0 5.048 K
services.exe 1884 Services 0 17.356 K
LsaIso.exe 1904 Services 0 4.028 K
lsass.exe 1920 Services 0 33.924 K
svchost.exe 8 Services 0 41.136 K
fontdrvhost.exe 1320 Services 0 2.548 K
svchost.exe 1452 Services 0 26.000 K
svchost.exe 1540 Services 0 9.668 K
WUDFHost.exe 1548 Services 0 7.992 K
svchost.exe 1824 Services 0 13.260 K
svchost.exe 2000 Services 0 9.432 K
svchost.exe 2204 Services 0 5.528 K
svchost.exe 2232 Services 0 8.364 K
svchost.exe 2244 Services 0 6.308 K
svchost.exe 2260 Services 0 12.056 K
svchost.exe 2284 Services 0 15.400 K
svchost.exe 2292 Services 0 4.020 K
svchost.exe 2304 Services 0 6.832 K
svchost.exe 2352 Services 0 8.292 K
WUDFHost.exe 2576 Services 0 14.676 K
svchost.exe 2588 Services 0 10.144 K
svchost.exe 2656 Services 0 8.456 K
svchost.exe 2676 Services 0 6.884 K
svchost.exe 2728 Services 0 8.344 K
svchost.exe 2768 Services 0 7.132 K
svchost.exe 2804 Services 0 22.196 K
svchost.exe 2864 Services 0 13.208 K
svchost.exe 2924 Services 0 9.528 K
IntelCpHDCPSvc.exe 3068 Services 0 4.048 K
-- More --

If you are particularly looking for a spesific exe or service name, you should use the pretty “findstr” tool of Windows. Some people may not know the findstr, but I can say that it almost an equilavent of Linux “grep” tool.

As an example, I am going to search docker.exe. For this, I need to just run

tasklist | findstr docker.exe

Then I saw a result like that.

Screenshot -1 — Tasklist output

The output as you see above is list us to docker.exe process information with pid number, Memory usage and interaction type (console).

To be honest, I not sure how this happened but, a few days ago there were tons of docker.exe process had started with increased count in my laptop. Then I realized that it caused by a stucked keyboard key. But killing bunch of process one by one could be a total time loss.

Let’s look how I cleaned that mess. I simply ran another Windows CLI tool named taskkill. You can dream it a part of tasklist or taskmgr.exe. It is responsible for killing process or threads. You can compare it to Linux’s “kill” command.

I ran it by> taskkill /IM docker.exe /F

As you see above, command immediately killed all the procesess name docker.exe with /F force parameter. /IM paramter means “Image Name”, you just provide the name of the process, not process ID. If you want to kill a spesific process id, you have to use /PID parameter instead of /IM. Or /T parameter can be another useful parameter, it kills child processes.

Todays short tip has done. I think it could be useful, and you can use these for your scripts for example System management purposes.

See you soon in another blog post.

Best

--

--