We will be working on the command-line for this one so start Command Prompt.

Start-->run-->cmd [enter] now the 2 commands to be used today are: * taskkill * tasklist Both commands do what they say. 'taskkill' is used to 'kill' a process and 'task list' gets you a list. let's take a look at the options. Type: 'taskkill /?' (without quotes) in the Co mmand Prompt screen. you get this: Quote:

TASKKILL [/S system [/U username [/P [password]]]] { [/FI filter] [/PID processid | /IM imagename] } [/F] [/T] Description: This command line tool can be used to end one or more processes. Processes can be killed by the process id or image name. Parameter List: /S system Specifies the remote system to connect to. /U [domain\]user Specifies the user context under which the command should execute. /P [password] Specifies the password for the given user context. Prompts for input if omitted. /F Specifies to forcefully terminate process(es). /FI filter Displays a set of tasks that match a given criteria specified by the filter. /PID process id Specifies the PID of the process that has to be terminated. /IM image name Specifies the image name of the process that has to be terminated. Wildcard '*' can be used to specify all image names. /T Tree kill: terminates the specified process and any child processes which were started by it. /? Displays this help/usage. Filters: Filter Name Valid Operators Valid Value(s) ----------- --------------- -------------STATUS eq, ne RUNNING | NOT RESPONDING IMAGENAME eq, ne Image name PID eq, ne, gt, lt, ge, le PID value SESSION eq, ne, gt, lt, ge, le Session number.

CPUTIME eq, ne, gt, lt, ge, le CPU time in the format of hh:mm:ss. hh - hours, mm - minutes, ss - seconds MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB USERNAME eq, ne User name in [domain\]user format MODULES eq, ne DLL name SERVICES eq, ne Service name WINDOWTITLE eq, ne Window title NOTE: Wildcard '*' for the /IM switch is accepted only with filters. NOTE: Termination of remote processes will always be done forcefully irrespective of whether /F option is specified or not. Examples: TASKKILL /S system /F /IM notepad.exe /T TASKKILL /PID 1230 /PID 1241 /PID 1253 /T TASKKILL /F /IM notepad.exe /IM mspaint.exe TASKKILL /F /FI "PID ge 1000" /FI "WINDOWTITLE ne untitle*" TASKKILL /F /FI "USERNAME eq NT AUTHORITY\SYSTEM" /IM notepad.exe TASKKILL /S system /U domain\username /FI "USERNAME ne NT*" /IM * TASKKILL /S system /U username /P password /FI "IMAGENAME eq note*" Now this might look like a lot of bullshit to you... But be assured we won't need most of it Our most useful switches are: /IM (Note the capitals!!) Quote:

Specifies the image name of the process that has to be terminated. Wildcard '*' can be used to specify all image names. This is the switch we need. So if you want explorer.exe down you type: 'taskkill /IM explorer.exe' and the explorer goes down with a nice message: Quote:

SUCCESS: The process "explorer.exe" with PID 1260 has been terminated. If for some reason it doesn't work try this: /F (Note again the capitals!!) Quote:

Specifies to forcefully terminate process(es).

Handy if an app doesn't want down So if we wan't explorer down the command is: 'taskkill /F /IM explorer.exe' and we get the message we wanted: Quote:

SUCCESS: The process "explorer.exe" with PID 1260 has been terminated. Now if you don't now the process to kill we can list them with 'tasklist' (duh.. .) We could type 'tasklist /?' to get another nice helplist again but we won't need that for this tutorial. if you want to take a look at it go ahead. so go ahead and type 'tasklist' in your command prompt. A list speeds by and we don't see anything.... now there's a nice option that will get us the results in a text file. type: tasklist>>C:\tasklist.txt Now it looks like nothing happens. .. but go and check your C:\ yes there it is all our tasks in an txt file. Enjoy Note: I made a simple batch file which makes it easier to kill and list tasks ~SkiZo. Taskkill help file. Tasklist help file. Easy batch file. (Download with rightmousebutton-->save as..)