Как узнать PID (идентификатор процесса) в Windows

В данной статье показаны действия, с помощью которых можно узнать PID (идентификатор процесса) в операционной системе Windows.

Идентификатор процесса (process identifier, PID) — уникальный номер процесса в операционной системе Windows.

Все процессы имеют уникальные идентификаторы PID, которые автоматически присваиваются каждому процессу когда он создается в операционной системе, что позволяет ядру системы различать процессы.

При необходимости можно узнать PID (идентификатор процесса).

Как узнать PID (идентификатор процесса) в диспетчере задач

Чтобы узнать PID (идентификатор процесса), откройте диспетчер задач и перейдите на вкладку Процессы, затем нажмите правой кнопкой мыши на заголовок таблицы и в контекстном меню выберите пункт ИД процесса .

Теперь найдите нужный процесс, и в столбце ИД процесса будет отображен идентификатор соответствующего процесса.

Как узнать PID (идентификатор процесса) в командной строке

Также узнать PID (идентификатор процесса) можно используя командную строку.

Запустите командную строку и выполните следующую команду:

Найдите нужный процесс, в столбце PID будет отображен идентификатор процесса.

Также можно отобразить процессы в виде списка, для этого в командной строке выполните следующую команду:

Найдите нужный процесс, в строке PID будет отображен идентификатор процесса.

Используя рассмотренные выше действия, можно узнать PID (идентификатор процесса) в операционной системе Windows.

Finding the process ID

Each process running in Windows is assigned a unique decimal number called the process ID (PID). This number is used in a number of ways, for example to specify the process when attaching a debugger to it.

This topic describes how you can determine the PID for a given app using Task Manager, the tasklist Windows command, the TList utility, or the debugger.

Task Manager

Task Manager can be opened in a number of ways, but the simplest is to select Ctrl+Alt+Delete, and then select Task Manager.

In Windows 10, first click More details to expand the information displayed. From the Processes tab, select the Details tab to see the process ID listed in the PID column.

Click on any column name to sort. You can right click a process name to see more options for a process.

Some kernel errors may cause delays in Task Manager’s graphical interface.

The tasklist command

Use the built in Windows tasklist command from a command prompt to display all processes, their PIDs, and a variety of other details.

Use tasklist /? to display command line help.

TList utility

Task List Viewer (TList), or tlist.exe, is a command-line utility that displays the list of tasks, or user-mode processes, currently running on the local computer. TList is included in the Debugging Tools for Windows. For information on how to download and install the debugging tools, see Download Debugging Tools for Windows.

If you installed the Windows Driver Kit in the default directory on a 64 bit PC, the debugging tools are located here:

C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\

When you run TList from the command prompt, it will display a list of all the user-mode processes in memory with a unique PID number. For each process, it shows the PID, process name, and, if the process has a window, the title of that window.

For more information, see TList.

The .tlist debugger command

If there’s already a user-mode debugger running on the system in question, the .tlist (List Process IDs) command will display a list of all PIDs on that system.

PowerShell Get-Process command

To work with automation scripts, use the Get-Process PowerShell command. Specify a specific process name, to see the process ID for that process.

For more information, see Get-Process.

CSRSS and user-mode drivers

To debug a user-mode driver running on another computer, debug the Client Server Run-Time Subsystem (CSRSS) process. For more information, see Debugging CSRSS.

Find the PID of a process that uses a port on Windows

My service crash on startup with the classic:

How can I find the process for killing it?

7 Answers 7

Just open a command shell and type (saying your port is 123456):

You will see everything you need.

The headers are:

Find the PID of a process that uses a port on Windows (e.g. port: «9999»)

-a Displays all connections and listening ports.

-o Displays the owning process ID associated with each connection.

-n Displays addresses and port numbers in numerical form.

Then kill the process by PID

/F — Specifies to forcefully terminate the process(es).

Note: You may need an extra permission (run from administrator) to kill some certain processes

Command:

Output:

Now cut the process ID, «10396», using the for command in Windows.

Command:

Output:

If you want to cut the 4th number of the value means «LISTENING» then command in Windows.

Command:

Output:

If you want to do this programmatically you can use some of the options given to you as follows in a PowerShell script:

However; be aware that the more accurate you can be the more precise your PID result will be. If you know which host the port is supposed to be on you can narrow it down a lot. netstat -aon | findstr «0.0.0.0:9999» will only return one application and most llikely the correct one. Only searching on the port number may cause you to return processes that only happens to have 9999 in it, like this:

The most likely candidate usually ends up first, but if the process has ended before you run your script you may end up with PID 12331 instead and killing the wrong process.

How do you list all processes on the command line in Windows?

Is there a command equivalent to ‘ps’ on Unix that can list all processes on a Windows machine?

15 Answers 15

Working with cmd.exe:

(you can query remote machines as well with /node:ComputerOrIP , and there are a LOT more ways to customize this command: link)

You can call wmic process list to see all processes.

I wanted to mention that WMIC (pam’s entry) can do a lot more. Have a look at my WMIC snippets page, which is a cheatsheet showing many of the common ways to use WMIC (with sample output shown) here

WMIC /OUTPUT:C:\ProcessList.txt PROCESS get Caption,Commandline,Processid

I tried on Windows 7. The command is: TASKLIST /FI «IMAGENAME eq application_name»

Eg: c:\>TASKLIST /FI «IMAGENAME eq notepad.exe»

To show all process with port details:

Also to kill the process you can use c:\> pskill or tskill processname

Eg: c:\> tskill notepad

tasklist or pslist from sysinternals. Also, get-process is amazing from PowerShell.

If you use Powershell, it has the ‘ps’ command (it is aliased to Get-Process)

To kill a process use:

If you running windows XP try using the ‘tasklist’ command. I tried it out with Vista and it seems to also work.

Use this command to see all the processes in windows machine

tasklist /svc

open windows command prompt

I had following problem on Windows 2003 SP2: Tasklist didn’t return any output on stdout or stderr, when called from a process started as Windows service (even under Local Account). Tasklist returned with the (undocumented) code 128.

Called from the same program started as a normal process (not as service), it did run.

No help to change it. I couldn’t find any reason or solution but use «pslist /accepteula» of sysinternal instead of it.

Same problem with taskkill: I had to replace it whith pskill.

I have done a msproject ( c source code) , archive is available at : lsproc.zip project archive

this is a command line tool output:

Using WMI and Powershell you can do:

Then you can filter properties using Select-Object and show in GUI using Out-GridView .

Get-Process

Gets the processes that are running on the local computer.

Syntax

Description

The Get-Process cmdlet gets the processes on a local or remote computer.

Without parameters, this cmdlet gets all of the processes on the local computer. You can also specify a particular process by process name or process ID (PID) or pass a process object through the pipeline to this cmdlet.

By default, this cmdlet returns a process object that has detailed information about the process and supports methods that let you start and stop the process. You can also use the parameters of the Get-Process cmdlet to get file version information for the program that runs in the process and to get the modules that the process loaded.

Examples

Example 1: Get a list of all active processes on the local computer

This command gets a list of all active processes running on the local computer. For a definition of each column, see the Notes section.

Example 2: Get all available data about one or more processes

This command gets all available data about the Winword and Explorer processes on the computer. It uses the Name parameter to specify the processes, but it omits the optional parameter name. The pipeline operator | passes the data to the Format-List cmdlet, which displays all available properties * of the Winword and Explorer process objects.

You can also identify the processes by their process IDs. For instance, Get-Process -Id 664, 2060 .

Example 3: Get all processes with a working set greater than a specified size

This command gets all processes that have a working set greater than 20 MB. It uses the Get-Process cmdlet to get all running processes. The pipeline operator | passes the process objects to the Where-Object cmdlet, which selects only the object with a value greater than 20,000,000 bytes for the WorkingSet property.

WorkingSet is one of many properties of process objects. To see all of the properties, type Get-Process | Get-Member . By default, the values of all amount properties are in bytes, even though the default display lists them in kilobytes and megabytes.

Example 4: List processes on the computer in groups based on priority

These commands list the processes on the computer in groups based on their priority class. The first command gets all the processes on the computer and then stores them in the $A variable.

The second command pipes the Process object stored in the $A variable to the Get-Process cmdlet, then to the Format-Table cmdlet, which formats the processes by using the Priority view.

The Priority view, and other views, are defined in the PS1XML format files in the PowerShell home directory ( $pshome ).

Example 5: Add a property to the standard Get-Process output display

This example retrieves processes from the local computer and a remote computer (S1). The retrieved processes are piped to the Format-Table command that adds the MachineName property to the standard Get-Process output display.

Example 6: Get version information for a process

This command uses the FileVersionInfo parameter to get the version information for the pwsh.exe file that is the main module for the PowerShell process.

To run this command with processes that you do not own on Windows Vista and later versions of Windows, you must open PowerShell with the Run as administrator option.

Example 7: Get modules loaded with the specified process

This command uses the Module parameter to get the modules that have been loaded by the process. This command gets the modules for the processes that have names that begin with SQL.

To run this command on Windows Vista and later versions of Windows with processes that you do not own, you must start PowerShell with the Run as administrator option.

Example 8: Find the owner of a process

This command shows how to find the owner of a process. On Windows, the IncludeUserName parameter requires elevated user rights (Run as Administrator). The output reveals that the owner is Domain01\user01.

Example 9: Use an automatic variable to identify the process hosting the current session

These commands show how to use the $PID automatic variable to identify the process that is hosting the current PowerShell session. You can use this method to distinguish the host process from other PowerShell processes that you might want to stop or close.

The first command gets all of the PowerShell processes in the current session.

The second command gets the PowerShell process that is hosting the current session.

Example 10: Get all processes that have a main window title and display them in a table

This command gets all the processes that have a main window title, and it displays them in a table with the process ID and the process name.

The mainWindowTitle property is just one of many useful properties of the Process object that Get-Process returns. To view all of the properties, pipe the results of a Get-Process command to the Get-Member cmdlet Get-Process | Get-Member .

Parameters

Indicates that this cmdlet gets the file version information for the program that runs in the process.

On Windows Vista and later versions of Windows, you must open PowerShell with the Run as administrator option to use this parameter on processes that you do not own.

To get file version information for a process on a remote computer, use the Invoke-Command cmdlet.

Using this parameter is equivalent to getting the MainModule.FileVersionInfo property of each process object. When you use this parameter, Get-Process returns a FileVersionInfo object System.Diagnostics.FileVersionInfo, not a process object. So, you cannot pipe the output of the command to a cmdlet that expects a process object, such as Stop-Process .

Type:	SwitchParameter
Aliases:	FV, FVI
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

Specifies one or more processes by process ID (PID). To specify multiple IDs, use commas to separate the IDs. To find the PID of a process, type Get-Process .

Type:	Int32 [ ]
Aliases:	PID
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

Indicates that the UserName value of the Process object is returned with results of the command.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

Specifies one or more process objects. Enter a variable that contains the objects, or type a command or expression that gets the objects.

Type:	Process [ ]
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

Indicates that this cmdlet gets the modules that have been loaded by the processes.

On Windows Vista and later versions of Windows, you must open PowerShell with the Run as administrator option to use this parameter on processes that you do not own.

To get the modules that have been loaded by a process on a remote computer, use the Invoke-Command cmdlet.

This parameter is equivalent to getting the Modules property of each process object. When you use this parameter, this cmdlet returns a ProcessModule object System.Diagnostics.ProcessModule, not a process object. So, you cannot pipe the output of the command to a cmdlet that expects a process object, such as Stop-Process .

When you use both the Module and FileVersionInfo parameters in the same command, this cmdlet returns a FileVersionInfo object with information about the file version of all modules.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

Specifies one or more processes by process name. You can type multiple process names (separated by commas) and use wildcard characters. The parameter name («Name») is optional.

Type:	String [ ]
Aliases:	ProcessName
Position:	0
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	True

Inputs

You can pipe a process object to this cmdlet.