Finding the process ID

Each process running in Windows is assigned a unique decimal number called the process ID (PID). This number is used in a number of ways, for example to specify the process when attaching a debugger to it.

This topic describes how you can determine the PID for a given app using Task Manager, the tasklist Windows command, the TList utility, or the debugger.

Task Manager

Task Manager can be opened in a number of ways, but the simplest is to select Ctrl+Alt+Delete, and then select Task Manager.

In Windows 10, first click More details to expand the information displayed. From the Processes tab, select the Details tab to see the process ID listed in the PID column.

Click on any column name to sort. You can right click a process name to see more options for a process.

Some kernel errors may cause delays in Task Manager’s graphical interface.

The tasklist command

Use the built in Windows tasklist command from a command prompt to display all processes, their PIDs, and a variety of other details.

Use tasklist /? to display command line help.

TList utility

Task List Viewer (TList), or tlist.exe, is a command-line utility that displays the list of tasks, or user-mode processes, currently running on the local computer. TList is included in the Debugging Tools for Windows. For information on how to download and install the debugging tools, see Download Debugging Tools for Windows.

If you installed the Windows Driver Kit in the default directory on a 64 bit PC, the debugging tools are located here:

C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\

When you run TList from the command prompt, it will display a list of all the user-mode processes in memory with a unique PID number. For each process, it shows the PID, process name, and, if the process has a window, the title of that window.

For more information, see TList.

The .tlist debugger command

If there’s already a user-mode debugger running on the system in question, the .tlist (List Process IDs) command will display a list of all PIDs on that system.

PowerShell Get-Process command

To work with automation scripts, use the Get-Process PowerShell command. Specify a specific process name, to see the process ID for that process.

For more information, see Get-Process.

CSRSS and user-mode drivers

To debug a user-mode driver running on another computer, debug the Client Server Run-Time Subsystem (CSRSS) process. For more information, see Debugging CSRSS.

How do you list all processes on the command line in Windows?

Is there a command equivalent to ‘ps’ on Unix that can list all processes on a Windows machine?

15 Answers 15

Working with cmd.exe:

(you can query remote machines as well with /node:ComputerOrIP , and there are a LOT more ways to customize this command: link)

You can call wmic process list to see all processes.

I wanted to mention that WMIC (pam’s entry) can do a lot more. Have a look at my WMIC snippets page, which is a cheatsheet showing many of the common ways to use WMIC (with sample output shown) here

WMIC /OUTPUT:C:\ProcessList.txt PROCESS get Caption,Commandline,Processid

I tried on Windows 7. The command is: TASKLIST /FI «IMAGENAME eq application_name»

Eg: c:\>TASKLIST /FI «IMAGENAME eq notepad.exe»

To show all process with port details:

Also to kill the process you can use c:\> pskill or tskill processname

Eg: c:\> tskill notepad

tasklist or pslist from sysinternals. Also, get-process is amazing from PowerShell.

If you use Powershell, it has the ‘ps’ command (it is aliased to Get-Process)

To kill a process use:

If you running windows XP try using the ‘tasklist’ command. I tried it out with Vista and it seems to also work.

Use this command to see all the processes in windows machine

tasklist /svc

open windows command prompt

I had following problem on Windows 2003 SP2: Tasklist didn’t return any output on stdout or stderr, when called from a process started as Windows service (even under Local Account). Tasklist returned with the (undocumented) code 128.

Called from the same program started as a normal process (not as service), it did run.

No help to change it. I couldn’t find any reason or solution but use «pslist /accepteula» of sysinternal instead of it.

Same problem with taskkill: I had to replace it whith pskill.

I have done a msproject ( c source code) , archive is available at : lsproc.zip project archive

this is a command line tool output:

Using WMI and Powershell you can do:

Then you can filter properties using Select-Object and show in GUI using Out-GridView .

tasklist tasklist

Отображает список запущенных в данный момент процессов на локальном или удаленном компьютере. Displays a list of currently running processes on the local computer or on a remote computer. Tasklist заменяет средство TList . Tasklist replaces the tlist tool.

Эта команда заменяет средство TList . This command replaces the tlist tool.

Синтаксис Syntax

Параметры Parameters

Параметр Parameter	Описание Description
ключ /s	Указывает имя или IP-адрес удаленного компьютера (не используйте символы обратной косой черты). Specifies the name or IP address of a remote computer (do not use backslashes). По умолчанию это локальный компьютер. The default is the local computer.
/u \ /u \	Выполняет команду с разрешениями учетной записи пользователя, заданного или пользователем \ . Runs the command with the account permissions of the user who is specified by or by \ . Параметр /u может быть указан только в том случае, если задано также значение /s . The /u parameter can be specified only if /s is also specified. По умолчанию заданы разрешения пользователя, который в данный момент вошел в систему компьютера, выполняющего команду. The default is the permissions of the user who is currently logged on to the computer that is issuing the command.
/p

Указывает пароль учетной записи пользователя, указанной в параметре /u . Specifies the password of the user account that is specified in the /u parameter. /m /m Список всех задач с загруженными модулями DLL, которые соответствуют заданному имени шаблона. Lists all tasks with DLL modules loaded that match the given pattern name. Если имя модуля не указано, в этом параметре отображаются все модули, загруженные каждой задачей. If the module name is not specified, this option displays all modules loaded by each task. SVC svc Список всех сведений о службе для каждого процесса без усечения. Lists all the service information for each process without truncation. Допустим, если для параметра /FO задано значение Table. Valid when the /fo parameter is set to table. /v /v Отображает подробные сведения о задаче в выходных данных. Displays verbose task information in the output. Для получения подробных выходных данных без усечения используйте /v и /SVC вместе. For complete verbose output without truncation, use /v and /svc together. #b1

/fo

Указывает формат, используемый для выходных данных. Specifies the format to use for the output. Допустимые значения: Table, List и CSV. Valid values are table, list, and csv. Формат выходных данных по умолчанию — Table. The default format for output is table.
использован /nh	Подавляет вывод заголовков столбцов в выходных данных. Suppresses column headers in the output. Допустим, если для параметра /FO задано значение Table или CSV. Valid when the /fo parameter is set to table or csv.
/Fi /fi	Указывает типы процессов, включаемых в запрос или исключаемых из него. Specifies the types of processes to include in or exclude from the query. Можно использовать более одного фильтра или использовать подстановочный знак ( \ ) для указания всех задач или имен изображений. You can use more than one filter or use the wildcard character ( \ ) to specify all tasks or image names. Допустимые фильтры перечислены в разделе имена фильтров, операторы и значения этой статьи. The valid filters are listed in the Filter names, operators, and values section of this article.
/? /?	Отображение справки в командной строке. Displays help at the command prompt.

Имена фильтров, операторы и значения Filter names, operators, and values

Имя фильтра Filter Name	Допустимые операторы Valid Operators	Допустимые значения Valid Value(s)
Состояние STATUS	eq, ne eq, ne	RUNNING | NOT RESPONDING | UNKNOWN . RUNNING | NOT RESPONDING | UNKNOWN . Этот фильтр не поддерживается, если указана удаленная система. This filter isn’t supported if you specify a remote system.
IMAGENAME IMAGENAME	eq, ne eq, ne	Имя образа Image name
ИД процесса PID	eq, ne, gt, lt, ge, le eq, ne, gt, lt, ge, le	Значение PID PID value
SESSION SESSION	eq, ne, gt, lt, ge, le eq, ne, gt, lt, ge, le	Номер сеанса Session number
SESSIONNAME SESSIONNAME	eq, ne eq, ne	Имя сеанса Session name
CPUtime CPUtime	eq, ne, gt, lt, ge, le eq, ne, gt, lt, ge, le	Время ЦП в формате чч: мм: СС, где mm и SS находятся в диапазоне от 0 до 59, а чч — любое число без знака CPU time in the format HH:MM:SS, where MM and SS are between 0 and 59 and HH is any unsigned number
мемусаже MEMUSAGE	eq, ne, gt, lt, ge, le eq, ne, gt, lt, ge, le	Использование памяти в КБ Memory usage in KB
USERNAME USERNAME	eq, ne eq, ne	Любое допустимое имя пользователя ( или ) Any valid user name ( or )
Обслуживание SERVICES	eq, ne eq, ne	Имя службы Service name
WINDOWTITLE WINDOWTITLE	eq, ne eq, ne	Заголовок окна. Window title. Этот фильтр не поддерживается, если указана удаленная система. This filter isn’t supported if you specify a remote system.
МОДУЛЕ MODULES	eq, ne eq, ne	Имя DLL DLL name

Примеры Examples

Чтобы получить список всех задач с идентификатором процесса, превышающим 1000, и отобразить их в формате CSV, введите: To list all tasks with a process ID greater than 1000, and display them in csv format, type:

Чтобы получить список системных процессов, выполняемых в данный момент, введите: To list the system processes that are currently running, type:

Чтобы вывести подробные сведения обо всех выполняющихся процессах, введите: To list detailed information for all processes that are currently running, type:

Чтобы получить список всех сведений о службе для процессов на удаленном компьютере срвмаин с именем DLL, начинающимся с NTDLL, введите: To list all the service information for processes on the remote computer srvmain, which has a DLL name beginning with ntdll, type:

Чтобы получить список процессов на удаленном компьютере срвмаин, используя учетные данные текущей учетной записи пользователя, выполнившего вход в систему, введите: To list the processes on the remote computer srvmain, using the credentials of your currently logged-on user account, type:

Чтобы получить список процессов на удаленном компьютере срвмаин, используя учетные данные хироплн учетной записи пользователя, введите: To list the processes on the remote computer srvmain, using the credentials of the user account Hiropln, type:

get process name from process id (win32)

I need to get a list of all processes on a windows system including names and PID.
EnumProcess can obtain a list of pids, but how do I get the process name from the pid? I don’t want to call OpenProcess on the process as that doesn’t always work (like if the other process is run by a different user).

3 Answers 3

Ýou can get the process identifier and name for all running processes using the ToolHelp API.
The following code will display the pid and name for each process.

You have different option which you can use to receive exe names of currently running processes (process names like you wrote). The best way depends a little from the programming language which you use and from other requirements. For example you can use WMI. One other more old way is the usage of Performance Counters (see also An Introduction To Performance Counters). To get the counters values you can just use registry query operations from the HKEY_PERFORMANCE_DATA base key (see Retrieving Counter Data)

One more way which can be also good used is the NtQuerySystemInformation function with SystemProcessInformation as a parameter. EnumProcess and many other Windows API use the function internally. The struct SYSTEM_PROCESS_INFORMATION defined in the documentation of NtQuerySystemInformation has many «undocumented» but since many many years well-known fields. If you search in the Internet for the definition of the structure you will fined full documentation. I wonder that the function hat status not full documented. The function was at least in NT 3.5 (probably also before) and can be good used now on Windows 7 32- or 64-bit. To be exact below you will find a small C test program which print all process ids with the corresponding exe names (not full exe path, just the file name):

CreateToolhelp32Snapshot() will give you the process name (but not the path); other than that, you will have to call OpenProcess(). If your code is running in an administrative context you could enable the SE_DEBUG_NAME privilege to get access to processes running under other contexts.

Not the answer you’re looking for? Browse other questions tagged c winapi process pid or ask your own question.

Linked

Related

Hot Network Questions

Subscribe to RSS

To subscribe to this RSS feed, copy and paste this URL into your RSS reader.

site design / logo © 2021 Stack Exchange Inc; user contributions licensed under cc by-sa. rev 2021.4.16.39093

By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.