WindowsThere has been more than a few times when something has gone horribly wrong on my PC or server, where something randomly decides to endlessly spawn new versions of itself (usually due to some programming oversight), essentially choking the very life out of my poor processor.

Now one of the simplest way to get these endless spawning miscreants out of the way is simply to ask the operating system to handle killing them off, and one of the easiest methods to achieve this is by using Windows XP’s inbuilt taskkill command line application, the usage of which is outlined below:

TASKKILL [/S system [/U username [/P [password]]]]
{ [/FI filter] [/PID processid | /IM imagename] } [/T] [/F]

Description:
This tool is used to terminate tasks by process id (PID) or image name.

Parameter List:

/S system Specifies the remote system to connect to.
/U [domain]user Specifies the user context under which the
command should execute.
/P [password] Specifies the password for the given user
context. Prompts for input if omitted.
/FI filter Applies a filter to select a set of tasks.
Allows “*” to be used. ex. imagename eq acme*
/PID processid Specifies the PID of the process to be terminated.
Use TaskList to get the PID.
/IM imagename Specifies the image name of the process
to be terminated. Wildcard ‘*’ can be used
to specify all tasks or image names.
/T Terminates the specified process and any
child processes which were started by it.
/F Specifies to forcefully terminate the process(es).

Filters:

Filter Name Valid Operators Valid Value(s)
———– ————— ————————-
STATUS eq, ne RUNNING |
NOT RESPONDING | UNKNOWN
IMAGENAME eq, ne Image name
PID eq, ne, gt, lt, ge, le PID value
SESSION eq, ne, gt, lt, ge, le Session number.
CPUTIME eq, ne, gt, lt, ge, le CPU time in the format
of hh:mm:ss.
hh – hours,
mm – minutes, ss – seconds
MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB

USERNAME eq, ne User name in [domain]user
format
MODULES eq, ne DLL name
SERVICES eq, ne Service name
WINDOWTITLE eq, ne Window title

NOTE

  1. Wildcard ‘*’ for /IM switch is accepted only when a filter is applied.
  2. Termination of remote processes will always be done forcefully (/F).
  3. “WINDOWTITLE” and “STATUS” filters are not considered when a remote
    machine is specified.

Examples:

  • TASKKILL /IM notepad.exe
  • TASKKILL /PID 1230 /PID 1241 /PID 1253 /T
  • TASKKILL /F /IM cmd.exe /T
  • TASKKILL /F /FI “PID ge 1000” /FI “WINDOWTITLE ne untitle*”
  • TASKKILL /F /FI “USERNAME eq NT AUTHORITYSYSTEM” /IM notepad.exe
  • TASKKILL /S system /U domainusername /FI “USERNAME ne NT*” /IM *
  • TASKKILL /S system /U username /P password /FI “IMAGENAME eq note*”