How do you list all processes on the command line in Windows?

Question

Is there a command equivalent to 'ps' on Unix that can list all processes on a Windows machine?

This [Starting and Stopping process in Windows from command Line](http://opensourceforgeeks.blogspot.in/2014/09/starting-and-stopping-process-in.html) might be useful. — Aniket Thakur, Sep 21 '14 at 09:17

score 460 · Accepted Answer · edited May 15 '22 at 11:35

460

Working with cmd.exe:

tasklist

If you have Powershell:

get-process

Via WMI:

wmic process

(you can query remote machines as well with /node:ComputerOrIP, and there are a LOT more ways to customize this command: link)

edited May 15 '22 at 11:35

aggserp4

3
2

answered Sep 10 '08 at 05:52

Factor Mystic

12,647
7
47
53

44

you might want to pipe it to the clipboard then paste into notepad: c:\>tasklist | clip – Aug 25 '11 at 21:04
3

Specifically you could try >tasklist /FI "SERVICES eq wampapache" – RiggsFolly May 01 '13 at 00:25
If I list tasks with tasklist, how do I then end a task from command prompt? – Kyle Delaney Mar 17 '17 at 21:59
2

If you use Powershell, it's really convenient to pipe it to Out-Gridview, like this: "Get-Process | Out-GridView" – Charles Burge Jun 01 '18 at 06:44
3

Or just pipe it directly into a text file: C:>tasklist > C:\myProcesses.txt – P.Brian.Mackey Dec 26 '18 at 13:37
"The WMI command-line (WMIC) utility is deprecated as of Windows 10" Please use Get-WmiObject or tothers. – poloC Sep 05 '22 at 16:15

score 92 · Answer 2 · answered Sep 10 '08 at 05:56

92

There is a tool called Windows Management Instrumentation Command-line tool (wmic.exe).

You can call wmic process list to see all processes.

answered Sep 10 '08 at 05:56

Paulius Maruška

1,021
6
3

5

I found this s.o. thread while trying to solve the same problem, and wanted to point out that wmic worked well for me. With wmic you can choose the most appropriate output for parsing, using /format:csv or /format:rawout. Beware: wmic does *not* implement csv format correctly (fields are *never* quoted, even if they contain embedded quotes or commas), so I was forced to use xml. – JimN Jul 28 '11 at 02:05
2

@JimN - /format:rawxml and not /format:rawout – Joe Jan 24 '14 at 15:32
Can you filter any process using wmic ? – Kiquenet Sep 03 '15 at 05:40
1

If you need to find the command line that launched the process this is the answer – Shane Gannon Feb 15 '16 at 16:30
To **reduce the number of columns** to print: `wmic process get ProcessId,Description,ParentProcessId,ReadOperationCount,WriteOperationCount`, and as @ShaneGannon suggested, you might query the `ParentProcessId` to find child processes, e.g.: https://justpaste.it/6kjou – CPHPython Jun 03 '20 at 17:03

score 31 · Answer 3 · answered Sep 15 '08 at 09:53

31

I wanted to mention that WMIC (pam's entry) can do a lot more. Have a look at my WMIC snippets page, which is a cheatsheet showing many of the common ways to use WMIC (with sample output shown) here

answered Sep 15 '08 at 09:53

user4197

567
4
10

A simplified example (**less columns**): `wmic process get ProcessId,Description,ParentProcessId,ReadOperationCount,WriteOperationCount` – CPHPython Jun 03 '20 at 15:58
Your page about WMIC and WMIC+PS is quite useful. – sancho.s ReinstateMonicaCellio Jul 11 '20 at 12:14

score 22 · Answer 4 · answered Feb 15 '10 at 08:06

22

Tasklist
WMIC /OUTPUT:C:\ProcessList.txt PROCESS get Caption,Commandline,Processid

or

 WMIC /OUTPUT:C:\ProcessList.txt path win32_process get Caption,Processid,Commandline

answered Feb 15 '10 at 08:06

score 20 · Answer 5 · answered Nov 08 '11 at 11:56

20

I tried on Windows 7. The command is: TASKLIST /FI "IMAGENAME eq application_name"

Eg: c:\>TASKLIST /FI "IMAGENAME eq notepad.exe"

To show all process with port details:

c:\> TASKLIST

Also to kill the process you can use c:\> pskill or tskill processname

Eg: c:\> tskill notepad

answered Nov 08 '11 at 11:56

1

`TASKLIST /FI "IMAGENAME eq explorer.exe"` returns one whole line as output. Is there anyway to get just the PID itself? – Pacerier May 05 '15 at 00:03
for a more human-memorable command, `taskkill` is synonymous to `tskill` – Mushroom Man Dec 05 '17 at 01:24
On 8.1, there is no `tskill` only `taskkill`, and `pskill` is provided by SysInternals but not Windows. (@KiritoBepsibane) – dave_thompson_085 Jun 01 '18 at 06:59

score 12 · Answer 6 · answered Sep 10 '08 at 05:57

12

tasklist or pslist from sysinternals. Also, get-process is amazing from PowerShell.

answered Sep 10 '08 at 05:57

Hafthor

980
1
13
23

score 6 · Answer 7 · answered Sep 10 '08 at 07:48

6

If you use Powershell, it has the 'ps' command (it is aliased to Get-Process)

answered Sep 10 '08 at 07:48

user15123

161
2

This alias is part of a long list of convenient aliases set by default, which makes life easier for people used to Unix commands. One can get such list (into a file for later reference) with `Get-Alias > ps_alias.txt`. – sancho.s ReinstateMonicaCellio Jul 11 '20 at 12:08

score 4 · Answer 8 · edited Nov 07 '16 at 05:46

4

To kill a process use:

TASKKILL /F /IM processname.exe

For example:

TASKKILL /F /IM firefox.exe

edited Nov 07 '16 at 05:46

Gaff

18,569
15
57
68

answered May 08 '13 at 11:58

3

This isn't a good answer. The question is how to list processes, not how to kill them. – Rikki Gibson Sep 30 '19 at 21:47

score 2 · Answer 9 · answered Jun 01 '18 at 04:58

2

open windows command prompt

C:\>tasklist                       // list all the tasks


C:\>Taskkill /IM firefox.exe /F     // Kill task by name

or

C:\>Taskkill /PID 26356 /F           // kill task by PId

answered Jun 01 '18 at 04:58

spacedev

131
1

score 2 · Answer 10 · answered Sep 10 '08 at 05:52

2

If you running windows XP try using the 'tasklist' command. I tried it out with Vista and it seems to also work.

answered Sep 10 '08 at 05:52

Marcel

371
1
2
5

score 1 · Answer 11 · answered Sep 05 '14 at 07:30

1

Use this command to see all the processes in windows machine

tasklist /svc

answered Sep 05 '14 at 07:30

LOKESH

131
1
6

1

Can you filter any process using tasklist with pipe or another way ? – Kiquenet Sep 03 '15 at 05:41
@Kiquenet Yes you can: `tasklist|findstr "firefox.exe"`. If this returns an `errorlevel` of 1 the process was found in the list of processes. – Andreas Mar 18 '16 at 06:48
@mrt: `findstr` doesn't need quotes around the needle unless it contains space or special character like & although `find` does, and both of them return 1 for NOT found (0 for found). – dave_thompson_085 Jun 01 '18 at 06:54
@dave_thompson_085 Of course you are right, but in my opinion it's a good habit to put strings into quotes. This keeps me from accidently leave them out when they are needed. Also, it makes the statement easier to read since it's instantly obvious what the search term is. – Andreas Jun 03 '18 at 15:26

score 0 · Answer 12 · answered Sep 16 '20 at 07:29

0

Using WMI and Powershell you can do:

Get-WMIObject -Class Win32_Process

Then you can filter properties using Select-Object and show in GUI using Out-GridView.

answered Sep 16 '20 at 07:29

Wasif

7,984
2
19
32

score 0 · Answer 13 · answered Jun 17 '21 at 02:38

0

For more process info

running in cmd,handle is the process id:

wmic.exe path Win32_Process where handle='22792' get Commandline /format:list

result:

/path/to/app.exe [args specified goes here]

answered Jun 17 '21 at 02:38

sammy

101
2

score 0 · Answer 14 · answered Mar 25 '11 at 18:47

I have done a msproject ( c source code) , archive is available at : lsproc.zip project archive

and exe file: lsproc.exe binary

this is a command line tool output:

lsproc 
Thierry Bremard
[email protected]
list binary files and driver with their local path on disks
most of code retreived from msdn site
--------------------

Process ID: 0
--------------------

Process ID: 4
<unknown>  (PID: 4)
<unknown>
    PageFaultCount             : 0x00002E4B
    PeakWorkingSetSize         : 0x00419000
    WorkingSetSize (Mem usage) : 0x0003A000 (232 ko)
    QuotaPeakPagedPoolUsage    : 0x00000000
    QuotaPagedPoolUsage        : 0x00000000
    QuotaPeakNonPagedPoolUsage : 0x00000000
    QuotaNonPagedPoolUsage     : 0x00000000
    PagefileUsage              : 0x00000000
    PeakPagefileUsage          : 0x00000000
--------------------

Process ID: 764
smss.exe  (PID: 764)
\SystemRoot\System32\smss.exe
    PageFaultCount             : 0x000000D6
    PeakWorkingSetSize         : 0x00082000
    WorkingSetSize (Mem usage) : 0x0006C000 (432 ko)
    QuotaPeakPagedPoolUsage    : 0x00006C34
    QuotaPagedPoolUsage        : 0x00001854
    QuotaPeakNonPagedPoolUsage : 0x000004D8
    QuotaNonPagedPoolUsage     : 0x00000280
    PagefileUsage              : 0x0002C000
    PeakPagefileUsage          : 0x00030000
--------------------

Process ID: 816
--------------------

Process ID: 844
winlogon.exe  (PID: 844)
\??\C:\WINDOWS\system32\winlogon.exe
    PageFaultCount             : 0x0000261D
    PeakWorkingSetSize         : 0x00B58000
    WorkingSetSize (Mem usage) : 0x0029B000 (2668 ko)
    QuotaPeakPagedPoolUsage    : 0x0001B054
    QuotaPagedPoolUsage        : 0x000185A4
    QuotaPeakNonPagedPoolUsage : 0x0000C988
    QuotaNonPagedPoolUsage     : 0x0000B6A0
    PagefileUsage              : 0x005EC000
    PeakPagefileUsage          : 0x006C6000
--------------------

...
    PeakPagefileUsage          : 0x03277000
--------------------

Process ID: 2712
lsproc.exe  (PID: 2712)
C:\Documents and Settings\LoginX\Bureau\lsproc.exe
    PageFaultCount             : 0x000000EC
    PeakWorkingSetSize         : 0x000F1000
    WorkingSetSize (Mem usage) : 0x000E4000 (912 ko)
    QuotaPeakPagedPoolUsage    : 0x000032B4
    QuotaPagedPoolUsage        : 0x000032B4
    QuotaPeakNonPagedPoolUsage : 0x00000400
    QuotaNonPagedPoolUsage     : 0x00000398
    PagefileUsage              : 0x00042000
    PeakPagefileUsage          : 0x0005C000
There are 131 drivers:
--------------------
   1: ntkrnlpa.exe
\WINDOWS\system32\ntkrnlpa.exe
--------------------
   2: hal.dll
\WINDOWS\system32\hal.dll
--------------------
   3: KDCOM.DLL
\WINDOWS\system32\KDCOM.DLL
--------------------
   4: BOOTVID.dll
\WINDOWS\system32\BOOTVID.dll


...


--------------------
 129: HTTP.sys
\SystemRoot\System32\Drivers\HTTP.sys
--------------------
 130: hiber_WMILIB.SYS
\SystemRoot\System32\Drivers\hiber_WMILIB.SYS
--------------------
 131: ntdll.dll
\WINDOWS\system32\ntdll.dll



--------------

score 0 · Answer 15 · answered May 16 '12 at 06:58

I had following problem on Windows 2003 SP2: Tasklist didn't return any output on stdout or stderr, when called from a process started as Windows service (even under Local Account). Tasklist returned with the (undocumented) code 128.

Called from the same program started as a normal process (not as service), it did run.

No help to change it. I couldn't find any reason or solution but use "pslist /accepteula" of sysinternal instead of it.

Same problem with taskkill: I had to replace it whith pskill.

score -1 · Answer 16 · answered Aug 14 '14 at 14:05

-1

Hello if you want to list running process ID's on a Windows machine then open a cmd screen and type:

netstat -aon | more

use the Enter key to scroll.

answered Aug 14 '14 at 14:05

That only gives processes that are accessing the network, which is NOT all processes. – dave_thompson_085 Jun 01 '18 at 06:55

How do you list all processes on the command line in Windows?

16 Answers16

Linked