We can kill a process from GUI using Task manager.
If you want to do the same from command line, then taskkill is the command you are looking for. This command has got options to kill a task/process either by using the process id or by the image file name.
Kill a process using image name:
We can kill all the processes running a specific executable using the below command.
taskkill /IM executablename
Example:
Kill all processes running mspaint.exe:
c:\>taskkill /IM notepad.exe SUCCESS: Sent termination signal to the process "notepad.exe" with PID xxx.
Kill a process forcibly
In some cases, we need to forcibly kill applications. For example, if we try to to kill Internet explorer with multiple tabs open, tasklist command would ask the user for confirmation. We would need to add /F flag to kill IE without asking for any user confirmation.
taskkill /F /IM notepad.exe
taskkil /IM notepad.exe /F
/F : to forcibly kill the process. If not used, in the above case it will prompt the user if the opened pages in tabs need to be saved.
To kill Windows explorer, the following command would work
C:\>taskkill /F /IM notepad.exe SUCCESS: The process "notepad.exe" with PID xxx has been terminated.
The above command would make all GUI windows disappear. You can restart explorer by running ‘notepad’ from cmd.
Not using /F option, would send a terminate signal. In Windows 7, this throws up a shutdown dialog to the user.
Kill a process with process id:
We can use below command to kill a process using process id(pid).
taskkill /PID processId
Example:
Kill a process with pid xxxx.
taskkill /PID xxxx
Kill processes consuming high amount of memory
taskkill /FI "memusage gt value"
For example, to kill processes consuming more than 300 MB memory, we can run the below command
taskkill /FI "memusage gt 3000000"
More examples
Sometimes applications get into hung state when they are overloaded or if the system is running with low available memory. When we can’t get the application to usable state, and closing the application does not work, what we usually tend to do is kill the task/process. This can be simply done using taskkill command.
To kill firefox browser application
taskkill /F /IM explorer.exe
To kill MS Word or Excel application(Don’t do this if you haven’t saved your work)
taskkill /F /IM WINWORD.exe
taskkill /F /IM EXCEL.exe
Sometimes, the command window itself might not be responding. You can open a new command window and kill all the command windows
taskkill /F /IM cmd.exe
This even kills the current command window from which you have triggered the command.
Taskkill help:
taskkill /?
TASKKILL [/S system [/U username [/P [password]]]]
{ [/FI filter] [/PID processid | /IM imagename] } [/T] [/F]
Description:
This tool is used to terminate tasks by process id (PID) or image name.
Parameter List:
/S system Specifies the remote system to connect to.
/U [domain\]user Specifies the user context under which the
command should execute.
/P [password] Specifies the password for the given user
context. Prompts for input if omitted.
/FI filter Applies a filter to select a set of tasks.
Allows "*" to be used. ex. imagename eq acme*
/PID processid Specifies the PID of the process to be terminated.
Use TaskList to get the PID.
/IM imagename Specifies the image name of the process
to be terminated. Wildcard '*' can be used
to specify all tasks or image names.
/T Terminates the specified process and any
child processes which were started by it.
/F Specifies to forcefully terminate the process(es).
/? Displays this help message.
Filters:
Filter Name Valid Operators Valid Value(s)
----------- --------------- -------------------------
STATUS eq, ne RUNNING |
NOT RESPONDING | UNKNOWN
IMAGENAME eq, ne Image name
PID eq, ne, gt, lt, ge, le PID value
SESSION eq, ne, gt, lt, ge, le Session number.
CPUTIME eq, ne, gt, lt, ge, le CPU time in the format
of hh:mm:ss.
hh - hours,
mm - minutes, ss - seconds
MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB
USERNAME eq, ne User name in [domain\]user
format
MODULES eq, ne DLL name
SERVICES eq, ne Service name
WINDOWTITLE eq, ne Window title
NOTE
----
1) Wildcard '*' for /IM switch is accepted only when a filter is applied.
2) Termination of remote processes will always be done forcefully (/F).
3) "WINDOWTITLE" and "STATUS" filters are not considered when a remote
machine is specified.
Examples:
TASKKILL /IM notepad.exe
TASKKILL /PID 1230 /PID 1241 /PID 1253 /T
TASKKILL /F /IM cmd.exe /T
TASKKILL /F /FI "PID ge 1000" /FI "WINDOWTITLE ne untitle*"
TASKKILL /F /FI "USERNAME eq NT AUTHORITY\SYSTEM" /IM notepad.exe
TASKKILL /S system /U domain\username /FI "USERNAME ne NT*" /IM *
TASKKILL /S system /U username /P password /FI "IMAGENAME eq note*"