标题: [工具合集] TList - 来自[微软调试工具包]的进程查看程序,可查看命令行参数等… [打印本页]
作者: yu2n 时间: 2016-3-9 00:57 标题: TList - 来自[微软调试工具包]的进程查看程序,可查看命令行参数等…
TList
TList (Task List Viewer), Tlist.exe, is a command-line tool that displays the processes running on the local computer along with useful information about each process.
TList displays:
All processes running on the computer, along with their process IDs (PIDs).
A tree showing which processes created each process.
Details of the process, including its virtual memory use and the command that started the process.
Threads running in each process, including their thread IDs, entry points, last reported error, and thread state.
The modules running in each process, including the version number, attributes, and virtual address of the module.
You can use TList to search for a process by name or PID, or to find all processes that have loaded a specified module.
In Windows XP and later versions of Windows, TList was replaced by TaskList (Tasklist.exe), which is described in Help and Support for those systems. TList is included in Debugging Tools for Windows to support users who do not have access to TaskList.
This section includes:- TList Commands
- The syntax of the TList command is as follows:
-
- tlist [/p ProcessName | PID | Pattern | /t | /c | /e | /k | /m [Module] | /s | /v
-
-
- Parameters
-
- tlist
- Without additional parameters, TList displays all running processes, their process identifiers (PIDs), and the title of the window in which they are running, if any.
- /p ProcessName
- Displays the process identifier (PID) of the specified process.
- ProcessName is the name of the process (with or without file name extension), not a pattern.
- If the value of ProcessName does not match any running process, TList displays -1. If it matches more than one process name, TList displays only the PID of the first matching process.
- PID
- Displays detailed information about the process specified by the PID. For information about the display, see the "Remarks" section below. To find a process ID, type tlist without additional parameter.
- Pattern
- Displays detailed information about all processes whose names or window titles match the specified pattern. Pattern can be a complete name or a regular expression.
- /t
- Displays a task tree in which each process appears as a child of the process that created it.
- /c
- Displays the command line that started each process.
- /e
- Displays the session identifier for each process.
- /k
- Displays the COM components active in each process.
- /m Module
- Lists tasks in which the specified DLL or executable module is loaded. Module can be a complete module name or a module name pattern.
- /s
- Displays the services that are active in each process.
- /v
- Displays details of running processes including the process ID, session ID, window title, command line, and the services running in the process.
- Comments
- In its detailed display of a process (tlist PID or tlist Pattern), TList displays the following information.
- Process ID, executable name, friendly name of the program.
- Current working directory (CWD).
- The command line that started the process (CmdLine).
- Current virtual address space values.
- Number of threads.
- A list of threads running in the process. For each thread, TList displays the thread ID (TID), the function that the thread is running, the address of the entry point, the address of the last reported error (if any), and the thread state.
- A list of the modules loaded for the process. For each module, TList displays the version number, attributes, virtual address of the module, and the module name.
- When using the /e parameter, valid session identifiers appear in the process list only under the following conditions. Otherwise, the session identifier is zero (0).
- On Windows 2000 and Windows Server 2003, at least one user must be connected to a session other than the console session.
- On Windows XP, Fast User Switching must be enabled and more than one user must be connected to the non-console session.
- On Windows Vista, where all processes are associated with two Terminal Services sessions by default, at least one user must be connected to the non-console session.
复制代码
- TList Examples
-
- The following examples demonstrate how to use TList.
- Simplest TList Command (tlist)
- Typing tlist without additional parameters displays a list of running processes, their process IDs (PIDs), and the title of the window in which they are running, if any.
-
- c:\>tlist
-
- 0 System Process
- 4 System
- 308 smss.exe
- 356 csrss.exe
- 380 winlogon.exe NetDDE Agent
- 424 services.exe
- 436 lsass.exe
- 604 svchost.exe
- 776 svchost.exe
- 852 spoolsv.exe
- 1000 clisvcl.exe
- 1036 InoRpc.exe
- 1064 InoRT.exe
- 1076 InoTask.exe
- 1244 WTTSvc.exe
- 1492 Sysparse_com.exe OleMainThreadWndName
- 1980 explorer.exe Program Manager
- 1764 launch32.exe SMS Client User Application Launcher
- 1832 msmsgs.exe MSBLNetConn
- 2076 ctfmon.exe
- 2128 ISATRAY.EXE IsaTray
- 4068 tlist.exe
-
- Find a process ID (-p)
- The following command uses the -p parameter and process name to find the process ID of the Explorer.exe (Explorer) process.
- In response, TList displays the process ID of the Explorer process, 328.
-
- c:\>tlist -p explorer
- 328
-
- Find process details using PID
- The following command uses the process ID of the process in which Explorer is running to find detailed information about the Explorer process.
-
- c:\>tlist 328
-
- In response, TList displays details of the Explorer process including the following elements:
- Process ID, executable name, program friendly name.
- Current working directory (CWD).
- The command line that started the process (CmdLine).
- Current virtual address space values.
- Number of threads.
- A list of threads running in the process. For each thread, TList displays the thread ID (TID), the function that the thread is running, the address of the entry point, the address of the last reported error (if any), and the thread state.
- A list of the modules loaded for the process. For each module, TList displays the version number, attributes, virtual address of the module, and the module name.
- The following is an excerpt of the output resulting from this command.
-
- 328 explorer.exe Program Manager
- CWD: C:\Documents and Settings\user01\
- CmdLine: C:\WINDOWS\Explorer.EXE
- VirtualSize: 90120 KB PeakVirtualSize: 104844 KB
- WorkingSetSize: 19676 KB PeakWorkingSetSize: 35716 KB
- NumberOfThreads: 17
- 332 Win32StartAddr:0x010160cc LastErr:0x00000008 State:Waiting
- 1232 Win32StartAddr:0x70a7def2 LastErr:0x00000000 State:Waiting
- 1400 Win32StartAddr:0x77f883de LastErr:0x00000000 State:Waiting
- 1452 Win32StartAddr:0x77f91e38 LastErr:0x00000000 State:Waiting
- 1484 Win32StartAddr:0x70a7def2 LastErr:0x00000006 State:Waiting
- 1904 Win32StartAddr:0x74b02ed6 LastErr:0x00000000 State:Ready
- 1948 Win32StartAddr:0x72d22ecc LastErr:0x00000000 State:Waiting
- .... (thread data deleted here)
-
- 6.0.2800.1106 shp 0x01000000 Explorer.EXE
- 5.1.2600.1217 shp 0x77F50000 ntdll.dll
- 5.1.2600.1106 shp 0x77E60000 kernel32.dll
- 7.0.2600.1106 shp 0x77C10000 msvcrt.dll
- 5.1.2600.1106 shp 0x77DD0000 ADVAPI32.dll
- 5.1.2600.1254 shp 0x78000000 RPCRT4.dll
- 5.1.2600.1106 shp 0x77C70000 GDI32.dll
- 5.1.2600.1255 shp 0x77D40000 USER32.dll
- .... (module data deleted here)
-
- Find multiple processes (Pattern)
- The following command searches for processes by a regular expression that represents the process name or window name of one or more processes. In this example, the command searches for a process whose process name or window name begins with "ino."
-
- c:\>tlist ino*
-
- In response, TList displays process details for Inorpc.exe, Inort.exe, and Inotask.exe. For a description of the output, see the "Find process details using PID" subsection above.
- Display a process tree (/t)
- The following command displays a tree that represents the processes running on the computer. Processes appear as the children of the process that created them.
-
- c:\>tlist /t
-
- The resulting process tree follows. This tree shows, among other things, that the System (4) process created the Smss.exe process, which created Csrss.exe, Winlogon.exe, Lsass.exe and Rundll32.exe. Also, Winlogon.exe created Services.exe, which created all of the service-related processes.
-
- System Process (0)
- System (4)
- smss.exe (404)
- csrss.exe (452)
- winlogon.exe (476) NetDDE Agent
- services.exe (520)
- svchost.exe (700)
- svchost.exe (724)
- svchost.exe (864)
- svchost.exe (888)
- spoolsv.exe (996)
- scardsvr.exe (1040)
- alg.exe (1172)
- atievxx.exe (1200) ATI video bios poller
- InoRpc.exe (1248)
- InoRT.exe (1264)
- InoTask.exe (1308)
- mdm.exe (1392)
- dllhost.exe (2780)
- lsass.exe (532)
- rundll32.exe (500)
- explorer.exe (328) Program Manager
- WLANMON.exe (1728) TI Wireless LAN Monitor
- ISATRAY.EXE (1712) IsaTray
- cmmon32.exe (456)
- WINWORD.EXE (844) Tlist.doc - Microsoft Word
- dexplore.exe (2096) Platform SDK - CreateThread
-
- Find process by module (/m)
- The following command finds all of the processes running on the computer that load a particular DLL.
-
- c:\>tlist /m
-
- In response, TList displays process details for Inorpc.exe, Inort.exe, and Inotask.exe. For a description of the output, see the "Find process details using PID" subsection above.
复制代码
http://bcn.bathome.net/s/tool/index.html?key=TList
作者: CrLf 时间: 2016-3-9 02:20
回头把这些工具搜集一下,上传batch-cn去
作者: zll855 时间: 2016-11-7 14:44
这个小工具 在win2012 不好用
很多进程读不出路径地址
欢迎光临 批处理之家 (http://bathome.net./) |
Powered by Discuz! 7.2 |