Process Status, list information about processes running in memory.
Syntax
PsLIST [-?] [-t] [-m] [-x] [\\computer [-u user] [-p passwd]] [name | pid]
Key:
-d Show thread detail.
-e Exact match the process name.
-m Show memory-oriented information for each process,
rather than the default of CPU-oriented information.
name Scan only those processes that begin with the name process.
Thus: pslist exp
will display processes that start with exp... Explorer, Export etc
pid Instead of listing all the running processes in the system, this parameter
narrows the scan to the process with the specified PID.
Thus: pslist 53 would dump statistics for the process with PID=53.
-r n Task-manager mode refresh rate in seconds (default is 1).
-s [n] Run in task-manager mode, for optional seconds specified. Press Escape to abort.
-t Show process tree with statistics for all active threads on the system,
each thread is grouped with its owning process.
\\computer
Instead of showing process information for the local system, show information
for the Windows system specified. Include the -u switch with a username and password
to login to the remote system if your security credentials do not permit you to
obtain performance counter information from the remote system.
-u user Specify a user name for login to remote computer(optional).
-p passwd Specify a password for user (optional). Passed as clear text.
If omitted, you will be prompted to enter a hidden password.
-x Show CPU, memory and thread information for each process specified.
-accepteula Suppress the display of the license dialog.
-? Display options and units of measurement.
The default information listed includes the time the process has executed, the amount of time the process has executed in kernel and user modes, and the amount of physical memory that the OS has assigned the process.
When running PsList against a remote system you must have administrative rights on that system, and the system must be running the Remote Registry service.
When installing pslist.exe just ensure it is placed somewhere in either the system PATH or in the current directory.
When launched for the first time, PsList will prompt you to accept the EULA.
You can avoid this by writing the license registry key:
Set-ItemProperty -Path 'Registry::HKEY_CURRENT_USER\Software\Sysinternals' -Name 'EulaAccepted' -Value 1
List all processes running on \\workstation64:
C:\> SC \\workstation64 start RemoteRegistry
C:\> pslist.exe \\workstation64
“Here’s a rule I recommend. Never practice two vices at once” ~ Tallulah Bankhead
PsKill - Kill processes by name or process ID.
OPENFILES - Query or display open files, disconnect files opened by network users.
ProcDump - Monitor an application for CPU spikes.
TASKLIST - List running applications and services.
TLIST Task list with full path.
Windows Task Manager - List of running process IDs (PID)
PerfMon - Monitoring tool.
Equivalent PowerShell: Get-Process - Get a list of processes on a machine (ps/gps)
Equivalent bash command (Linux): ps - Process status, information about processes running in memory.