Brian Vagnoni on 25 Jan 2008 14:25:34 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] tasklist.exe is a handy Windows CLI tool similar to ps/top


Sysinternals Tools are an absolute must for any Windows System Administration. Unfortunately a lot of AV & AS software classifies them as dangerous and tries to quarantine them.

Better known as PSTools, written by

Mark Russinovich

one of the authors of Windows System Internals an excellent book on the nitty gritty details of the Windows OS.

http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx


Brian Vagnoni



PGP Digital Fingerprint

F076 6EEE 06E5 BEEF EBBD BD36 F29E 850D FC32 3955




From: JP Vossen [mailto:jp@jpsdomain.org]
To: plug@lists.phillylinux.org
Sent: Fri, 25 Jan 2008 17:04:40 -0500
Subject: [PLUG] tasklist.exe is a handy Windows CLI tool similar to ps/top

OK, "slightly similar" might be better, but... If you are in a mixed
environment and used to Unix'y CLI tools like ps and hate Windows GUI
tools, there is a handy tool present in XP2, but not W2KPro.
Fortunately I'm not afflicted by Vista, but I'd assume it's there too.

C:\> tasklist

Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
System Idle Process 0 0 16 K
System 4 0 40 K
smss.exe 752 0 48 K
csrss.exe 844 0 3,400 K
winlogon.exe 872 0 3,500 K
services.exe 916 0 1,704 K
lsass.exe 928 0 2,648 K
svchost.exe 1100 0 1,268 K
svchost.exe 1156 0 1,752 K
svchost.exe 1656 0 12,364 K
[...]


'tasklist /?' gives lots of options. /M's output is fascinating and
illuminating. After a bit of Perl munging it shows 733 unique DLLs in
use on my XP2 system right now. It can also do CSV output, which is
quite handy, though the memory use numbers have comma thousands
separators, which complicates both parsing the CSV and doing any math.
(Presumably, tr -d could fix that, though I just used Perl [1].)

# Using ActivePerl and http://unxutils.sourceforge.net/
C:\> tasklist /M | perl -ne "while ( m/(\w+\.dll)/ig ) { print qq($1\n);
}" | sort | uniq -c | sort -rn | wc -l
733

C:\> tasklist /M | perl -ne "while ( m/(\w+\.dll)/ig ) { print qq($1\n);
}" | sort | uniq -c | sort -rn
63 ntdll.dll
62 USER32.dll
62 RPCRT4.dll
62 GDI32.dll
61 wmfhotfix.dll
61 kernel32.dll
59 ADVAPI32.dll
57 msvcrt.dll
56 VERSION.dll
56 SHLWAPI.dll
[...]


Enjoy,
JP

[1] List memory used, sum and name:
C:\> tasklist | perl -ne "tr /,//d; $sum += $2 if
m/^([\w.+]+)\s.*?([\d,]+) K$/; print qq($2\t$sum\t$1\n);"
----------------------------|:::======|-------------------------------
JP Vossen, CISSP |:::======| jp{at}jpsdomain{dot}org
My Account, My Opinions |=========| http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
Microsoft has single-handedly nullified Moore's Law.
Innate design flaws of Windows make a personal firewall, anti-virus
and anti-malware software mandatory. The resulting software arms race
has effectively flattened Moore's Law on hardware running Windows.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug