- 论坛徽章:
- 0
|
tlist命令
tlist命令\r\n\r\n这是Windows2000 ResourceKit中提供的工具,很有用,给大家简单介绍一下这个命令的用法\r\n1.系统帮助\r\nC:\\>tlist /?\r\nMicrosoft (R) Windows NT (TM) Version 5.1 TLIST\r\nCopyright (C) Microsoft Corp. 1981-1999\r\n\r\nusage: TLIST <<-m <pattern>> | <-t> | <pid> | <pattern> | <-p <processname>>>\r\n [options]:\r\n -t\r\n Print Task Tree\r\n\r\n <pid>\r\n List module information for this task.\r\n\r\n <pattern>\r\n The pattern can be a complete task\r\n name or a regular expression pattern\r\n to use as a match. Tlist matches the\r\n supplied pattern against the task names\r\n and the window titles.\r\n\r\n -m <pattern>\r\n Lists all tasks that have DLL modules loaded\r\n in them that match the given pattern name\r\n\r\n -s\r\n Show services active in each process.\r\n\r\n -p <processname>\r\n Returns the PID of the process specified or -1\r\n if the specified process doesn\'t exist. If there\r\n are multiple instances of the process running only\r\n the instance with the first PID value is returned.\r\n\r\n2. -t参数\r\n\r\n-t参数以树的形式列出了进程结构包括进程号\r\n\r\nC:\\>tlist -t\r\nSystem Process (0)\r\nSystem ( \r\n SMSS.EXE (160)\r\n CSRSS.EXE (184)\r\n WINLOGON.EXE (204) NetDDE Agent\r\n SERVICES.EXE (232)\r\n svchost.exe (400)\r\n svchost.exe (444)\r\n spoolsv.exe (48 \r\n msdtc.exe (520)\r\n inojobsv.exe (636)\r\n LLSSRV.EXE (664)\r\n mdm.exe (692)\r\n mstask.exe (756) SYSTEM AGENT COM WINDOW\r\n SkSockServer.ex (80 \r\n stisvc.exe (912)\r\n svchost.exe (940) ModemDeviceChange\r\n ums.exe (960)\r\n init.exe (980)\r\n WinMgmt.exe (1012)\r\n mspmspsv.exe (102 \r\n dfssvc.exe (1052)\r\n svchost.exe (108 \r\n LSASS.EXE (244)\r\n taskmgr.exe (1592) Windows 任务管理器\r\ninetd.exe (1340)\r\nat.svc (1444)\r\nexplorer.exe (640) Program Manager\r\n rundll32.exe (1656) CnsMain\r\n CTFMON.EXE (916)\r\n msnmsgr.exe (524) Animated BMP Sequence\r\n realmon.exe (88 KILL 实时管理器\r\n Uedit32.exe (1736) UltraEdit-32 - [E:\\inittest.txt]\r\n PLSQLDev.exe (152 PL/SQL Developer - eqsp@hhtest\r\n mstsc.exe (1892) CB Viewer Window\r\n mstsc.exe (190 \r\n MyIE.exe (1700)\r\n pyintau.exe (296) PYJJ210INTAU\r\n CMD.EXE (1880) 命令提示符 - tlist -t\r\n tlist.exe (1472)\r\nconime.exe (1716)\r\n\r\n然后我们Kill个进程试试看\r\n\r\nC:\\>kill 1736\r\nprocess Uedit32.exe (1736) - \'UltraEdit-32 - [E:\\inittest.txt]\' killed\r\n\r\nC:\\>tlist -t\r\nSystem Process (0)\r\nSystem ( \r\n SMSS.EXE (160)\r\n CSRSS.EXE (184)\r\n WINLOGON.EXE (204) NetDDE Agent\r\n SERVICES.EXE (232)\r\n svchost.exe (400)\r\n svchost.exe (444)\r\n spoolsv.exe (48 \r\n msdtc.exe (520)\r\n inojobsv.exe (636)\r\n LLSSRV.EXE (664)\r\n mdm.exe (692)\r\n mstask.exe (756) SYSTEM AGENT COM WINDOW\r\n SkSockServer.ex (808)\r\n stisvc.exe (912)\r\n svchost.exe (940) ModemDeviceChange\r\n ums.exe (960)\r\n init.exe (980)\r\n WinMgmt.exe (1012)\r\n mspmspsv.exe (1028)\r\n dfssvc.exe (1052)\r\n svchost.exe (1088)\r\n LSASS.EXE (244)\r\n taskmgr.exe (1592) Windows 任务管理器\r\ninetd.exe (1340)\r\nat.svc (1444)\r\nexplorer.exe (640) Program Manager\r\n rundll32.exe (1656) CnsMain\r\n CTFMON.EXE (916)\r\n msnmsgr.exe (524) Animated BMP Sequence\r\n realmon.exe (888) KILL 实时管理器\r\n PLSQLDev.exe (1528) PL/SQL Developer - eqsp@hhtest\r\n mstsc.exe (1892) CB Viewer Window\r\n mstsc.exe (1908)\r\n MyIE.exe (1700)\r\n pyintau.exe (296) PYJJ210INTAU\r\n CMD.EXE (1880) 命令提示符 - tlist -t\r\n tlist.exe (1756)\r\nconime.exe (1716)\r\n\r\n看这和Unix下是不是差不多了,很多事情我们都可以在命令行下完成了.\r\n\r\n3. -s参数\r\n\r\n这个参数按进程显示.详细列出每个进程里包含的服务.\r\n\r\n看看这个参数的输出\r\n\r\nC:\\>tlist -s\r\n 0 System Process\r\n 8 System\r\n 160 SMSS.EXE\r\n 184 CSRSS.EXE Title:\r\n 204 WINLOGON.EXE Title: NetDDE Agent\r\n 232 SERVICES.EXE Svcs: \r\n\r\nAlerter,AppMgmt,Browser,Dhcp,dmserver,Dnscache,Eventlog,lanmanserver,lanmanworkstation,LmHts,Messenger,PlugPlay,ProtectedStor\r\n\r\nage,seclogon,TrkWks,Wmi\r\n 244 LSASS.EXE Svcs: SamSs\r\n 400 svchost.exe Svcs: RpcSs\r\n 444 svchost.exe Svcs: EventSystem,Irmon,Netman,NtmsSvc,RasMan,SENS,SharedAccess\r\n 488 spoolsv.exe Svcs: Spooler\r\n 520 msdtc.exe Svcs: MSDTC\r\n 636 inojobsv.exe Svcs: KILL Anti-Virus Server\r\n 664 LLSSRV.EXE Svcs: LicenseService\r\n 692 mdm.exe Svcs: MDM\r\n 756 mstask.exe Svcs: Schedule\r\n 808 SkSockServer.ex Svcs: SkServer\r\n 912 stisvc.exe Svcs: StiSvc\r\n 940 svchost.exe Svcs: TapiSrv\r\n 960 ums.exe Svcs: UWIN_MS\r\n 980 init.exe\r\n1012 WinMgmt.exe Svcs: WinMgmt\r\n1028 mspmspsv.exe Svcs: WMDM PMSP Service\r\n1052 dfssvc.exe Svcs: Dfs\r\n1088 svchost.exe Svcs: BITS\r\n1340 inetd.exe\r\n1444 at.svc\r\n 640 explorer.exe Title: Program Manager\r\n1656 rundll32.exe Title: CnsMain\r\n 916 CTFMON.EXE Title:\r\n 524 msnmsgr.exe Title: Animated BMP Sequence\r\n 888 realmon.exe Title: KILL 实时管理器\r\n1592 taskmgr.exe Title: Windows 任务管理器\r\n1716 conime.exe Title:\r\n1528 PLSQLDev.exe Title: PL/SQL Developer - eqsp@hhtest\r\n1892 mstsc.exe Title: CB Viewer Window\r\n1908 mstsc.exe\r\n1700 MyIE.exe Title:\r\n 296 pyintau.exe Title: PYJJ210INTAU\r\n1880 CMD.EXE Title: 命令提示符 - tlist -s\r\n1756 notepad.exe Title: Tlist.txt - 记事本\r\n1752 tlist.exe\r\n\r\nC:\\>\r\n\r\n典型的我们可以看到svhost.exe里面包含了不同的服务,多个svhost.exe管理不同的服务组.\r\n\r\n引用一段关于svhost.exe的解释:\r\n Svchost.exe是一个很普通的利用dll动态链接库来运行服务的程序,它位于system32目录下。在计算机启动时,它将读取注册表中有关服务\r\n\r\n的部分,然后建立需要启动的服务列表。在同一时刻,可能有多个Svchost.exe在同时运行,每个Svchost.exe中可能包含一个或一组服务,同\r\n\r\n一组内的每个服务都可以在一个Svchost.exe开始运行时在同等的条件下同时启动。说白一点,之所以要把若干个服务作为一组放在同一个\r\n\r\nSvchost.exe中来运行,目的就是使这些服务能够更好的被控制和调试。\r\n\r\n Svchost.exe组的确定是位于注册表以下这个键值之中,HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Svchost\r\n\r\n,这里的每一项就是一组服务,也就是大家在任务管理器中看到的一个“Svchost.exe”。每一个REG_MULTI_ SZ中的值就是一个服务组,一个\r\n\r\n组中可能只有一个服务,也有可能有若干个服务。到底哪些服务是属于同一个组,那些服务是独立运行的?您可以在这个键值中找到答案,H \r\n\r\nKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services。\r\n\r\n4.说明\r\n\r\n 随便写写,只是自己觉得好玩而已.附件是两个工具kill和tlist两个命令包含其中.如果有兴趣,下载后解压到系统目录即可. |
|