6.5. Searching Processes


You want to find processes that match certain criteria. This is useful if you want to find processes that have a certain process name or that are utilizing a certain amount of memory.


Using a graphical user interface

  1. Open the Sysinternals Process Explorer tool (procexp.exe).

  2. From the menu, select Find Find Handle.

  3. Type the name of a process or handle to match (substring searches are allowed) and click the Search button.

Using a command-line interface

The Windows Server 2003 tasklist.exe command is very flexible. It provides several options for searching processes. This command searches for all iexplore (Internet Explorer) processes being run by the Administrator user:

> tasklist /FI "IMAGENAME eq iexplore*"  /FI "USERNAME eq Administrator"

You can also use tasklist.exe to perform searches based on PID, memory usage, CPU time, and other attributes. The following command finds all processes running on host dhcp01 that are consuming more than 10 MB of memory:

> tasklist /S dhcp01 /FI "MEMUSAGE gt 10240"

On Windows 2000, you can use the tlist.exe (or pslist.exe) command in combination with findstr.exe to find processes. This returns all CMD processes:

> tlist | findstr cmd.exe

Using VBScript

' This code finds the processes that have a memory usage greater ' than the specified amount. To search on different criteria, ' modify the WQL used in the ExecQuery call. ' ------ SCRIPT CONFIGURATION ------ strComputer = "." intMaxMemKB = 1024 * 10000 ' ------ END ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.