This week we'll explore a couple of very useful commands that you can run in the DOS prompt (cmd.exe) -

 

Tasklist

 

This command lists all of the processes that are running in memory, similar to opening 'Task Manager' and navigating to the 'Processes' tab. For example:

 

C:\>tasklist

 

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Services                   0         24 K
System                           4 Services                   0      3,668 K
smss.exe                       284 Services                   0        232 K
csrss.exe                      392 Services                   0      2,248 K
wininit.exe                    452 Services                   0        520 K
csrss.exe                      464 Console                    1    128,664 K
winlogon.exe                   508 Console                    1      2,508 K
svchost.exe                    876 Services                   0     17,176 K
svchost.exe                    908 Services                   0    130,312 K
svchost.exe                    956 Services                   0     15,900 K
svchost.exe                    988 Services                   0     63,404 K

 

 

For more detailed usage information refer to http://technet.microsoft.com/en-us/library/bb491010.aspx

 

 

Findstr

 

Useful for finding content within files or filtering the output from another command (for example, from 'tasklist'!). For example, to find the string 'pcbexpedition' in any files in the current directory and all sub-directories:

 

C:\Temp>findstr /s pcbexpedition *.*

 

Site_12345.txt:INCREMENT pcbexpedition mgcld 2013.120 31-dec-2013 2 DE33165DE25AC2AD3EAC \

Site_12345.txt:#         pcbexpedition              2013.120 12/31/2013 41071002

 

 

For more detailed usage information refer to http://technet.microsoft.com/en-us/library/bb490907.aspx

Combining the two commands

 

We can combine both the 'tasklist' and 'findstr' commands as shown below. Here we're looking to see if the notepad.exe process is running, and as you can see it is! (the process ID (PID) is 16952 and memory usage is 6,204K)

 

C:\Temp>tasklist | findstr notepad.exe

notepad.exe                  16952 Console                    1      6,204 K