Process Status, list information about processes running in memory.
Syntax pslist [-?] [-t] [-m] [-x] [\\computer [-u user] [-p passwd]] [name | pid] Options: computer The computer on which the process is running. Default=local system -p passwd Specify a password for user (optional). Passed as clear text. If omitted, you will be prompted to enter a hidden password. -u user Specify a user name for login to remote computer(optional). -t Show statistics for all active threads on the system, each thread is grouped with its owning process. -m Show memory-oriented information for each process, rather than the default of CPU-oriented information. -x Show CPU, memory and thread information for each process specified. name Scan only those processes that begin with the name process. Thus: pslist exp will display processes that start with exp... Explorer, Export etc -accepteula Suppress the display of the license dialog. -? Display options and units of measurement.
The default information listed includes the time the process has executed, the amount of time the process has executed in kernel and user modes, and the amount of physical memory that the OS has assigned the process.
When running PsList against a remote system you must have administrative rights on that system, and the system must be running the Remote Registry service.
When launched for the first time, PsList will create the regkey
List all processes running on \\workstation64:
C:\> SC \\workstation64 start RemoteRegistry
C:\> pslist \\workstation64
“Here’s a rule I recommend. Never practice two vices at once” ~ Tallulah Bankhead
FAQ: Common PSTools Issues
PsKill - Kill processes by name or process ID
OPENFILES - Query or display open files, disconnect files opened by network users.
TASKLIST - List running applications and services
Windows Task Manager - List of running process IDs (PID)
PerfMon - Monitoring tool
Powershell: Get-Process - Get a list of processes on a machine (ps/gps)
Equivalent bash command (Linux): ps - Process status, information about processes running in memory.