安恒安恒网络学院
首页 | 动态 | 产品 | 培训 | 服务 | 技术 | 关于 | 下载 | 收藏
提问题的注意事项:如何有效地描述问题以获得专家和网友的帮助。
换firefox浏览器,可以解决任何的ie问题
[新建主题] [回复本帖] [返回论坛]
admin  2006-08-11 09:07:01 发表于 安恒网络学院  阅:104490
admin
总帖: 185
精华: 22
[标题]
反对 windows下杀死进程
[内容]
NT下杀进程命令 - ntsd

作者:佚名

用Windows自带的工具就能杀大部分进程:

  c:\>ntsd -c q -p PID

  只有System、SMSS.EXE和CSRSS.EXE不能杀。前两个是纯内核态的,最后那个是Win32子系统,ntsd本身需要它。 ntsd从2000开始就是系统自带的用户态调试工具。被调试器附着(attach)的进程会随调试器一起退出,所以可以用来在命令行下终止进程。使用 ntsd自动就获得了debug权限,从而能杀掉大部分的进程。ntsd会新开一个调试窗口,本来在纯命令行下无法控制,但如果只是简单的命令,比如退出 (q),用-c参数从命令行传递就行了。NtsdNtsd 按照惯例也向软件开发人员提供。只有系统开发人员使用此命令。有关详细信息,请参阅 NTSD 中所附的帮助文件。用法:开个cmd.exe窗口,输入:

  ntsd -c q -p PID

  把最后那个PID,改成你要终止的进程的ID。如果你不知道进程的ID,任务管理器->进程选项卡->查看->选择列->勾上PID(进程标识符),然后就能看见了。

  win xp下还有两个好东东tasklist和tskill。tasklist能列出所有的进程,和相应的信息。tskill能查杀进程,语法很简单:tskill 程序名!!

参考资料:
NTSD 中所附的帮助文件

usage: ntsd [-?] [-2] [-d] [-g] [-G] [-myob] [-lines] [-n] [-o] [-s] [-v] [-w]
[-r BreakErrorLevel] [-t PrintErrorLevel]
[-hd] [-pd] [-pe] [-pt #] [-pv] [-x | -x{e|d|n|i} ]
[-- | -p pid | -pn name | command-line | -z CrashDmpFile]
[-zp CrashPageFile] [-premote transport] [-robp]
[-aDllName] [-c command] [-i ImagePath] [-y SymbolsPath]
[-clines #] [-srcpath SourcePath] [-QR \\machine] [-wake ]
[-remote transport:server=name,portid] [-server transport:portid]
[-ses] [-sfce] [-sicv] [-snul] [-noio] [-failinc] [-noshell]

where: -? displays this help text
command-line is the command to run under the debugger
-- is the same as -G -g -o -p -1 -d -pd
-aDllName sets the default extension DLL
-c executes the following debugger command
-clines number of lines of output history retrieved by a remote client
-failinc causes incomplete symbol and module loads to fail
-d sends all debugger output to kernel debugger via DbgPrint
-d cannot be used with debugger remoting
-d can only be used when the kernel debugger is enabled
-g ignores initial breakpoint in debuggee
-G ignores final breakpoint at process termination
-hd specifies that the debug heap should not be used
for created processes. This only works on Windows Whistler.
-o debugs all processes launched by debuggee
-p pid specifies the decimal process Id to attach to
-pd specifies that the debugger should automatically detach
-pe specifies that any attach should be to an existing debug port
-pn name specifies the name of the process to attach to
-pt # specifies the interrupt timeout
-pv specifies that any attach should be noninvasive
-r specifies the (0-3) error level to break on (SeeSetErrorLevel)
-robp allows breakpoints to be set in read-only memory
-t specifies the (0-3) error level to display (SeeSetErrorLevel)
-w specifies to debug 16 bit applications in a separate VDM
-x sets second-chance break on *** exceptions
-x{e|d|n|i} sets the break status for the specified event
-2 creates a separate console window for debuggee
-i ImagePath specifies the location of the executables that generated
the fault (see _NT_EXECUTABLE_IMAGE_PATH)
-lines requests that line number information be used if present
-myob ignores version mismatches in DBGHELP.DLL
-n enables verbose output from symbol handler
-noio disables all I/O for dedicated remoting servers
-noshell disables the .shell (!!) command
-QR <\\machine> queries for remote servers
-s disables lazy symbol loading
-ses enables strict symbol loading
-sfce fails critical errors encountered during file searching
-sicv ignores the CV record when symbol loading
-snul disables automatic symbol loading for unqualified names
-srcpath specifies the source search path
-v enables verbose output from debugger
-wake wakes up a sleeping debugger and exits
-y specifies the symbol search path (see _NT_SYMBOL_PATH)
-z specifies the name of a crash dump file to debug
-zp specifies the name of a page.dmp file
to use with a crash dump
-remote lets you connect to a debugger session started with -server
must be the first argument if present
transport: tcp | npipe | ssl | spipe | 1394 | com
name: machine name on which the debug server was created
portid: id of the port the debugger server was created on
for tcp use: port=
for npipe use: pipe=
for 1394 use: channel=
for com use: port=,baud=,
channel=
for ssl and spipe see the documentation
example: ... -remote npipe:server=yourmachine,pipe=foobar
-server creates a debugger session other people can connect to
must be the first argument if present
transport: tcp | npipe | ssl | spipe | 1394 | com
portid: id of the port remote users can connect to
for tcp use: port=
for npipe use: pipe=
for 1394 use: channel=
for com use: port=,baud=,
channel=
for ssl and spipe see the documentation
example: ... -server npipe:pipe=foobar
-premote transport specifies the process server to connect to
transport arguments are given as with remoting

Environment Variables:

_NT_SYMBOL_PATH=[Drive:][Path]
Specify symbol image path.

_NT_ALT_SYMBOL_PATH=[Drive:][Path]
Specify an alternate symbol image path.

_NT_DEBUGGER_EXTENSION_PATH=[Drive:][Path]
Specify a path which should be searched first for extensions dlls

_NT_EXECUTABLE_IMAGE_PATH=[Drive:][Path]
Specify executable image path.

_NT_SOURCE_PATH=[Drive:][Path]
Specify source file path.

_NT_DEBUG_LOG_FILE_OPEN=filename
If specified, all output will be written to this file from offset 0.

_NT_DEBUG_LOG_FILE_APPEND=filename
If specified, all output will be APPENDed to this file.

_NT_DEBUG_HISTORY_SIZE=size
Specifies the size of a server's output history in kilobytes

Control Keys:

Quit debugger
Break into Target
Force a break into debuggee (same as Ctrl-C)
Debug Current debugger
Toggle Verbose mode
Print version information
ntsd: exiting - press enter ---

[原帖的位置显示]
[回复发言] 请将问题或阐述的内容简短地写在主题栏上来提高您的回帖关注度,避免使用“请问、救命、Re:”之类没有意义的主题!
发言者:
您的姓名: 密码: 本论坛采用简洁的注册方法:当第一次在论坛发言,请填写姓名、密码和email,此后就仅需填写姓名和密码了。email是用来将回复您的帖子通知给您设置的,请填写准确。
发言主题:

发言内容:

有人回复我的发言请Email通知我,我的email:
选择帖子标题前面的表情图标:
高兴大笑冷笑傻笑嘲讽尴尬冤枉晕倒
传情魔鬼注意主意请看赞成反对愤怒
大哭伤心呐喊闭嘴问题喜欢COOL打击
说谎转帖困倦惊恐庆祝联系晕了
校验码:  
在参加我们的技术讨论之前您必须仔细阅读并同意下列条款:

●自觉遵守:爱国、守法、自律、真实、文明的原则
●尊重网上道德,遵守《全国人大常委会关于维护互联网安全的决定》及 中华人民共和国其他各项有关法律法规
●严禁发表危害国家安全、破坏民族团结、破坏国家宗教政策、破坏社会稳定、侮辱、诽谤、教唆、淫秽等内容
●承担一切因您的行为而直接或间接导致的民事或刑事法律责任
●各栏目的版主有权保留或删除其管辖论坛中的任意内容
●您在这里发表的技术讨论内容,我们有权在网站内免费转载或引用
《全国青少年网络文明公约》

?技术论坛会员注册入口
?修改会员密码