么才能關(guān)掉一個用任務(wù)管理器關(guān)不了的進(jìn)程?
我前段時間發(fā)現(xiàn)我的機子里多了一個進(jìn)程,只要開機就在,我用任務(wù)管理器卻怎么關(guān)也關(guān)不了
答:1.殺進(jìn)程很容易,隨便找個工具都行。比如IceSword。
關(guān)鍵是找到這個進(jìn)程的啟動方式,不然下次重啟它又出來了。
順便教大家一招狠的。其實用Windows自帶的工具就能殺大部分進(jìn)程:
c:\>ntsd -c q -p PID
只有System、SMSS.EXE和CSRSS.EXE不能殺。
前兩個是純內(nèi)核態(tài)的,最后那個是Win32子系統(tǒng),ntsd本身需要它。
ntsd從2000開始就是系統(tǒng)自帶的用戶態(tài)調(diào)試工具。被調(diào)試器附著(attach)的進(jìn)程會隨調(diào)試器一起退出,所以可以用來在命令行下終止進(jìn)程。使用ntsd自動就獲得了debug權(quán)限,從而能殺掉大部分的進(jìn)程。
ntsd會新開一個調(diào)試窗口,本來在純命令行下無法控制,但如果只是簡單的命令,比如退出(q),用-c參數(shù)從命令行傳遞就行了。
NtsdNtsd 按照慣例也向軟件開發(fā)人員提供。只有系統(tǒng)開發(fā)人員使用此命令。有關(guān)詳細(xì)信息,請參閱 NTSD 中所附的幫助文件。
usage: ntsd [-?] [-2] [-d] [-g] [-G] [-myob] [-lines] [-n] [-o] [-s] [-v] [-w]
[-r BreakErrorLevel] [-t PrintErrorLevel]
[-hd] [-pd] [-pe] [-pt #] [-pv] [-x | -x{e|d|n|i} ]
[-- | -p pid | -pn name | command-line | -z CrashDmpFile]
[-zp CrashPageFile] [-premote transport] [-robp]
[-aDllName] [-c "command"] [-i ImagePath] [-y SymbolsPath]
[-clines #] [-srcpath SourcePath] [-QR \\machine] [-wake ]
[-remote transport
erver=name,portid] [-server transport
ortid]
[-ses] [-sfce] [-sicv] [-snul] [-noio] [-failinc] [-noshell]
where: -? displays this help text
command-line is the command to run under the debugger
-- is the same as -G -g -o -p -1 -d -pd
-aDllName sets the default extension DLL
-c executes the following debugger command
-clines number of lines of output history retrieved by a remote client
-failinc causes incomplete symbol and module loads to fail
-d sends all debugger output to kernel debugger via DbgPrint
-d cannot be used with debugger remoting
-d can only be used when the kernel debugger is enabled
-g ignores initial breakpoint in debuggee
-G ignores final breakpoint at process termination
-hd specifies that the debug heap should not be used
for created processes. This only works on Windows Whistler.
-o debugs all processes launched by debuggee
-p pid specifies the decimal process Id to attach to
-pd specifies that the debugger should automatically detach
-pe specifies that any attach should be to an existing debug port
-pn name specifies the name of the process to attach to
-pt # specifies the interrupt timeout
-pv specifies that any attach should be noninvasive
-r specifies the (0-3) error level to break on (SeeSetErrorLevel)
-robp allows breakpoints to be set in read-only memory
-t specifies the (0-3) error level to display (SeeSetErrorLevel)
-w specifies to debug 16 bit applications in a separate VDM
-x sets second-chance break on AV exceptions
-x{e|d|n|i} sets the break status for the specified event
-2 creates a separate console window for debuggee
-i ImagePath specifies the location of the executables that generated
the fault (see _NT_EXECUTABLE_IMAGE_PATH)
-lines requests that line number information be used if present
-myob ignores version mismatches in DBGHELP.DLL
-n enables verbose output from symbol handler
-noio disables all I/O for dedicated remoting servers
-noshell disables the .shell (!!) command
-QR <\\machine> queries for remote servers
-s disables lazy symbol loading
-ses enables strict symbol loading
-sfce fails critical errors encountered during file searching
-sicv ignores the CV record when symbol loading
-snul disables automatic symbol loading for unqualified names
-srcpath specifies the source search path
-v enables verbose output from debugger
-wake wakes up a sleeping debugger and exits
-y specifies the symbol search path (see _NT_SYMBOL_PATH)
-z specifies the name of a crash dump file to debug
-zp specifies the name of a page.dmp file
to use with a crash dump
-remote lets you connect to a debugger session started with -server
must be the first argument if present
transport: tcp | npipe | ssl | spipe | 1394 | com
name: machine name on which the debug server was created
portid: id of the port the debugger server was created on
for tcp use: port=
for npipe use: pipe=
for 1394 use: channel=
for com use: port=,baud=,
channel=
for ssl and spipe see the documentation
example: ... -remote npipe
erver=yourmachine,pipe=foobar
-server creates a debugger session other people can connect to
must be the first argument if present
transport: tcp | npipe | ssl | spipe | 1394 | com
portid: id of the port remote users can connect to
for tcp use: port=
for npipe use: pipe=
for 1394 use: channel=
for com use: port=,baud=,
channel=
for ssl and spipe see the documentation
example: ... -server npipe
ipe=foobar
-premote transport specifies the process server to connect to
transport arguments are given as with remoting
Environment Variables:
_NT_SYMBOL_PATH=[Drive:][Path]
Specify symbol image path.
_NT_ALT_SYMBOL_PATH=[Drive:][Path]
Specify an alternate symbol image path.
_NT_DEBUGGER_EXTENSION_PATH=[Drive:][Path]
Specify a path which should be searched first for extensions dlls
_NT_EXECUTABLE_IMAGE_PATH=[Drive:][Path]
Specify executable image path.
_NT_SOURCE_PATH=[Drive:][Path]
Specify source file path.
_NT_DEBUG_LOG_FILE_OPEN=filename
If specified, all output will be written to this file from offset 0.
_NT_DEBUG_LOG_FILE_APPEND=filename
If specified, all output will be APPENDed to this file.
_NT_DEBUG_HISTORY_SIZE=size
Specifies the size of a server's output history in kilobytes
Control Keys:
Quit debugger
Break into Target
Force a break into debuggee (same as Ctrl-C)
Debug Current debugger
Toggle Verbose mode
Print version information
ntsd: exiting - press enter ---
用法:開個cmd.exe窗口,輸入:
ntsd -c q -p PID
把最后那個PID,改成你要終止的進(jìn)程的ID。
如果你不知道進(jìn)程的ID,任務(wù)管理器-》進(jìn)程選項卡-》查看-》選擇列-》
勾上"PID(進(jìn)程標(biāo)識符)",然后就能看見了。
2.xp下還有兩個好東東
tasklist和tskill
tasklist能列出所有的進(jìn)程,和相應(yīng)的信息
tskill能查殺進(jìn)程le
語法很簡單
tskill 程序名!!