Board logo

标题: [工具合集] TList - 来自[微软调试工具包]的进程查看程序,可查看命令行参数等… [打印本页]

作者: yu2n    时间: 2016-3-9 00:57     标题: TList - 来自[微软调试工具包]的进程查看程序,可查看命令行参数等…

TList

TList (Task List Viewer), Tlist.exe, is a command-line tool that displays the processes running on the local computer along with useful information about each process.

TList displays:
All processes running on the computer, along with their process IDs (PIDs).

A tree showing which processes created each process.

Details of the process, including its virtual memory use and the command that started the process.

Threads running in each process, including their thread IDs, entry points, last reported error, and thread state.

The modules running in each process, including the version number, attributes, and virtual address of the module.

You can use TList to search for a process by name or PID, or to find all processes that have loaded a specified module.

In Windows XP and later versions of Windows, TList was replaced by TaskList (Tasklist.exe), which is described in Help and Support for those systems. TList is included in Debugging Tools for Windows to support users who do not have access to TaskList.



This section includes:
  1. TList Commands
  2. The syntax of the TList command is as follows:
  3.     tlist [/p ProcessName | PID | Pattern | /t | /c | /e | /k | /m [Module] | /s | /v
  4.    
  5. Parameters
  6. tlist
  7. Without additional parameters, TList displays all running processes, their process identifiers (PIDs), and the title of the window in which they are running, if any.
  8. /p ProcessName
  9. Displays the process identifier (PID) of the specified process.
  10. ProcessName is the name of the process (with or without file name extension), not a pattern.
  11. If the value of ProcessName does not match any running process, TList displays -1. If it matches more than one process name, TList displays only the PID of the first matching process.
  12. PID
  13. Displays detailed information about the process specified by the PID. For information about the display, see the "Remarks" section below. To find a process ID, type tlist without additional parameter.
  14. Pattern
  15. Displays detailed information about all processes whose names or window titles match the specified pattern. Pattern can be a complete name or a regular expression.
  16. /t
  17. Displays a task tree in which each process appears as a child of the process that created it.
  18. /c
  19. Displays the command line that started each process.
  20. /e
  21. Displays the session identifier for each process.
  22. /k
  23. Displays the COM components active in each process.
  24. /m Module
  25. Lists tasks in which the specified DLL or executable module is loaded. Module can be a complete module name or a module name pattern.
  26. /s
  27. Displays the services that are active in each process.
  28. /v
  29. Displays details of running processes including the process ID, session ID, window title, command line, and the services running in the process.
  30. Comments
  31. In its detailed display of a process (tlist PID or tlist Pattern), TList displays the following information.
  32. Process ID, executable name, friendly name of the program.
  33. Current working directory (CWD).
  34. The command line that started the process (CmdLine).
  35. Current virtual address space values.
  36. Number of threads.
  37. A list of threads running in the process. For each thread, TList displays the thread ID (TID), the function that the thread is running, the address of the entry point, the address of the last reported error (if any), and the thread state.
  38. A list of the modules loaded for the process. For each module, TList displays the version number, attributes, virtual address of the module, and the module name.
  39. When using the /e parameter, valid session identifiers appear in the process list only under the following conditions. Otherwise, the session identifier is zero (0).
  40. On Windows 2000 and Windows Server 2003, at least one user must be connected to a session other than the console session.
  41. On Windows XP, Fast User Switching must be enabled and more than one user must be connected to the non-console session.
  42. On Windows Vista, where all processes are associated with two Terminal Services sessions by default, at least one user must be connected to the non-console session.
复制代码
  1. TList Examples
  2. The following examples demonstrate how to use TList.
  3. Simplest TList Command (tlist)
  4. Typing tlist without additional parameters displays a list of running processes, their process IDs (PIDs), and the title of the window in which they are running, if any.
  5. c:\>tlist
  6.    0 System Process  
  7.    4 System         
  8. 308 smss.exe        
  9. 356 csrss.exe         
  10. 380 winlogon.exe      NetDDE Agent
  11. 424 services.exe   
  12. 436 lsass.exe      
  13. 604 svchost.exe     
  14. 776 svchost.exe     
  15. 852 spoolsv.exe     
  16. 1000 clisvcl.exe     
  17. 1036 InoRpc.exe      
  18. 1064 InoRT.exe      
  19. 1076 InoTask.exe     
  20. 1244 WTTSvc.exe        
  21. 1492 Sysparse_com.exe  OleMainThreadWndName
  22. 1980 explorer.exe      Program Manager
  23. 1764 launch32.exe      SMS Client User Application Launcher
  24. 1832 msmsgs.exe        MSBLNetConn
  25. 2076 ctfmon.exe        
  26. 2128 ISATRAY.EXE       IsaTray
  27. 4068 tlist.exe   
  28. Find a process ID (-p)
  29. The following command uses the -p parameter and process name to find the process ID of the Explorer.exe (Explorer) process.
  30. In response, TList displays the process ID of the Explorer process, 328.
  31. c:\>tlist -p explorer
  32. 328
  33. Find process details using PID
  34. The following command uses the process ID of the process in which Explorer is running to find detailed information about the Explorer process.
  35. c:\>tlist 328
  36. In response, TList displays details of the Explorer process including the following elements:
  37. Process ID, executable name, program friendly name.
  38. Current working directory (CWD).
  39. The command line that started the process (CmdLine).
  40. Current virtual address space values.
  41. Number of threads.
  42. A list of threads running in the process. For each thread, TList displays the thread ID (TID), the function that the thread is running, the address of the entry point, the address of the last reported error (if any), and the thread state.
  43. A list of the modules loaded for the process. For each module, TList displays the version number, attributes, virtual address of the module, and the module name.
  44. The following is an excerpt of the output resulting from this command.
  45. 328 explorer.exe      Program Manager
  46.    CWD:     C:\Documents and Settings\user01\
  47.    CmdLine: C:\WINDOWS\Explorer.EXE
  48.    VirtualSize:    90120 KB   PeakVirtualSize:   104844 KB
  49.    WorkingSetSize: 19676 KB   PeakWorkingSetSize: 35716 KB
  50.    NumberOfThreads: 17
  51.     332 Win32StartAddr:0x010160cc LastErr:0x00000008 State:Waiting
  52.    1232 Win32StartAddr:0x70a7def2 LastErr:0x00000000 State:Waiting
  53.    1400 Win32StartAddr:0x77f883de LastErr:0x00000000 State:Waiting
  54.    1452 Win32StartAddr:0x77f91e38 LastErr:0x00000000 State:Waiting
  55.    1484 Win32StartAddr:0x70a7def2 LastErr:0x00000006 State:Waiting
  56.    1904 Win32StartAddr:0x74b02ed6 LastErr:0x00000000 State:Ready
  57.    1948 Win32StartAddr:0x72d22ecc LastErr:0x00000000 State:Waiting
  58.    ....  (thread data deleted here)
  59.   6.0.2800.1106 shp  0x01000000  Explorer.EXE
  60.   5.1.2600.1217 shp  0x77F50000  ntdll.dll
  61.   5.1.2600.1106 shp  0x77E60000  kernel32.dll
  62.   7.0.2600.1106 shp  0x77C10000  msvcrt.dll
  63.   5.1.2600.1106 shp  0x77DD0000  ADVAPI32.dll
  64.   5.1.2600.1254 shp  0x78000000  RPCRT4.dll
  65.   5.1.2600.1106 shp  0x77C70000  GDI32.dll
  66.   5.1.2600.1255 shp  0x77D40000  USER32.dll
  67.   ....  (module data deleted here)
  68. Find multiple processes (Pattern)
  69. The following command searches for processes by a regular expression that represents the process name or window name of one or more processes. In this example, the command searches for a process whose process name or window name begins with "ino."
  70. c:\>tlist ino*
  71. In response, TList displays process details for Inorpc.exe, Inort.exe, and Inotask.exe. For a description of the output, see the "Find process details using PID" subsection above.
  72. Display a process tree (/t)
  73. The following command displays a tree that represents the processes running on the computer. Processes appear as the children of the process that created them.
  74. c:\>tlist /t
  75. The resulting process tree follows. This tree shows, among other things, that the System (4) process created the Smss.exe process, which created Csrss.exe, Winlogon.exe, Lsass.exe and Rundll32.exe. Also, Winlogon.exe created Services.exe, which created all of the service-related processes.
  76. System Process (0)
  77. System (4)
  78.   smss.exe (404)
  79.     csrss.exe (452)
  80.     winlogon.exe (476) NetDDE Agent
  81.       services.exe (520)
  82.         svchost.exe (700)
  83.         svchost.exe (724)
  84.         svchost.exe (864)
  85.         svchost.exe (888)
  86.         spoolsv.exe (996)
  87.         scardsvr.exe (1040)
  88.         alg.exe (1172)
  89.         atievxx.exe (1200) ATI video bios poller
  90.         InoRpc.exe (1248)
  91.         InoRT.exe (1264)
  92.         InoTask.exe (1308)
  93.         mdm.exe (1392)
  94.         dllhost.exe (2780)
  95.       lsass.exe (532)
  96.       rundll32.exe (500)
  97. explorer.exe (328) Program Manager
  98.   WLANMON.exe (1728) TI Wireless LAN Monitor
  99.   ISATRAY.EXE (1712) IsaTray
  100.   cmmon32.exe (456)
  101.   WINWORD.EXE (844) Tlist.doc - Microsoft Word
  102.   dexplore.exe (2096) Platform SDK - CreateThread
  103. Find process by module (/m)
  104. The following command finds all of the processes running on the computer that load a particular DLL.
  105. c:\>tlist /m
  106. In response, TList displays process details for Inorpc.exe, Inort.exe, and Inotask.exe. For a description of the output, see the "Find process details using PID" subsection above.
复制代码
TList
https://msdn.microsoft.com/en-us ... 58901(v=vs.85).aspx

download
http://wiert.me/2012/05/09/getti ... the-debugger-tools/

http://bcn.bathome.net/s/tool/index.html?key=TList
作者: CrLf    时间: 2016-3-9 02:20

回头把这些工具搜集一下,上传batch-cn去
作者: zll855    时间: 2016-11-7 14:44

这个小工具 在win2012 不好用

很多进程读不出路径地址




欢迎光临 批处理之家 (http://bbs.bathome.net/) Powered by Discuz! 7.2