Howto: Getting Process IDs

  • Article

There are many ways to get a list of processes with their PID. Here are a few.

 

tlist:
"tlist" is in the debuggers folder and can be used to get the pid of a running process: Helpful tlist commands.

 

· tlist /t - Displays a task tree in which each process appears as a child of the process that created it (think: easier reading)

· tlist /c - shows paths to the files.

 

To get tlist: Go to https://www.microsoft.com/whdc/devtools/debugging/default.mspx and download the debugging tools to match the version of Windows of the machine where the program is running and the processor type (32bit or 64bit) of the application for which the dump is going to be taken.

 

Task Manager:
Windows Task Manager can be used for also getting the pid if a running application.

 

· Launch Task Manager

· Click on "Processes" tab

· Click "Show processes from all users"

· Go the menu - View/Select Columns, select PID, User Name, Comand Line.

 

You should now be able to locate the PID for the process.

 

For COM+ applications, you probably can locate the correct svchost.exe process by looking at the "User Name" and "Command Line" columns. The "Command Line" column is not available under Windows 2003.

 

Visual Studio:

With Visual Studio you can see the lists of processes by going off the menu:

 

Debug

Attach To Process…

 

Note that you might want to click the check boxes to see all processes.

 

tasklist

Tasklist comes with Windows XP, Vista, Windows 2003, etc.

 

Two very useful areas of this util are that it can:

· It can list processes on the local box and on remote machines.

· It can write-out the list as a CSV (which can be redirected to a file.

 

            Tasklist

https://technet.microsoft.com/en-us/library/bb491010.aspx

 

Process Explorer:

Process Explorer (processexp.exe) is a great tool from Sysinternals. With this tool, you can not only get the process Id’s, you can:

 

· Drill down through a tree of processes

· Find the process of an application by dropping a target icon on the application (cool).

· See the Company Name related to the process (wish all process listing apps did this).

· Get full path info

· Check memory usage (this is useful for checking for leaks, and other types of issues).

· Check the threads running & check the stack of each thread!

· See network connections being used

· Check what security groups Info

· See environment variables.

· There are a lot more things this tool does – be sure to check it out.

 

See...

 

Process Explorer v11.21

https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

 

Monitoring active processes:

There is a great utility from Sysinternals which can actively monitor (and log) the activity of processes. This tool can track registry, file and process +thread activity. It combines the capabilities of earlier monitoring tools from Sysinternals (like Filemon and Regmon).

 

See...

 

Process Monitor v1.37

https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx