Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1411194
  • 博文数量: 416
  • 博客积分: 13005
  • 博客等级: 上将
  • 技术积分: 3297
  • 用 户 组: 普通用户
  • 注册时间: 2006-04-05 16:26
文章分类

全部博文(416)

文章存档

2014年(1)

2013年(4)

2012年(46)

2011年(64)

2010年(12)

2009年(4)

2008年(40)

2007年(187)

2006年(58)

分类: WINDOWS

2006-08-21 14:27:44

强行关闭windows进程的方法


  问:怎么才能关掉一个用任务管理器关不了的进程?我前段时间发现我的机子里多了一个进程,只要开机就在,我用任务管理器却怎么关也关不了

  答1:杀进程很容易,随便找个工具都行。比如IceSword。关键是找到这个进程的启动方式,不然下次重启它又出来了。顺便教大家一招狠的。其实用Windows自带的工具就能杀大部分进程:

  c:\>ntsd -c q -p PID

  只有System、SMSS.EXE和CSRSS.EXE不能杀。前两个是纯内核态的,最后那个是Win32子系统,ntsd本身需要它。ntsd从2000开始就是系统自带的用户态调试工具。被调试器附着(attach)的进程会随调试器一起退出,所以可以用来在命令行下终止进程。使用ntsd自动就获得了debug权限,从而能杀掉大部分的进程。ntsd会新开一个调试窗口,本来在纯命令行下无法控制,但如果只是简单的命令,比如退出(q),用-c参数从命令行传递就行了。NtsdNtsd 按照惯例也向软件开发人员提供。只有系统开发人员使用此命令。有关详细信息,请参阅 NTSD 中所附的帮助文件。用法:开个cmd.exe窗口,输入:

  ntsd -c q -p PID

  把最后那个PID,改成你要终止的进程的ID。如果你不知道进程的ID,任务管理器->进程选项卡->查看->选择列->勾上"PID(进程标识符)",然后就能看见了。

  答2:xp下还有两个好东东tasklist和tskill。tasklist能列出所有的进程,和相应的信息。tskill能查杀进程,语法很简单:tskill 程序名!!

NTSD 中所附的帮助文件


usage: ntsd [-?] [-2] [-d] [-g] [-G] [-myob] [-lines] [-n] [-o] [-s] [-v] [-w]
           [-r BreakErrorLevel]  [-t PrintErrorLevel]
           [-hd] [-pd] [-pe] [-pt #] [-pv] [-x | -x{e|d|n|i} ]
           [-- | -p pid | -pn name | command-line | -z CrashDmpFile]
           [-zp CrashPageFile] [-premote transport] [-robp]
           [-aDllName] [-c "command"] [-i ImagePath] [-y SymbolsPath]
           [-clines #] [-srcpath SourcePath] [-QR \\machine] [-wake ]
           [-remote transport:server=name,portid] [-server transport:portid]
           [-ses] [-sfce] [-sicv] [-snul] [-noio] [-failinc] [-noshell]

where: -? displays this help text
      command-line is the command to run under the debugger
      -- is the same as -G -g -o -p -1 -d -pd
      -aDllName sets the default extension DLL
      -c executes the following debugger command
      -clines number of lines of output history retrieved by a remote client
      -failinc causes incomplete symbol and module loads to fail
      -d sends all debugger output to kernel debugger via DbgPrint
         -d cannot be used with debugger remoting
         -d can only be used when the kernel debugger is enabled
      -g ignores initial breakpoint in debuggee
      -G ignores final breakpoint at process termination
      -hd specifies that the debug heap should not be used
          for created processes.  This only works on Windows Whistler.
      -o debugs all processes launched by debuggee
      -p pid specifies the decimal process Id to attach to
      -pd specifies that the debugger should automatically detach
      -pe specifies that any attach should be to an existing debug port
      -pn name specifies the name of the process to attach to
      -pt # specifies the interrupt timeout
      -pv specifies that any attach should be noninvasive
      -r specifies the (0-3) error level to break on (SeeSetErrorLevel)
      -robp allows breakpoints to be set in read-only memory
      -t specifies the (0-3) error level to display (SeeSetErrorLevel)
      -w specifies to debug 16 bit applications in a separate VDM
      -x sets second-chance break on AV exceptions
      -x{e|d|n|i} sets the break status for the specified event
      -2 creates a separate console window for debuggee
      -i ImagePath specifies the location of the executables that generated
         the fault (see _NT_EXECUTABLE_IMAGE_PATH)
      -lines requests that line number information be used if present
      -myob ignores version mismatches in DBGHELP.DLL
      -n enables verbose output from symbol handler
      -noio disables all I/O for dedicated remoting servers
      -noshell disables the .shell (!!) command
      -QR <\\machine> queries for remote servers
      -s disables lazy symbol loading
      -ses enables strict symbol loading
      -sfce fails critical errors encountered during file searching
      -sicv ignores the CV record when symbol loading
      -snul disables automatic symbol loading for unqualified names
      -srcpath specifies the source search path
      -v enables verbose output from debugger
      -wake wakes up a sleeping debugger and exits
      -y specifies the symbol search path (see _NT_SYMBOL_PATH)
      -z specifies the name of a crash dump file to debug
      -zp specifies the name of a page.dmp file
                          to use with a crash dump
      -remote lets you connect to a debugger session started with -server
              must be the first argument if present
              transport: tcp | npipe | ssl | spipe | 1394 | com
              name: machine name on which the debug server was created
              portid: id of the port the debugger server was created on
                  for tcp use:  port=
                  for npipe use:  pipe=
                  for 1394 use:  channel=
                  for com use:  port=,baud=,
                                channel=
                  for ssl and spipe see the documentation
              example: ... -remote npipe:server=yourmachine,pipe=foobar
      -server creates a debugger session other people can connect to
              must be the first argument if present
              transport: tcp | npipe | ssl | spipe | 1394 | com
              portid: id of the port remote users can connect to
                  for tcp use:  port=
                  for npipe use:  pipe=
                  for 1394 use:  channel=
                  for com use:  port=,baud=,
                                channel=
                  for ssl and spipe see the documentation
              example: ... -server npipe:pipe=foobar
      -premote transport specifies the process server to connect to
             transport arguments are given as with remoting

Environment Variables:

   _NT_SYMBOL_PATH=[Drive:][Path]
       Specify symbol image path.

   _NT_ALT_SYMBOL_PATH=[Drive:][Path]
       Specify an alternate symbol image path.

   _NT_DEBUGGER_EXTENSION_PATH=[Drive:][Path]
       Specify a path which should be searched first for extensions dlls

   _NT_EXECUTABLE_IMAGE_PATH=[Drive:][Path]
       Specify executable image path.

   _NT_SOURCE_PATH=[Drive:][Path]
       Specify source file path.

   _NT_DEBUG_LOG_FILE_OPEN=filename
       If specified, all output will be written to this file from offset 0.

   _NT_DEBUG_LOG_FILE_APPEND=filename
       If specified, all output will be APPENDed to this file.

   _NT_DEBUG_HISTORY_SIZE=size
       Specifies the size of a server's output history in kilobytes

Control Keys:

    Quit debugger
            Break into Target
    Force a break into debuggee (same as Ctrl-C)
    Debug Current debugger
    Toggle Verbose mode
    Print version information
ntsd: exiting - press enter ---


阅读(2935) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~