tasklist.exe
XPではtasklist.exeで出てくる内容と比較してみよう
タスクリスト詳細表示
$ tasklist /V|headイメージ名 PID セッション名 セッション# メモリ使用量 状態 ユーザー名 CPU 時間 ウィンドウ タイトル
========================= ====== ================ ======== ============ =============== ================================================== ============ ========================================================================
System Idle Process 0 RDP-Tcp#3 0 28 K Running NT AUTHORITY\SYSTEM 67:48:14 N/A
System 4 RDP-Tcp#3 0 64 K Running NT AUTHORITY\SYSTEM 0:18:48 N/A
smss.exe 628 RDP-Tcp#3 0 64 K Running NT AUTHORITY\SYSTEM 0:00:00 N/A
csrss.exe 676 RDP-Tcp#3 0 45,140 K Running NT AUTHORITY\SYSTEM 0:52:12 N/A
winlogon.exe 700 RDP-Tcp#3 0 4,328 K Running NT AUTHORITY\SYSTEM 0:00:03 N/A
services.exe 744 RDP-Tcp#3 0 1,416 K Running NT AUTHORITY\SYSTEM 0:00:40 N/A
lsass.exe 756 RDP-Tcp#3 0 2,196 K Running NT AUTHORITY\SYSTEM 0:30:14 N/A
モジュール表示
SVC表示
$ tasklist /M|head -40イメージ名 PID モジュール
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 628 ntdll.dll
csrss.exe 676 ntdll.dll, CSRSRV.dll, basesrv.dll,
winsrv.dll, GDI32.dll, KERNEL32.dll,
USER32.dll, LPK.DLL, USP10.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, sxs.dll,
WINSTA.dll, NETAPI32.dll
winlogon.exe 700 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, AUTHZ.dll, msvcrt.dll,
CRYPT32.dll, USER32.dll, GDI32.dll,
MSASN1.dll, NDdeApi.dll, PROFMAP.dll,
NETAPI32.dll, USERENV.dll, PSAPI.DLL,
REGAPI.dll, Secur32.dll, SETUPAPI.dll,
VERSION.dll, WINSTA.dll, WINTRUST.dll,
IMAGEHLP.dll, WS2_32.dll, WS2HELP.dll,
IMM32.DLL, LPK.DLL, USP10.dll, MSGINA.dll,
SHELL32.dll, SHLWAPI.dll, COMCTL32.dll,
ODBC32.dll, comdlg32.dll, comctl32.dll,
odbcint.dll, SHSVCS.dll, sfc.dll,
sfc_os.dll, ole32.dll, Apphelp.dll,
msctfime.ime, uxtheme.dll, WINSCARD.DLL,
WTSAPI32.dll, sxs.dll, WINMM.dll,
cscdll.dll, WlNotify.dll, WINSPOOL.DRV,
$ tasklist /SVC |head -30イメージ名 PID サービス
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 628 N/A
csrss.exe 676 N/A
winlogon.exe 700 N/A
services.exe 744 Eventlog, PlugPlay
lsass.exe 756 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 928 DcomLaunch, TermService
svchost.exe 996 RpcSs
svchost.exe 1084 AudioSrv, CryptSvc, Dhcp, dmserver, ERSvc,
EventSystem, helpsvc, lanmanserver,
lanmanworkstation, Netman, Nla, Schedule,
seclogon, SENS, SharedAccess,
ShellHWDetection, srservice, Themes, TrkWks,
W32Time, winmgmt, wscsvc, wuauserv
svchost.exe 1168 Dnscache
svchost.exe 1212 LmHosts, RemoteRegistry, SSDPSRV, WebClient
spoolsv.exe 1264 Spooler
explorer.exe 1516 N/A
igfxtray.exe 1648 N/A
hkcmd.exe 1656 N/A
igfxpers.exe 1692 N/A
ctfmon.exe 1712 N/A
wdfmgr.exe 2020 UMWdf
alg.exe 1036 ALG
wscntfy.exe 1064 N/A
conime.exe 1768 N/A
/U /M /P で他のマシンの認証ありのタスクも出力可能
STIME(開始時間)が必要だったので結局psになった。
