Really killing a process in Windows - windows

Occasionally a program on a Windows machine goes crazy and just hangs. So I'll call up the task manager and hit the "End Process" button for it. However, this doesn't always work; if I try it enough times then it'll usually die eventually, but I'd really like to be able to just kill it immediately. On Linux I could just kill -9 to guarantee that a process will die.
This also could be used for writing batch scripts and writing batch scripts is programming.
Is there some program or command that comes with Windows that will always kill a process? A free third-party app would be fine, although I'd prefer to be able to do this on machines I sit down at for the first time.

"End Process" on the Processes-Tab calls TerminateProcess which is the most ultimate way Windows knows to kill a process.
If it doesn't go away, it's currently locked waiting on some kernel resource (probably a buggy driver) and there is nothing (short of a reboot) you could do to make the process go away.
Have a look at this blog-entry from wayback when: http://blogs.technet.com/markrussinovich/archive/2005/08/17/unkillable-processes.aspx
Unix based systems like Linux also have that problem where processes could survive a kill -9 if they are in what's known as "Uninterruptible sleep" (shown by top and ps as state D) at which point the processes sleep so well that they can't process incoming signals (which is what kill does - sending signals).
Normally, Uninterruptible sleep should not last long, but as under Windows, broken drivers or broken userpace programs (vfork without exec) can end up sleeping in D forever.

taskkill /im myprocess.exe /f
The "/f" is for "force".
If you know the PID, then you can specify that, as in:
taskkill /pid 1234 /f
Lots of other options are possible, just type taskkill /? for all of them. The "/t" option kills a process and any child processes; that may be useful to you.

Process Hacker has numerous ways of killing a process.
(Right-click the process, then go to Miscellaneous->Terminator.)

JosepStyons is right. Open cmd.exe and run
taskkill /im processname.exe /f
If there is an error saying,
ERROR: The process "process.exe" with PID 1234 could not be
terminated.
Reason: Access is denied.
then try running cmd.exe as administrator.

Get process explorer from sysinternals (now Microsoft)
Process Explorer - Windows Sysinternals | Microsoft Docs

One trick that works well is to attach a debugger and then quit the debugger.
On XP or Windows 2003 you can do this using ntsd that ships out of the box:
ntsd -pn myapp.exe
ntsd will open up a new window. Just type 'q' in the window to quit the debugger and take out the process.
I've known this to work even when task manager doesn't seem able to kill a process.
Unfortunately ntsd was removed from Vista and you have to install the (free) debbugging tools for windows to get a suitable debugger.

setup an AT command to run task manager or process explorer as SYSTEM.
AT 12:34 /interactive "C:/procexp.exe"
If process explorer was in your root C drive then this would open it as SYSTEM and you could kill any process without getting any access denied errors. Set this for like a minute in the future, then it will pop up for you.

FYI you can sometimes use SYSTEM or Trustedinstaller to kill tasks ;)
google quickkill_3_0.bat
sc config TrustedInstaller binPath= "cmd /c TASKKILL /F /IM notepad.exe
sc start "TrustedInstaller"

I had this issue too, here is how I solved it.
1/ Open the « task manager « 
2/ Locate the application name in the list
3/ Once found, right click on its name then click on « properties »
4/ In the properties interface, click on « security « 
5/ Click on « edit » to change permissions
6/ « Deny » all permissions for all users, click on «  apply » then « ok »
7/ click on « advanced » for special permissions settings
8/ Remove permissions for all users
9/ click on «  apply » then « ok »
10/ click on «  apply » then « ok » again
11/ you can now kill the process on task manager as well as uninstall the app of you want to.

When ntsd access is denied, try:
ZeroWave was designed to be a simple tool that will provide a multilevel termination of any kind of process.
ZeroWave is also a easy-to-use program due to its simple installation and its very friendly graphical interface.
ZeroWave has three termination modes and with the "INSANE" mode can terminate any kind of process that can run on Windows.
It seems that ZeroWave can't kill avp.exe

wmic process where processid="11008" call terminate

Related

Window opened via psexec is blank when using PowerShell Direct, but is OK when psexec starts locally

I am trying to build a simple environment to take screenshots automatically. I have several Hyper-V VMs and I need to use PowerShell Direct to run commands on them in a special sequence. When I run psexec to open notepad.exe via PowerShell Direct, Notepad's window opens, but it is blank. I can blindly click controls on the window (e.g., on the toolbar) and it appears that they work, but nothing is actually displayed besides a blank window.
The only simple option to open Windows in an existing session I see now is to run psexec (any other suggestions would be greatly appreciated because my attempts to stick to PowerShell-only approach hits a roadblock, see Starting a GUI application on a guest VM with PowerShell Direct).
I run psexec on one of the virtual machines to start notepad.exe in session 2. This PowerShell snippet runs on a host VM, it contacts guest VM via PowerShell Direct.
Invoke-Command -VMName 'client1.example.com' -Credential $credential -ScriptBlock {
C:\bin\psexec.exe \\client1.example.com -i 2 "notepad.exe"
}
notepad.exe starts, but the window is blank. Is this a bug in psexec?
Please see the screenshot:
The problem does not occur when I run psexec directly in a guest VM.
C:\bin\psexec.exe \\client1.example.com -i 2 "notepad.exe"
Solved by adding the -s option. I don't understand why the problem occurs in the first place and how running it "in the system account" helps.
-s Run the remote process in the System account.
The problem does not occur when I start explorer.exe, BTW.

How to stop firebird process that was run as application in command line?

We may run Firebird as application using command line:
firebird.exe -a -p 3050
Is that possible to shutdown the firebird process using command line too?
There is no "easy" way to do it. If you started firebird.exe as an application, you can quit it by right-clicking on its icon in the taskbar, and selecting shutdown.
The only alternative is to kill it using taskkill, for example:
taskkill /IM firebird.exe
This has the following downsides:
if you have active connections, this will produce a popup to ask for confirmation of shutdown (just like when doing this from the taskbar)
if you have multiple firebird.exe processes, they will all be terminated
You can also force kill to shutdown, this will not produce the popup; open connections will be killed without prompting:
taskkill /F /IM firebird.exe
However, if you regularly need to do this, it might be better to install Firebird as a Window service that doesn't startup automatically. You can then control the service using NET START and NET STOP (or using instsvc).
For example, install Firebird as a service (require administrator command prompt):
instsvc install -demand -name firebird3
This creates a service called "Firebird Server - firebird3"
You can then start and stop the service using NET START "Firebird Server - firebird3" and NET STOP "Firebird Server - firebird3", although this also requires elevated administrator privileges.

Windows 10 - Taskkill never kills a task

I have a application which is a keyboard on the screen, I need to kill it via taskkill but it is impossible to kill.
How do you kill it?
I tried all combinations but it won't just get killed?
I was able to kill the process using wmic using hte following command.
C:\>wmic process where name='TouchIt.exe' delete

Setting Windows process permissions from shell or script

I'm blessed with some processes on my machine that I can not kill by default - Task Manager claims "Access is denied". Since I have admin access, I can kill these processes in Process Explorer by modifying their permissions and granting "Full Control" to the Administrators group before attempting to kill them.
I'd like to automate this in a script, preferrably in standard CMD, if necessary using PowerShell or .NET scripting. Could anyone point me towards the necessary invocations?
Added npocmaka's comment as an answer.
Use the following statement to kill a process as Administrator:
runas /user:Administrator taskkill /im processName* /f

startnet.cmd issues when silently installing Windows 7

I am trying to start windows 7 unattended using the startnet.cmd file. The problem is that when the start setup.exe command is triggered, the setup runs and closes, but cannot reboot because the startnet.cmd is still open. If I put "exit", it starts the setup and exits immediately. Is there a way to check uf the setup ran successfully and then perform an exit?
wpeinit
net use u: \\192.168.2.10\windows
u:
start setup.exe /unattend:\\192.168.2.10\windows\unattend.xml /noreboot
REM ping -n 30 127.0.0.1
REM exit
I think your commands are correct but you explicitly state that setup.exe shall not initiate a reboot after the first phase of the setup procedure has completed.
The black cmd.exe Window will have to remain open during the setup procedure. If it's terminated then Windows PE performs an immediate reboot. Hence your setup.exe process will be terminated. I think your comment using ping to delay the exit very well shows that you have tried to delay terminating the shell process. But as you can't know how long the setup process will take you cannot fill any good value in the delay algorithm.
Although I think you don't need to. You are launching setup.exe using start which detaches the process and returns to the shell immediately. In fact since setup.exe is the last command you run you could also live with the fact that setup.exe is not detached. Either by not using start or by using start /wait
wpeinit
net use u: \\192.168.2.10\windows
u:
setup.exe /unattend:\\192.168.2.10\windows\unattend.xml /noreboot
exit
or
wpeinit
net use u: \\192.168.2.10\windows
u:
start /wait setup.exe /unattend:\\192.168.2.10\windows\unattend.xml /noreboot
exit
Although I think the entire purpose of this would be to return to the shell and perform the exit (which initiates a reboot) command after setup.exe terminates.
As there are no more commands to be executed I suggest letting setup.exe do the reboot itself by removing the /noreboot flag:
wpeinit
net use u: \\192.168.2.10\windows
u:
start setup.exe /unattend:\\192.168.2.10\windows\unattend.xml
This should keep the shell process (cmd.exe) open while setup is running. At the end of the setup process it will initiate a reboot (initiated by setup.exe) and therefore also te

Resources