It can sometimes be useful to dump the list of all running processes on a Windows machine. While you can use the Task Manager or third-party applications like Process Explorer to list all running tasks and manage them directly from within the interface.

Third-party apps like Process Explorer support the exporting of all processes to text files on the system but the standard Task Manager of the Windows operating system does not.

Windows includes the command line tool tasklist that is designed to display the list of tasks and filter the listing. While it does not support built-in export options, it does support the option to direct command line output elsewhere.

Tasklist, just like taskkill which we published a guide about earlier, is a handy command line tool that all supported versions of Windows support.

The Tasklist tool

https://cdn.ghacks.net/wp-content/up...7/tasklist.png


You can run tasklist from the command line and don't need elevated rights for that. Just tap on Start, type cmd.exe and open the Command Prompt from the results to get started.

Simply typing tasklist and hitting the Enter-key displays a list of all running processes on the system. Each process is listed with its name, process ID, session name and number, and memory usage.

You can save the process listing right away by running the command tasklist > output directory and file name, e.g. tasklist > d:\processes.txt.

https://cdn.ghacks.net/wp-content/up...ist-output.png

The utility supports three different display formats. Table is used by default but you may use the command /fo to switch to list or csv view instead. Just use tasklist /fo csv to display the list of processes in a comma separated format instead.

Tasklist shines when it comes to supported filters. You can use filters to display information that you need from information that you don't need. Filters exist to display processes by memory usage, CPU time, process ID, window title, or username among others.

Filters support operators such as eq=equal, ne=not equal, or gt=greater. Note that the filters WINDOWTITLE and STATUS are not supported when you run tasklist on a remote system.

Here is a list of examples that demonstrate filter usage:

  • tasklist /fi "USERNAME eq Martin" -- returns the list of processes run under the user Martin.
  • tasklist /fi "USERNAME ne NT AUTHORITY\SYSTEM" /fi "STATUS eq running" -- returns all processes that are running under system processes.
  • tasklist /fi "MODULES eq nt*" -- Lists all processes that have a DLL that begins with nt.
  • tasklist /fi "PID gt 2000" -- displays all processes with an ID greater than 2000.
  • tasklist /fi "MEMUSAGE gt 4096" -- lists all processes whose memory usage is greater than 4096 Kilobytes.

You can combine filters with other parameters:

  • tasklist /s BasementComp /svc /fi "MEMUSAGE gt 4096" -- Lists processes on the remote computer BasementComp that use more than 4 Megabytes of RAM.
  • tasklist /s BasementComp /u maindom\joe /p password -- to list processes on the remote computer BasementComp using the user joe and joe's password.

You can save all outputs to a text file using the > destination command.

Additional information is provided when you run tasklist /? and on Microsoft's Docs website.