Ntsd command instructions

When you run a program, you start a process. For Windows systems, the role of the process is very important. Some bad programs and rogue software of the Trojan virus are also loyal to the treasure of the process. When you encounter such a process, you want to end them through the task manager, but when you have time, you will encounter a process that can't be closed with the task manager. Here is a simple, convenient and effective method:

Select "Start" - "Run", enter "cmd" to open the DOS window, enter:

ntsd -cq -p PID

Description: PID, here you need to change The ID number of the process to terminate.

Since 2000, ntsd is the user-mode debugging tool that comes with the system. The process attached by the debugger exits with the debugger, so it can be used to terminate the process at the command line. Using ntsd automatically gets debug permissions, which can kill most of the process. Ntsd will open a new debug window, which could not be controlled under the pure command line, but if it is just a simple command, such as exiting (q), it can be passed from the command line with the -c parameter.

Using the ntsd command, you can end most of the system process, only System, SMSS.EXE and CSRSS.EXE can not kill, the first two are pure kernel state, the last is the Win32 subsystem, ntsd itself needs it.

How is the ID number of the process obtained?

Open the task manager, in the menu bar, select "View" - "Select Column", in the open selection window, select the "PID (process identifier)" item hook, so the task manager There will be more PID items in the process.

What if there is no menu bar and tab bar?

Have you ever encountered a task manager window with only one content frame, no menu bar and tab bar.

This is just another simple display method provided by the system. Double-clicking in the gray space of the task manager, please double-click again in the gray space and it will return to normal immediately.