*** How to use PsKill.exe ***PsKill is probably the oldest and most common method of killing processes via Microsoft Windows Command Line. Mark Russinovich from Sysinternals developed the tool a long time ago, and now both Mark and the tool are part of Microsoft. The very first step is to execute the tool with the "-accepteula" option so you are actually able to use it.
c:\> pskill -accepteulaNow we are good to kill any processes by passing the PID number as an argument to PsKill.
c:\> pskill $PID-Number
Replace "$PID-Number" with your target Process ID. If you want to list the available processes that can be killed you may use "pslist.exe" command that has been developed by the same person. Don't forget to use the "-accepteula" first.
*** How to kill a Microsoft
Windows process via command-line WITHOUT pskill.exe ***
Modern versions of Microsoft Windows come with the built-in "taskkill" command, which makes killing a process very simple:
C:\> taskkill -pid $PID-Number /T /FReplace "$PID-Number" with your target Process ID. If you want to kill a process by name you should execute:
C:\> taskkill -im "$Process-Name" /T /F
You can also replace "$Process-Name" with a process name such as iexplore.exe to close Internet Explorer and force current user to open it again and insert their credentials on a website that you are targeting or monitoring.
*** How to use ProcessHacker via command-line ***
You can also use a nifty tool called ProcessHacker to kill and suspend processes (see http://processhacker.sourceforge.net). I often use it to kill or suspend the Antivirus process and bypass it. :)
c:\> ProcessHacker.exe -c -ctype process -cobject $PID-Number -caction terminateYou may also suspend it as demonstrated below:
c:\> ProcessHacker.exe -c -ctype process -cobject $PID-Number –caction suspend
I hope you have enjoyed these simple, yet very useful tips.
Stay tuned for more Wendel's Small Hacking Tricks.