NTSD--Ѻ ¼|ע뿪| |  ģӮʱд 
loading...
Ժ...
 ־  Ƶ   ҳ 
Ѻ >  > ־ > Windows &laquo; һƪ | һƪ &raquo;2008-09-03 | NTSD  ǩ ntsd    
taskkill  tskill  ntsd
 

 
:
"":ntsd  -c q  -pn (MS-Dosеһ)
 
:
    tskill
tasklistӦİ! tasklistʾЩ!
tskillǹرеĽ.
,ûŶ!^O^
 
 жµ?
!tskill,taskkill,ntsd.
tskillʹΪ,C:\>tskill

TSKILL processid | processname [/SERVER:servername] [/ID:sessionid | /A] [/V]

processid ҪĽ̵ Process ID
processname ҪĽơ
/SERVER:servername  processID ķ(Ĭֵǵǰֵ)
ʹý /SERVER ʱָ
/ID  /A
/ID:sessionid ָỰеĽ̡
/A лỰеĽ̡
/V ʾִеĲϢ

taskkillҪĺôǴܶɸѡ,
C:\>taskkill /?

TASKKILL [/S system [/U username [/P [password]]]]
{ [/FI filter] [/PID processid | /IM imagename] } [/F] [/T]
:
й߿һ̡
Ըݽ id ͼ̡
б:
/S system ָҪӵԶϵͳ
/U [domain\]user ָӦĸû
ִ
/P [password] Ϊṩûָ
롣ԣʾ롣
/F ָҪǿֹ
̡
/FI filter ָɸѡɸѡѯ

/PID process id ָҪֹĽ̵
PID
/IM image name ָҪֹĽ̵
ͼͨ '*'
ָͼ
/T Tree kill: ָֹĽ
κɴӽ̡
/? ʾ/÷
ɸѡ:
ɸѡ Ч Чֵ
----------- --------------- --------------
STATUS eq, ne  | ûӦ
IMAGENAME eq, ne ͼ
PID eq, ne, gt, lt, ge, le PID ֵ
SESSION eq, ne, gt, lt, ge, le Ự
CPUTIME eq, ne, gt, lt, ge, le CPU ʱ䣬ʽΪ
hh:mm:ss
hh - ʱ
mm - ӣss - 
MEMUSAGE eq, ne, gt, lt, ge, le ڴʹãλΪ KB
USERNAME eq, ne ûʽΪ
[domain\]user
MODULES eq, ne DLL 
SERVICES eq, ne 
WINDOWTITLE eq, ne ڱ
ע: ֻдɸѡ£ܸ /IM лʹͨ '*'
ע: Զ̽Ҫǿֹ
Ƿָ /F ѡ
:
TASKKILL /S system /F /IM notepad.exe /T
TASKKILL /PID 1230 /PID 1241 /PID 1253 /T
TASKKILL /F /IM notepad.exe /IM mspaint.exe
TASKKILL /F /FI "PID ge 1000" /FI "WINDOWTITLE ne untitle*"
TASKKILL /F /FI "USERNAME eq NT AUTHORITY\SYSTEM" /IM notepad.exe
TASKKILL /S system /U domain\username /FI "USERNAME ne NT*" /IM *
TASKKILL /S system /U username /P password /FI "IMAGENAME eq note*"

һЩߵȼĽ,tskilltaskkill޷,ôǻһǿĹ,Ǿϵͳdebugntsd.׼ȷ˵,ntsdһ

ϵͳԹ,ֻṩϵͳĹԱʹ,Ƕɱ̻Ǻˬ.ϳWINDOWSϵͳԼĹ,ntsdɱ.

Ȼ,Щrootkitĳľ,Ϊ,ҺţţľǺٵ.
NTSD ԳʱҪûָһҪӵĽ̡ʹ TLIST  PVIEWERԻĳн̵Ľ IDȻ NTSD -p 
pid ̡NTSD ʹµľ䷨
NTSD [options] imagefile
Уimagefile ҪԵӳƣoptions ѡ֮һ
ѡ˵-2һڵַģʽӦó´-dض򵽵ն-g ʹִԶͨһϵ-Gʹ NTSD 
ӳֹʱ˳oö̵ĵԣĬֵΪɵԳһ-pָɽ ID ʶĽ-vϸ
磬 inetinfo.exe Ľ ID Ϊ 104 NTSD Գӵ inetinfo  (IIS)
NTSD -p 104
Ҳʹ NTSD һ½еԡ磬NTSD notepad.exe һµ notepad.exe ̣ӡ
һӵĳ̣Ϳø鿴ջöϵ㡢תڴ棬ȵȡ
~ʾ̵߳һбKB 
ʾǰ̵߳Ķջ켣~*KBʾ̵߳Ķջ켣Rʾǰ֡ļĴU벢ʾƫD[type][< range>]תڴBP[#] 
öϵBC[]һϵBD[]һϵBE[< bp>]һϵBL[]гһϵ
,һǳҪĲ-v,ǿͨһҽЩӿļ.кܶಡ,ľ,߶,ϲԼɶ̬,Ȼעᵽϵͳļؿб,ﵽԼĿ.
Ҫһntsdض,ضһıļ,Ƿо.
c:\>set _NT_DEBUG_LOG_FILE_APPEND=c:\pdw.txt
ע,Ȼض,ǵȻʾĻ,һ뵽debugģʽ,ʹ-c q,ͿԱ.
c:\>ntsd -c q -v notepad.exe
ǵpdw.txtļ,ͿԿnotepad.exeļĵϢ.
ntsdʹ²ɱ.
c:\>ntsd -c q -p PID ֻҪṩ̵PID,ôͿԸɵ. 
  |   (0) |  Ķ (3)  |  ̶ |   (Windows) |   09:32 
ʾ̶ӡΪʾƪµĹ̶ӣл
ӵַhttp://rsubt.blog.sohu.com/98925484.html ƴ˵ַ

     һʱɳôѺܰʾ販թƭ Ѻ͹ԱȷַΪhttp://admin.blog.sohu.com 
ðơѺ͹ٷҪμӻĸλѽκεáԡенϢҪİ绰İʻƭʶƭ 
鿴顣
ֻ¼ûſɶԴۡ¼

ͷ԰ | ͷ | ͷ | 24Сʱͷ:010-58511234(˹8:00-24:00) | ߿ͷ | ٱϢ 
Copyright &copy; 2009 Sohu.com Inc. All rights reserved. Ѻ˾ Ȩ 
  >