Ntsd.exe is used to end the process, beginning from 2000, the system comes with user mode debugging tools. By the debugger attached (attach) the process will exit together with the debugger, it can be used to terminate the process at the command line. Use ntsd automatic permission to access the debug, which can kill most of the process (in theory only System, SMSS.EXE and CSRSS.EXE three process can not be the end of the first two are pure kernel mode, and the last that is the Win32 sub- system, ntsd itself needs it).
Ntsd.exe usage:
ntsd-c q-p PID
Or
ntsd-c q pn ImageName
- C is that implementation of the debug command, q that after the implementation of exit (quit),-p that is followed is the process you want to end the corresponding PID,-pn that is followed is that you want to end the process name (process_name. exe For example: QQ.exe, explorer.exe, etc. It is noteworthy that the suffix name. exe can not be omitted, otherwise the system will tell you "do not support this interface")
View pid and process name, we can see in Task Manager, in exceptional circumstances, you can use the tasklist command.
For instance, we want to end a process pid to 3212 maxthon.exe
Then we can at the command prompt, type:
ntsd-c q-p 3212
Or
ntsd-c q-pn maxthon.exe
没有评论:
发表评论