How to brutally kill a process in Windows environment

Today we’ll go over the various methods to kill a process. Can be useful especially if the process is stuck somehow and you’re having trouble closing/killing it.

Kill process with WMI queries

Open cmd.exe and run command:

wmic process where name='myprocessname.exe' delete

Batch kill in command prompt

Open cmd.exe and run command:

taskkill /IM "myprocessname" /T /F

/IM is required to pick process, but the extra parameters /T and /F are optional. They’re quite useful though:

/T = also kills child processes
/F = force termination of your process

Kill it the powerful way

Indeed. You can also kill it using Powershell, but you need to find the process ID first. Open Powershell prompt and simply type

Get-Process myprocessname | Select -expand id
# use the id returned in the next command:
kill -id id

Kill process using graphical user interface

You’re probably familiar with Task Manager. Open it by right-clicking on the taskbar and click on “Task Manager”. If that fails, or if you need to run it as another user, you can browse to %windir%\system32\ and run the executable file, taskmgr.exe.

If you’re lucky you can just kill the process and get on with your life. But, if you want to figure out what’s wrong, then a great tip is to open the Resource Monitor and Filter by process. This will show you all disk I/O file handles related to your process so you might actually see what exactly is hanging.

Linux terminal command equivalents in Windows

LinuxWindowsDescription
sudo <cmd>runas /user:admin <cmd>
This will run the command with admin-privileges on Linux, while on Windows it’ll simply run as the user provided (so you need to run as a user who has local administrator rights)
cat src1.js src2.js > compiled.jstype src1.js src2.js > compiled.js
Combine two or more files into one
ifconfigipconfigShows network information
traceroutetracertTrace an address and show routes
uptimenet stats server or net stats workstationWindows don’t have a builtin command to show uptime in days, but this command will show you when the machine was last booted (do the math)
lsdirShow directory contents
freememShow available RAM

I started on this article a couple years ago but was quickly forgotten in the drafts bin. Now I actually don’t have any Windows computers available anymore and can’t be arsed to look up more commands so this’ll have to work for now.

Some simple commands such as cd, mkdir, rm, rmdir has been ignored for now as they’re equal in both operating systems.

Please post a comment below if you know of any useful commands available on both operating systems.

Runas Error 193: *.msc is not a valid Win32 application

If you’re trying to run compmgmt.msc (Computer Management) or any other MMC snap-in via the runas command, you might’ve seen Error 193: compmgmt.msc is not a valid Win32 application. This is simply due to some complications with the runas command. If you just type compmgmt.msc without runas, it’ll open successfully. The reason is some complications with the runas command.

Luckily there’s an easy solution. Since compmgmt.msc is not a regular win32 (or a typical exe) application, you have to prepend “mmc” in order to tell Microsoft that you’re trying to run a Microsoft Management Console snap-in.

runas /user:domain\username "mmc compmgmt.msc"

This is also the case for every other *.msc snap-in, such as lusrmgr.msc.

I’ve mentioned this briefly in an earlier post as well:

Extract OEM key from Windows 8/8.1/10

First of a quick clarification regarding Windows licenses.

  • An OEM Windows license are bundled with prebuilt computers from hardware manufacturers (like Dell and Asus). These keys are only valid for that specific computer. An OEM key can not be used on any other computers, even if you extract the license key.
  • A Retail Windows license works similarly that it will only work on 1 computer, but you can choose which computer to use it on and reassign it to another computer if you’d like to.

To sum it up; an OEM key belongs to the computer while a retail key belongs to you.

Now there are still valid reasons to extract the OEM license key and that’s what we’re going to do today. The OEM key for Windows 8, 8.1 and 10 are now stored in the BIOS/UEFI (using ACPI) and no longer written on physical stickers like it used to.

 

Easiest method is to use the builtin wmic interface by running this command in command prompt:

wmic path softwarelicensingservice get OA3xOriginalProductKey

Alternatively you can start PowerShell and type get-wmiobject and enter SoftwareLicensingService when it prompts for what Class to use.

get_win8key from Christian Korneck

https://github.com/christian-korneck/get_win8key

This application reads the license key directly from the firmware/ACPI. It’s built in Python but has a binary .exe file ready to use on the github repo.

 

ProduKey from Nirsoft

http://www.nirsoft.net/utils/product_cd_key_viewer.html

Nir Sofer gets the job done as usual. This will also list other used license keys, not just the operating system. See example screenshot below, but note that my hardware has been modified and therefore has no OEM key.

 

RW Everything

https://rweverything.com

This is a very powerful tool which you should use with great caution. This application talks directly with your firmware and since it also can WRITE data in addition to READ, you must be very careful so you don’t break anything. If the other steps above did not work, you can give RWEverything a try. See further instructions from this Stackexchange thread: https://superuser.com/a/593795/312773

Turn off CTRL + ALT + DEL at login prompt Windows 10

If your computer still requires you to press CTRL ALT DEL upon login, this simple guide will teach you how to disable it. Note that this will require administrator access and it might not work on Windows Home editions as it requires to modify local group policies.

  • Open gpedit.msc
  • Browse to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options
  • Locate the policy called “Interactive logon: Do not require CTRL+ALT+DEL
  • Doubleclick the policy and set it to Enabled
  • Exit

Starting from your next restart, you should no longer be required to press CTRL+ALT+DEL at the Windows login prompt.

If you’re running on older Windows version the policy might be called “Disable CTRL+ALT+DEL requirement for logon

 

 

 

Create a cmd alias/shortcut for issuing commands on remote computer

Before we begin, you must:

1) Open your text editor of choice and paste the following code:

C:\path\to\PSTools\PsExec.exe \\%1 cmd /c %2

Correct the path for PsExec.exe. Save it as rce.bat in the %windir%\system32 folder. If not permitted, save it elsewhere and copy it into the system32 folder manually (will probably show UAC prompt).

Fun fact: RCE is short for Remote Code Execution, typically the holy grail of vulnerability exploits

2) Actually there’s no more steps, you’re done.

Lets try it out. Open cmd.exe and run the following command:

rce computername ipconfig

Note that if the command uses several separated words, you must enclose it with ” ”

rce computername "net stats workstation"

 

You might also be interested in this other article showing you how to make a sudo-like command for opening an elevated command prompt:

Create a su command for Windows Command Prompt

How to see server uptime on Windows and Linux

See uptime and average load information on Linux machines

Run command:uptime

Output:

kek@donald:~$ uptime
 08:17:33 up 293 days, 14:21, 1 user, load average: 0.00, 0.00, 0.00

 

Show uptime on Windows machines using net stats

AFAIK there is no command in Windows to quickly see the uptime. However, there are several commands to get the last boot time, although you’ll have to do a quick calculation if you need the uptime in days. The easiest/fastest method is to use net stats.

Run command: net stats srv

Output:

C:\Users\kek>net stats srv
Server Statistics for \\hostname

Statistics since 09.11.2017 00.02.28 # last boot/uptime

Sessions accepted 1
Sessions timed-out 0
Sessions errored-out 0

Kilobytes sent 1649
Kilobytes received 1181193

Mean response time (msec) 0

System errors 0
Permission violations 0
Password violations 0

Files accessed 329
Communication devices accessed 0
Print jobs spooled 0

Times buffers exhausted

Big buffers 0
 Request buffers 0

The command completed successfully.

 

 

How to install .NET Framework 3.5 on Windows 10

If you’re trying to install .NET Framework 3.5 using the regular installer, it’ll most likely say you already have a newer version installed. Luckily you can still install it using some other methods which I’ll quickly go through today along with its probability of success (because for reasons they only work sometimes).

 

Using Windows Features – probably won’t work

  • Open appwiz.cpl (Programs and Features) and click on Turn Windows features on or off [1]
  • Mark the checkbox for .NET Framework 3.5 (includes .NET 2.0 and 3.0)
  • Press OK

 

Using DISM online version – might work

  • Open command prompt as administrator
  • Enter command: DISM.EXE /Online /Add-Capability /CapabilityName:NetFx3~~~~
  • If it works you’ll see a progress bar for the download + installation.

 

Using DISM offline version – works most of the time

  • Get a copy of the .NET Framework 3.5 installation .cab file.
    You can find this inside the Windows 10 install .iso file (open the .iso file in 7-Zip or any other package utility and copy the microsoft-windows-netfx3-ondemand-package.cab file from \sources\sxs\ directory to a place on your drive, like C:\Temp
  • Enter command: DISM.EXE /Online /Add-Package /PackagePath:C:\Temp\microsoft-windows-netfx3-ondemand-package.cab
  • If it works you’ll see a progress bar for the installation.

 

[1]:

How to backup Internet Explorer passwords for Windows 7

There are many ways to manage your Internet Explorer passwords. The tricks below should also work for newer Windows versions as well.

 

1) Use registry to export the entries

Open regedit and browse to Computer\HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\SPW. You will see a list of encrypted password entries in the right column. Click on File -> Export to save the contents to a .reg file. Proceed to import this on your new PC.

 

2) Use the Windows Credentials Manager

Open Control Panel and go to User Accounts -> Credential Manager.

Your IE saved passwords will be available in the Web Credentials tab.

 

3) Export/import with credwiz.exe utility

Open the Run prompt by pressing [WIN]+[R] buttons, type credwiz.exe and press the ENTER key.

Follow the instructions in the wizard.

Screenshot of Credentials backup/recover wizard

 

4) Use NirSoft’ IEPassView

Download IEPassView from http://www.nirsoft.net/utils/internet_explorer_password.html and follow the instructions. This will also decrypt and show you the passwords in clear text.

Screenshot of IEPassView

IEPassView can also decrypt the passwords from an externally mounted harddrive.

 

Please also consider migrating to a dedicated password manager like KeePassXC

Copy old StickyNotes to new Windows 10 format

Copy the old StickyNotes from %appdata%\Microsoft\Sticky Notes\StickyNotes.snt

 

Rename StickyNotes.snt to TresholdNotes.snt

 

Make sure the Sticky Notes app is not open on the new computer

 

Create a new folder called Legacy in %localappdata%\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState

 

Put the TresholdNotes.snt file in %localappdata%\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\Legacy

 

Open Sticky Notes and let the magic unfold (it will import the TresholdNotes.snt file into its new sqlite form)