Sometimes it may seem like there are so many processes running on your computer that you are not sure which ones are okay and which might be suspicious or malicious.
A good first step is to create a list of running processes in a text file so you can analyze which processes are running. Usually people use Task Manager to view all processes, but it doesn’t let you print the list of processes.
Fortunately, saving a list of running processes to a text file in Windows is very easy. You will be able to save both the process ID (PID) and the amount of memory that each process is using.
Note : The following steps to save processes to file work for all versions of Windows, including Windows XP, Windows 7, Windows 8, and Windows 10.
Outputs from the Task List command
The easiest way to get a quick list of the processes running on your Windows system is to use the tasklist command. To execute the command correctly, you need to run it from the command line as administrator.
To do this, select the “Start” menu and type “command”, then hover your mouse over the command line so that it is highlighted, and then select “Run as administrator” on the right.
– /
Note. You may need to select Yes in the pop-up window to confirm running the command prompt as administrator.
When Command Prompt opens, enter a list of tasks and press Enter to see a list of processes running on your system.
This is useful, but does not provide you with a list of running processes in a text file. To save the processes to a file, repeat the above process, but this time enter the command:
task list> c: process_list.txt
This will output a text file named process_list.txt to your C: drive. You can replace C: with any other path where you want to place the file if you like.
To view the file, simply open Windows Explorer and navigate to the folder where you saved the process list file.
To view this list of processes in Notepad, right-click the file, select Open With, and select Notepad.
This is the fastest and easiest way to see running processes in Windows through a text file. It will show you PID, session name, session number and memory usage
Saving Operations to a File with Powershell
Another tool you have for saving a list of running processes to a text file on Windows is Powershell
Powershell includes a command called “get-process” which provides a list of all active processes running on your local machine. To see this in action, start Powershell by choosing the Start menu and typing Powershell
When a blue Powershell window opens, type get-process and press Enter. A list of all active processes on your Windows system will open.
This gives a little more information about the processes than the task list. However, you need to know what the headers mean.
- Descriptors: The number of descriptors opened by the process.
- NPM (K): Non-paged memory that the process is executing. using (in kilobytes)
- PM (K): page memory that the process is using (in kilobytes)
- WS (K): pages in memory recently used by the process (in kilobytes) )
- VM (M): virtual memory used by the process (in megabytes)
- CPU (s): processor time used by the process on all processors (in seconds)
- ID: process ID
- ProcessName: process name
This is great, but all this information is displayed on the screen, not in the file. To output this information to a file, you need to add the Out-File parameter to the Get-Process command.
Back at the Powershell screen, enter Get-Process | Out-File -FilePath. Process_list.txt and press Enter.
Parameter. Process_list.txt puts the file in the path where you run the command, so write down that path so you know where to find the process list file. After you run the command, use the same process as above to open the process list file in Notepad.
You will notice that the data in the file looks identical to the Get-Process output in the previous Powershell window.
Save file operations using WMIC
The last Windows tool at your disposal is the Windows Command Line Utility (WMIC).
WMIC commands can only be used if you are running Command Prompt as a local administrator. To do this, follow the steps in the first section of this article to run Windows Command Prompt as administrator.
WMIC gives you more information about active processes than any other command or tool in Windows. If you simply run the WMIC Process command on the command line, you will see up to 44 process parameters returned for each active process.
The problem with running the command on the command line is that the space-delimited output looks messy and disorganized.
The WMIC command is a great example of when an output file can be useful. You can list WMIC processes to a file with the command: wmic /OUTPUT:C:ProcessList.txt PROCESS get / all.
This will output the entire list to a text file on the C: drive named ProcessList.txt. Instead of opening this file in Notepad, you will want to open it with Excel, as Excel can format the tab delimited file correctly.
- Open Excel
- Select Open to open a new file
- Select Browse and navigate to the ProcessList.txt file.
- Select the file and click Open (if you don’t see the file, change the file type to All Files)
- In the text import window, select delimited, select My Data With headings “and click Next to continue.
- On the next screen of the wizard, select the Space check box under the Separators section and select the Treat Consecutive Separators As One check box. Click Next to continue.
- Click Finish to complete the wizard.
Now you will see everything you need to know about every active process on your Windows system.
Each column heading describes what the data item is. You’ll find things like executable path, handle, installation date, page faults, page file usage, process ID, and more.
Now that you know several ways to save the list of running processes to a text file in Windows, all you have to do is choose the one that works for you!
Do you know of any other ways to save processes to a file? Share your thoughts in the comment section below.
–