How do I kill a specific thread in Windows?
9,829
Well, this vbs script does the thing for me.
Put a shortcut to it into autostart folder. Put in the same folder as this script utilities nopey and processhacker.
Set objShell = CreateObject("WScript.Shell")
Set objWshScriptExec = objShell.Exec("nopey.exe list threads Explorer.exe")
Set objStdOut = objWshScriptExec.StdOut
Do
strLine = objStdOut.ReadLine
pos=Instr(strLine, "00000000")
If pos<>0 And Op=0 Then Exit Do
Op=Instr(strline, "TID")
Loop
Tid=CLng("&H" & (Mid(strLine, 4,4)))
'WScript.Echo Tid
objShell.Run "ProcessHacker.exe -c -ctype thread -cobject " & Tid & " -caction terminate", 0
It also disables all Metro stuff until Explorer restarted.
P.S. Here is the zip archive with all necessary stuff. Just unpack it and run.
Related videos on Youtube
Author by
Anixx
Updated on September 18, 2022Comments
-
Anixx over 1 year
The process explorer.exe has a thread with "start address" starting with "windows.immersiveshell.serviceprovider.dll". It takes a lot of processing power. Additionally, after waking up from sleep it produces three windows of the class "MetroGhostWindow" which take place in the Alt+Tab dialog.
Killing the thread with Process Hacker works excellent and frees resources. But is there a command line tool to do the same?
-
Ramhound about 8 yearsYou could easily make a small application that could be called from a command line, just have it take an argument, and have it call the TerminateThread function.
-
Anixx about 8 years@Ramhound I do not know how to do it. Also it has to get as an argument the substring of the entry point name rather than TID. P.S. Why is the downvote? It is not a programming site, is it?
-
Ramhound about 8 yearsIf you want this capability, you will learn how to do it, the problem with the function I provided is it requires a handle to the thread. You are better off just ending the process the thread belongs to, much easier, then attempting to get the handle to a thread to an application that is already running. The last time I checked, voting is annymous, I am shocked they are giving the capability, to see the voting history on a question to new users.
-
Ramhound about 8 yearsWhat you want requires you writting a small command console application, or at the very least, a Powershell script.
-
Anixx about 8 years@Ramhound "You are better off just ending the process the thread belongs to" - impossible, it is Explorer.exe, as mentioned in the question. Upon restart of Explorer, the thread will be recreated. "What you want requires you writting a small command console application, or at the very least, a Powershell script." - I do not know PowerShell language. If anyone can provide a solution, it would be great. If a similar utility already exists, it would be also great.
-
Ramhound about 8 yearsYour request is out of scope for Superuser. We can help you acomplish your goal, we will not write the script or program for you, your request for us to write the script for you isn't reasonable. Handle v4.0 would appear to do what you want though.
-
AFH about 8 yearsSysinternals' pslist will show the threads in a program, but its list does not allow you easily to identify the problem thread. I would recommend suspending the thread, rather than killing it, though I have found no command-line tools for either. I would have suggested disabling it, but see this recommendation. You can try the effects of both using procexp: try this before you go further.
-
Anixx about 8 years@Ramhound I thought there is a command line utility for doing so, because Process Hacker can do in.
-
Ramhound about 8 yearsProcess Explroer can do it because somebody wrote it. What you want is possible, but it might not exist, so easier to just do it yourself. So you should start by researching how to do it, so you can write that program, and solve this problem for millions of people.
-
Anixx about 8 years@AFH As I said I did it already with Process Hacker (another name for Process Explorer). It works well.
-
Anixx about 8 years@Ramhound well I fount Process Hacker can kill a thread by the thread ID: wj32.org/processhacker/forums/viewtopic.php?t=75 The question is how to get it from the entry point name.
-
Ramhound about 8 years@Anixx - You should do research on how to find which entry points exist for that dll, based on that knowlege, you can try each one until you get the desired result.
-
Anixx about 8 years@Ramhound I know the start address substring, how to obtain TID using command line?
-
Ramhound about 8 yearsI provided you an excellent suggestion how to determine that.
-
Anixx about 8 years@Ramhound where? The TID will be different on each process restart.
-
magicandre1981 about 8 yearsbetter analyze what the thread does instead of killing it. share a WPR trace so that I can tell you what it does. Install the WPT (part of the Win10 SDK: dev.windows.com/en-us/downloads/windows-10-sdk which also works on 8.1), run WPRUI.exe, select "First Level", under Resource select CPU usage and click on start. Now capture 1 minute of the CPU usage. After 1 minute click on Save. Zip the large ETL file (+ NGENPDB folder) into 1 zip, upload the zip (OneDrive, dropbox, google drive) and post the share link here.
-
-
Anixx about 8 yearsI am asking for a command line tool that would terminate a thread by the "start address" substring to be run every time I start the computer. Without using GUI. Terminating the thread using GUI is possible with Process Hacker as I already mentioned in the question. This answer just repeats the information in my question.
-
Ramhound about 8 yearsExcept this answer can be used from within a script or a command line.
-
Anixx about 8 years@Ramhound it cannot. It requires starting Process Explorer in GUI to get a TID. Also it takes all info from my comment to the question, from the link I already provided: wj32.org/processhacker/forums/viewtopic.php?t=75
-
Bitten Fleax about 8 yearsAh I get you. I am pretty sure Powershell can get the TID's of a process. It is just filtering out by the process name. I will have a look and see.
-
Anixx about 8 years@Bitten Fleax but will it allow to get TID from start address?
-
magicandre1981 about 8 yearsagain, share a trace so that I can tell you what the thread does, instead of simply killing it.
-
AFH almost 8 yearsIf this script works for you, you are very lucky. There is no link between the thread you find and
windows.immersiveshell.serviceprovider.dll
: I wouldn't use it (especially not on start-up) unless I could establish this link, and I have yet to find a command-line tool which does this. With the ordering on myProcessHacker
listing, it finds a completely different thread. -
Anixx almost 8 years@AFH you are right, it is bad solution but I do not have a better one.