5 Quick Ways to Use PsList for Windows Process Monitoring

PsList: A Beginner’s Guide to Inspecting System Processes

PsList is a command-line tool from the Sysinternals PsTools suite that lists processes on local or remote Windows systems and shows CPU, memory, and thread statistics.

List all processes:
```
Code
pslist 
```
Show memory details:
```
Code
pslist -m 
```
Show threads for each process:
```
Code
pslist -d 
```
Show everything (CPU, memory, threads):
```
Code
pslist -x 
```
Show process tree:
```
Code
pslist -t 
```
Monitor remote machine (prompt for password if -p omitted):
```
Code
pslist \REMOTEPC -u DOMAIN\User 
```
Live, updating view every 2 seconds:
```
Code
pslist -s -r 2 
```
Show stats for a specific PID:
```
Code
pslist 1234 
```

Match exact process name:

Code
pslist -e notepad.exe

PID — Process ID
Pri — Priority class
Thd — Thread count
Hnd — Handle count (high values may indicate leaks)
VM / WS / Priv — Virtual memory, working set, private virtual memory (Priv growth suggests memory leaks)
CPU time / % — CPU usage and accumulated CPU time
Faults / Cswtch — Page faults and context switches (high values can indicate contention)

Use -s to observe CPU spikes over time and identify offending processes.
Use -m or monitor Priv to detect memory leaks (steadily increasing private memory).
Use -d to inspect problematic threads (look for high CPU per-thread or frequent context switches).
Combine with PsKill or other PsTools for remote troubleshooting and remediation.
PsList relies on Windows performance counters (no agent required), but it cannot show process owner or loaded DLLs (unlike WMI-based tools).

Included in the Sysinternals PsTools package on Microsoft Docs: https://docs.microsoft.com/sysinternals/downloads/pstools

If you want, I can produce a one-page quick-reference cheat sheet of PsList switches and common use cases.