How to Get the PID of Every Running Service in Batch Script
In Windows, services run as background processes, but they aren't always easy to track. While the "Services" panel shows you if an app is running, it doesn't show you the Process ID (PID). Knowing the PID is crucial for advanced troubleshooting, performance monitoring, or forcefully terminating a service that has become unresponsive.
This guide will explain how to use the tasklist and sc queryex commands to identify the PID for every active service on your system.
Method 1: Using TASKLIST /SVC (The Easiest Way)
The tasklist command has a built-in switch /svc that displays exactly which services are running inside each svchost.exe or standalone process.
Basic Command
tasklist /svc
Output Example:
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
svchost.exe 852 BrokerInfrastructure, DcomLaunch, LSM,
PlugPlay, Power
Script: Extract PID for a Specific Service
If you want to find the PID for just one service (e.g., "Spooler") and store it in a variable, you can filter the tasklist output:
@echo off
setlocal
set "TargetSvc=Spooler"
set "pid="
:: Verify the service exists
sc query "%TargetSvc%" >nul 2>&1
if %errorlevel% neq 0 (
echo [ERROR] Service '%TargetSvc%' does not exist.
pause
exit /b 1
)
:: Use tasklist with a filter to find the PID for this specific service
for /f "tokens=2" %%a in ('tasklist /svc /fi "services eq %TargetSvc%" /nh 2^>nul ^| findstr /r "[0-9]"') do (
set "pid=%%a"
)
if defined pid (
echo [FOUND] Service '%TargetSvc%' is running with PID: %pid%
) else (
echo [INFO] Service '%TargetSvc%' is not currently running.
)
pause
endlocal
Method 2: Using SC QUERYEX (Detailed Service Query)
The sc query command is standard for services, but the queryex version provides "Extended" information, which includes the active Process ID.
Script: List All Running Services with PIDs
This script generates a clean list of every running service and its associated PID using the sc queryex tool.
@echo off
setlocal enabledelayedexpansion
echo.
echo Service Name PID
echo -------------------------------------------
set "Count=0"
:: Loop through all running services using Windows Management Interface (CIM API)
for /f "tokens=1,2 delims=:" %%A in ('powershell -NoProfile -Command "Get-CimInstance Win32_Service | Where-Object State -eq 'Running' | ForEach-Object { Write-Output ($_.Name + ':' + $_.ProcessId) }" 2^>nul') do (
set "svc=%%A"
set "pid=%%B"
if "!pid!" neq "0" if "!pid!" neq "" (
:: Ensure we pad the service name purely for aesthetic alignment
set "padSvc=!svc! "
set "padSvc=!padSvc:~0,32!"
echo !padSvc!!pid!
set /a Count+=1
)
)
echo.
echo Total: !Count! service(s^) with active PIDs.
pause
endlocal
A PID of 0 in the sc queryex output means the service is currently stopped or is a "kernel-mode" driver that doesn't have a standard user-mode process ID.
Practical Use Case: Terminating a Locked Service
Sometimes a service reaches a state where net stop no longer works. In this situation, the only way to recover is to find the PID and "kill" the process manually.
@echo off
setlocal enabledelayedexpansion
set "svc=MyStuckService"
:: Verify the service exists
sc query "%svc%" >nul 2>&1
if %errorlevel% neq 0 (
echo [ERROR] Service '%svc%' does not exist.
pause
exit /b 1
)
:: Attempt a graceful stop first
echo [ACTION] Attempting graceful stop of '%svc%'...
net stop "%svc%" >nul 2>&1
timeout /t 5 /nobreak >nul
:: Check if it stopped perfectly bypassing language translations
powershell -NoProfile -Command "if (Get-CimInstance Win32_Service -Filter \"Name='%svc%' -and State='Stopped'\") { exit 0 } else { exit 1 }" 2>nul
if %errorlevel% equ 0 (
echo [OK] Service stopped gracefully.
pause
exit /b 0
)
:: Extract the locking PID natively via the CIM interface
set "spid="
for /f "tokens=*" %%i in ('powershell -NoProfile -Command "(Get-CimInstance Win32_Service -Filter \"Name='%svc%'\").ProcessId" 2^>nul') do (
set "spid=%%i"
)
if "!spid!"=="0" (
echo [INFO] Service is not running (PID is 0).
) else (
echo [WARNING] Service did not stop gracefully.
echo [ACTION] Forcefully terminating PID !spid!...
taskkill /f /pid !spid!
if !errorlevel! equ 0 (
echo [SUCCESS] Process terminated.
) else (
echo [ERROR] Failed to terminate PID !spid!. May require SYSTEM privileges.
)
)
pause
endlocal
How to Avoid Common Errors
Wrong Way: Hardcoding PID values
PIDs are dynamic. Every time a service restarts, it is assigned a new, random number by Windows. Never write a script that assumes Spooler is always PID 1240.
Correct Way: Always query the live system using the techniques above before performing any action.
Problem: Shared Processes (Svchost)
Many Windows services share the same svchost.exe process. If you kill the PID for the "Themes" service, you might also accidentally kill the "IP Helper" service if they are grouped together.
Best Practice: Check tasklist /svc carefully. If multiple services share a PID, try to use net stop before using taskkill.
Best Practices and Rules
1. Unique Service Names
When using tasklist /fi "services eq ...", always use the internal Service Name (e.g., wuauserv) rather than the "Display Name."
2. Administrator Privileges
To see the PIDs of system-level services or services running as SYSTEM or NetworkService, you must run your Batch script as an Administrator. Standard users will see "Access Denied" or empty lists for most critical services.
3. State Filtering
If you only want PIDs of active services, always filter your WMI query using state='Running'. Querying all states indiscriminately will return massive amounts of "PID: 0" results for system services that are simply disabled or dormant.
Conclusions
Mapping service names to PIDs via Batch script is an essential skill for system debugging and advanced automation. By mastering the tasklist /svc and sc queryex commands, you can move beyond simple start/stop operations and gain the power to monitor and manage the underlying processes that keep the Windows operating system running.