Process Monitor : TrustedInstaller HIGh CPU

October 23, 2014, 9:58 am

≫ Next: Troubleshooting : Troubleshooting IE 9 mini dmp

≪ Previous: Troubleshooting : Troubleshooting IE 9 mini dmp

Author: MagicAndre1981
Subject: TrustedInstaller HIGh CPU
Posted: 23 October 2014 at 4:58pm

provide a xperf trace of the issue:

http://forum.sysinternals.com/need-help-with-ntoskrnl-thread-causing-high-cpu_topic29289_page1.html

↧

Troubleshooting : Troubleshooting IE 9 mini dmp

October 23, 2014, 9:59 am

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Process Monitor : TrustedInstaller HIGh CPU

Author: MagicAndre1981
Subject: Troubleshooting IE 9 mini dmp
Posted: 23 October 2014 at 4:59pm

upload the dumps and send me the link via PM. I'll try to debug them.

↧

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

October 23, 2014, 12:42 pm

≫ Next: Process Monitor : Not able to create crash dump file using procdump

≪ Previous: Troubleshooting : Troubleshooting IE 9 mini dmp

Author: Girmi007
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 23 October 2014 at 7:42pm

Thanks you very much. I see that I just had to adjust which columns to display, I'll remember it for next time :)

↧

Process Monitor : Not able to create crash dump file using procdump

October 23, 2014, 1:15 pm

≫ Next: Autoruns : half Autorun-entries are File not found

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

Author: RobinHSanner
Subject: Not able to create crash dump file using procdump
Posted: 23 October 2014 at 8:15pm

I found my answer here http://stackoverflow.com/questions/25149147/procdump-not-dumping-on-unhanded-exception

For managed apps include -g at the beginning of the command

↧

Autoruns : half Autorun-entries are File not found

October 24, 2014, 12:15 am

≫ Next: Process Monitor : NO MEMORY error

≪ Previous: Process Monitor : Not able to create crash dump file using procdump

Author: GrofLuigi
Subject: half Autorun-entries are File not found
Posted: 24 October 2014 at 7:15am

PATH environment variable broken?

↧

Process Monitor : NO MEMORY error

October 24, 2014, 3:31 am

≫ Next: Process Monitor : Dependency Walker and Filemon

≪ Previous: Autoruns : half Autorun-entries are File not found

Author: francesco336
Subject: NO MEMORY error
Posted: 24 October 2014 at 10:31am

Hi Everybody,

when tracing installer activity via Process Monitor, I've experienced NO MEMORY error.

What is the exact meaning of this error.

Thanks in advance.

Francesco

↧

Process Monitor : Dependency Walker and Filemon

October 24, 2014, 4:32 am

≫ Next: Utilities Suggestions : locked files

≪ Previous: Process Monitor : NO MEMORY error

Author: nsikri
Subject: Dependency Walker and Filemon
Posted: 24 October 2014 at 11:32am

Hi,

When I am trying to monitor my application through filemon or either invoke it through dependency walker it is working fine but when I run it on its own I am getting the error message Object property not supported.

Any help?

Thanks

↧

Utilities Suggestions : locked files

October 24, 2014, 5:48 am

≫ Next: Internals : advanced viewing for tables?

≪ Previous: Process Monitor : Dependency Walker and Filemon

Author: mikeJB
Subject: locked files
Posted: 24 October 2014 at 12:48pm

it's no CLI, but it works great! try UNLOCKER. been around for years and i love it!

↧

Internals : advanced viewing for tables?

October 24, 2014, 5:54 am

≫ Next: Utilities Suggestions : locked files

≪ Previous: Utilities Suggestions : locked files

Author: mikeJB
Subject: advanced viewing for tables?
Posted: 24 October 2014 at 12:54pm

any tools out there that can dump the following tables?

IDT

GDT

LDT

thank you

↧

Utilities Suggestions : locked files

October 24, 2014, 6:33 am

≫ Next: Process Monitor : NO MEMORY error

≪ Previous: Internals : advanced viewing for tables?

Author: El Senku
Subject: locked files
Posted: 24 October 2014 at 1:33pm

A gui ist not possible. But I solved this issue with remote powershell.

↧

Process Monitor : NO MEMORY error

October 24, 2014, 9:37 am

≫ Next: Process Explorer : ** Process Explorer Bugs **

≪ Previous: Utilities Suggestions : locked files

Author: MagicAndre1981
Subject: NO MEMORY error
Posted: 24 October 2014 at 4:37pm

Increase the pagefile size or set the option that the data are stored into a PML file.

↧

Process Explorer : Process Explorer Bugs

October 24, 2014, 11:15 am

≫ Next: Troubleshooting : Poor RAM Usage by Desktop Background Slideshow

≪ Previous: Process Monitor : NO MEMORY error

Author: ffracaroli
Subject: ** Process Explorer Bugs **
Posted: 24 October 2014 at 6:15pm

MagicAndre1981 wrote:

what fails in detail? Did you get an error message? If yes, which error?

OK, you can read it in my first thread/post. But in the case you can't read int in Portuguese, I will try to translate it.

(C:\Windows\system32\credui.dll was not made to be "executed/ran" on Windows or there is an error. Try to install the software again using a original installation media/source or contact an system administrator in order to get support)

That is what i have when I double click the shortcut/icon of the process explorer in my desktop.
I have noticed that the Google chrome does not work either, and it gives me the same error about the credui.dll
Thanks for your effort.
Regards Fabrizio

↧

Troubleshooting : Poor RAM Usage by Desktop Background Slideshow

October 24, 2014, 4:47 pm

≫ Next: Troubleshooting : Poor RAM Usage by Desktop Background Slideshow

≪ Previous: Process Explorer : ** Process Explorer Bugs **

Author: cam
Subject: Poor RAM Usage by Desktop Background Slideshow
Posted: 24 October 2014 at 11:47pm

MSpontak,

> I restarted aging with my Normal Boot and DRIVER LOCKED memory stayed at 42MB.
> Over two days of up time and no sign of that 1GB Driver Locked Memory. Current driver locked memory is still at 42MB. I'm waiting to see if it creeps up again. Clock ticking.

It's not really clear what you did to get the Locked Memory to stay down. Do you remember what you did?

Cam

↧

Troubleshooting : Poor RAM Usage by Desktop Background Slideshow

October 24, 2014, 10:55 pm

≫ Next: Process Explorer : ** Process Explorer Bugs **

≪ Previous: Troubleshooting : Poor RAM Usage by Desktop Background Slideshow

Author: MSpontak
Subject: Poor RAM Usage by Desktop Background Slideshow
Posted: 25 October 2014 at 5:55am

Cam,

Sorry, I didn't ever clarify what I did. The issue was with Hyper-V, as suggested in an earlier comment. I had decided to uninstall Hyper-V and that solved that particular issue.

Thanks,

Mike

↧

Process Explorer : Process Explorer Bugs

October 25, 2014, 12:24 am

≫ Next: Development : Dll injection in kernel-driver

≪ Previous: Troubleshooting : Poor RAM Usage by Desktop Background Slideshow

Author: MagicAndre1981
Subject: ** Process Explorer Bugs **
Posted: 25 October 2014 at 7:24am

I talked about what fails when you run sfc /scannow.

↧

Development : Dll injection in kernel-driver

October 25, 2014, 12:30 am

≫ Next: BgInfo : How do I display the path of VMware VM?

≪ Previous: Process Explorer : ** Process Explorer Bugs **

Author: KMx90
Subject: Dll injection in kernel-driver
Posted: 25 October 2014 at 7:30am

Hello

I need some help to inject a dll in process(x86/64) at kernel drivers.

i find some example but cant use them and i got a lote of errors

please help me.

excuse me for my poor english.

↧

BgInfo : How do I display the path of VMware VM?

October 25, 2014, 1:00 pm

≫ Next: Process Explorer : 2 questions for you all

≪ Previous: Development : Dll injection in kernel-driver

Author: twalp
Subject: How do I display the path of VMware VM?
Posted: 25 October 2014 at 8:00pm

I would like to use BGInfo to display the path of the Windows VM that is currently running in VMware Workstation 10 or Player. My VM's are located on several drives and PCs, so when one is open in a window on my PC and I glance at its Desktop I'd like to be reminded of its physical location, i.e., the path to the VM's virtual disk. After much searching I couldn't find any tutorials showing a WMI, environment variable or other source for a Custom setting.

Thank you.

↧

Process Explorer : 2 questions for you all

October 25, 2014, 1:44 pm

≫ Next: Utilities Suggestions : sysmon suggestion

≪ Previous: BgInfo : How do I display the path of VMware VM?

Author: mikeJB
Subject: 2 questions for you all
Posted: 25 October 2014 at 8:44pm

the first one i might already know the answer to. in PE when i go to a HANDLES view, when viewing them for my antivirus, i notice many threads with ACCESS DENIED. i am assuming this is normal since malware could attempt to defeat it or try and inject into process/etc, so is this normal behavior?

last question is related to a setting. is it possible to save a certain view when in tree mode? an example would be where i am trying to just keep certain parts of the tree viewable but close other parts. like i would like to keep all the child CHROME processes collapsed and keep other things expanded then save that view. is this even possible? every time i go to open PE i see the same FULL tree view

thank you | mike

↧

Utilities Suggestions : sysmon suggestion

October 25, 2014, 4:29 pm

≫ Next: Troubleshooting : Win 2003 RAID 1 mirror - safely break mirror

≪ Previous: Process Explorer : 2 questions for you all

Author: Barry
Subject: sysmon suggestion
Posted: 25 October 2014 at 11:29pm

It would be nice to see the DestinationHostName in the event log be the name from the client's DNS cache if it exists.

Thanks for the great tool.

↧

Troubleshooting : Win 2003 RAID 1 mirror - safely break mirror

October 26, 2014, 6:45 am

≫ Next: Process Explorer : VirusTotal, "a security error occurred"

≪ Previous: Utilities Suggestions : sysmon suggestion

Author: mchopra
Subject: Win 2003 RAID 1 mirror - safely break mirror
Posted: 26 October 2014 at 1:45pm

I have a software RAID 1 mirror i windows 2003 sp2 which has fully synced & healthy.
I need to break the mirror. Is doing this live with users accessing the data safe and can be done?
Or should I kill all open files from the drive first before issuing the break mirror command?

↧

Latest Images