Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

PsTools : Sigcheck reports wrong file version

March 15, 2013, 2:15 am
$
0
0
Author: Dax1792
Subject: Sigcheck reports wrong file version
Posted: 15 March 2013 at 9:15am

Just some theories:
 
The version information is stored in binary and string form. Sigcheck uses the strings.
 
The API has functions which can specify whether the version information is taken from the mui file or the executable.
The hotfixes seem to update ntfs.sys but not ntfs.sys.mui .
 
This seems to happen with catalog signed files.
 
Whichever way Mark is using to get the version information, it looks like Powershell uses the same.
Search

Miscellaneous Utilities : regdelnull doesnt seem to work (red tutorial!)

March 15, 2013, 6:02 am
$
0
0
Author: EWhite
Subject: regdelnull doesnt seem to work (red tutorial!)
Posted: 15 March 2013 at 1:02pm

I have the exact same problem, with the exact same Registry Entry. It happend after I reinstalled Arma 2 DayZ Mod.

BgInfo : BGInfo Bugs or Feature Request

March 15, 2013, 6:18 am
$
0
0
Author: roukr
Subject: BGInfo Bugs or Feature Request
Posted: 15 March 2013 at 1:18pm

Better Multi Display support
- BgInfo will reflect on number of connected displays (some users have 2 screens and sometimes are changing number of screens)

Process Explorer : Only 2GB 'Dedicated GPU Memory' on Quadro 6000

March 15, 2013, 7:49 am

Process Explorer : Only 2GB 'Dedicated GPU Memory' on Quadro 6000

March 15, 2013, 12:29 pm
$
0
0
Author: MagicAndre1981
Subject: Only 2GB 'Dedicated GPU Memory' on Quadro 6000
Posted: 15 March 2013 at 7:29pm

ok, so ProcExp still uses the wrong value. I wrote a mail to Mark about this issue.

PsTools : Sigcheck reports wrong file version

March 15, 2013, 1:16 pm
$
0
0
Author: rmetzger
Subject: Sigcheck reports wrong file version
Posted: 15 March 2013 at 8:16pm

Interesting behavior:

Run SigCheck on ntfs.sys in %SystemRoot%\System32\Drivers and it gets the .mui file.

Copy the ntfs.sys file to some other location, and SigCheck runs against the .sys file.

Possible problems:
  OS locked file;
  OS SysNative like redirection.

Ron Metzger


Edited by rmetzger - 2 minutes ago at 8:18pm

PsTools : Sigcheck reports wrong file version

March 15, 2013, 1:39 pm
$
0
0
Author: smaug9
Subject: Sigcheck reports wrong file version
Posted: 15 March 2013 at 8:39pm

Thanks for the responses, everyone. I confirmed that copying the file to a different location and running sigcheck on it provided the correct version as rtclick>properties. This also hints at why the filever.exe doesn't work correctly on this file.


Development : Discussion: HOWTO: Enumerate handles

March 15, 2013, 5:59 pm
$
0
0
Author: Rwkeith
Subject: Discussion: HOWTO: Enumerate handles
Posted: 16 March 2013 at 12:59am

Hey, I'm using the source posted by wj32, and the problem is that I am unable to retrieve a full name for this handle.  Looking in Process Explorer, the handle is named, "HKU\__MAT! SANDBOX\HandleEnumerat_{3a303314-8dad-11e2-8254-001e37bcf047}\Registry\Machine".  In my compiled program, I get,  "\Registry\Machine".  Now, everything else shows perfectly fine.  Just this one key is not showing fully.  I'm running on Win7 32bit.
Search

Process Explorer : 15.3 uses white background in some columns

March 16, 2013, 2:55 am
$
0
0
Author: Carnifex
Subject: 15.3 uses white background in some columns
Posted: 16 March 2013 at 9:55am

+1 to be able to disable it.
 
fist: I have 8 cores, so if some process runs to the top, the color in this column is barely noticeable.
 
second: the awful white color in dark schema windows... priceless :D
 
I'm very glad Mark make program like this, cause I use it for a long time now. But I cannot understand why he change proven functionality?
Eg. white tray icon... in dark schema it is more difficult to notice the green picks from CPU - all seems to look like one big white square. I had to stop use this square.
 
And now this.
It is good thing to add some features, but do it configurable - because sometimes it make the program unusable.


Edited by Carnifex - 16 hours 3 minutes ago at 9:57am

Troubleshooting : ndis.sys- High DPC latenecy / High DPC CPU usage

March 16, 2013, 8:38 am
$
0
0
Author: kdk_warhead
Subject: ndis.sys- High DPC latenecy / High DPC CPU usage
Posted: 16 March 2013 at 3:38pm

Thanks luciddream!
I know this is a old thread but turning of everything under Power Management for my network cards (Marvell Yukon 88E88056) did the trick for me also.

My somewhat outdated computer is overclocked to 3.2 GHz (original 2.4) and it was working at about 25% load as a minimum if Intel Speed step was enabled. If Speed step was disabled then everything was ok.

Now I can have speed step enabled  Smile

Thank you!
 
 
Thank you!

Miscellaneous Utilities : Nonpaged pool in RAMMap and in PE are different

March 16, 2013, 9:14 am
$
0
0
Author: loverboy
Subject: Nonpaged pool in RAMMap and in PE are different
Posted: 16 March 2013 at 4:14pm

As you can see in the picture the Nonpaged Pool indications are different in RAMMap and in Process Explorer
 
RamMap --> 727.180 KB
Process Explorer --> 81.276 KB
What is the explanation?
I am using the latest version of both programs
    

Edited by loverboy - 7 hours 32 minutes ago at 6:28pm

Miscellaneous Utilities : Nonpaged pool in RAMMap and in PE are different

March 16, 2013, 10:10 am
$
0
0
Author: MagicAndre1981
Subject: Nonpaged pool in RAMMap and in PE are different
Posted: 16 March 2013 at 5:10pm

What is taskmanager showing you? Have you tried Processhacker from wj32?

http://processhacker.sourceforge.net/

Miscellaneous Utilities : Nonpaged pool in RAMMap and in PE are different

March 16, 2013, 10:38 am
$
0
0
Author: loverboy
Subject: Nonpaged pool in RAMMap and in PE are different
Posted: 16 March 2013 at 5:38pm

I cannot find Task Manager "total indication" about Nonpaged Pool.
 
Process Hacker shows different results too

 
    
RAMMap --> 726.836 KB
 
Process Hacker --> 78.71 MB
 
I forgot to tell that I have Windows 7 64bit Home Premium (with 16 GB RAM)
 
To sum it up, Process Explorer and Process Hacker give similar results.
 


Edited by loverboy - 7 hours 20 minutes ago at 6:40pm

Troubleshooting : SOLVED: Driver Install Error - "Class installer"

March 16, 2013, 1:33 pm
$
0
0
Author: carrinlb
Subject: SOLVED: Driver Install Error - "Class installer"
Posted: 16 March 2013 at 8:33pm

Big smile  I cannot believe that I FINALLY found the solution to my network woes of the past week!!! 18 hours of searching and about to give up and reload my OS Windows Server 2008 R2 and here it was!! Thank you so much!! If you're still looking for compensation, let me know as I'll gladly send funds!! You SAVED me hours of reload time!!!! My whole office THANKS YOU!!!!!!!!!!!!

I contacted Dell, Broadcom, Logmein (Hamachi), tried reloading drivers from all of these sites and nothing until this post solved my dilemma!!

Miscellaneous Utilities : Nonpaged pool in RAMMap and in PE are different

March 16, 2013, 2:27 pm
$
0
0
Author: loverboy
Subject: Nonpaged pool in RAMMap and in PE are different
Posted: 16 March 2013 at 9:27pm

Just made a
livekd -m -o d:\kernel.dmp
 
This is (part of)  what I see in windbg64
 
0: kd> !vm
*** Virtual Memory Usage ***
 Physical Memory:     4187937 (  16751748 Kb)
 Page File: \??\C:\pagefile.sys
   Current:  16751748 Kb  Free Space:  16671896 Kb
   Minimum:  16751748 Kb  Maximum:     50255244 Kb
Unimplemented error for MiSystemVaTypeCount
 Available Pages:     2981559 (  11926236 Kb)
 ResAvail Pages:      3469232 (  13876928 Kb)
 Locked IO Pages:           0 (         0 Kb)
 Free System PTEs:   33559100 ( 134236400 Kb)
 Modified Pages:       482366 (   1929464 Kb)
 Modified PF Pages:    481582 (   1926328 Kb)
 NonPagedPool Usage: 52561155 ( 210244620 Kb)
 NonPagedPoolNx Usage: 486639 (   1946556 Kb)
 NonPagedPool Max:    3123220 (  12492880 Kb)
 ********** Excessive NonPaged Pool Usage *****
 PagedPool 0 Usage:    152158 (    608632 Kb)
 PagedPool 1 Usage:     10768 (     43072 Kb)
 PagedPool 2 Usage:      4100 (     16400 Kb)
 PagedPool 3 Usage:      4097 (     16388 Kb)
 PagedPool 4 Usage:      4083 (     16332 Kb)
 PagedPool Usage:      175206 (    700824 Kb)
 PagedPool Maximum:  33554432 ( 134217728 Kb)
 Session Commit:        11907 (     47628 Kb)
 Shared Commit:        225391 (    901564 Kb)
 Special Pool:              0 (         0 Kb)
 Shared Process:         7973 (     31892 Kb)
 PagedPool Commit:     175268 (    701072 Kb)
 Driver Commit:          7849 (     31396 Kb)
 Committed pages:     1512068 (   6048272 Kb)
 Commit limit:        8375410 (  33501640 Kb)
<SNIP>
 
0: kd> !poolused 2
   Sorting by  NonPaged Pool Consumed
  Pool Used:
            NonPaged            Paged
 Tag    Allocs     Used    Allocs     Used
 MirD        2 1904836608         0        0 UNKNOWN pooltag 'MirD', please update pooltag.txt
 File    25765  8565392         0        0 File objects
 Ntfx    22153  7202672         0        0 General Allocation , Binary: ntfs.sys
 NVRM    18274  6073440         0        0 UNKNOWN pooltag 'NVRM', please update pooltag.txt
 MmCa    21363  5426016         0        0 Mm control areas for mapped files , Binary: nt!mm
 73..      717  5072144         0        0 UNKNOWN pooltag '  73', please update pooltag.txt
 FMsl    22092  4241664         0        0 STREAM_LIST_CTRL structure , Binary: fltmgr.sys
<SNIP>
RngS        0        0         1      128 UNKNOWN pooltag 'RngS', please update pooltag.txt
 CM27        0        0        11    21808 Internal Configuration manager allocations , Binary: nt!cm
 CM17        0        0        10   163840 Internal Configuration manager allocations , Binary: nt!cm
 SePa        0        0         1       32 Process audit image names and captured polity structures , Binary: nt!se
 TOTAL      210020 1989587984    322859 701114128
If I search for MirD in folder C:\Windows\System32\drivers I find it into
gm.dls
 
There is also a readme file that says
 
-------------------------------------------------------------------------
GMREADME.TXT
Copyright (c) 1998-2000 Microsoft Corporation.  All Rights Reserved.
------------
The GM.DLS file contains the Roland SoundCanvas Sound Set which is
protected under the following copyright:
Roland GS Sound Set/Microsoft (P) 1996 Roland Corporation U.S. 
The Roland SoundCanvas Sound Set is licensed under Microsoft's
End User License Agreement for use with Microsoft operating
system products only.  All other uses require a separate written
license from Roland.
-------------------------------------------------------------------------
 
So windbg gives another different result (210244620 Kb) with respect to what RAMMap and Process Explorer/Hacker give...
 
Any idea?
Search

Miscellaneous Utilities : Nonpaged pool in RAMMap and in PE are different

March 16, 2013, 11:48 pm
$
0
0
Author: MagicAndre1981
Subject: Nonpaged pool in RAMMap and in PE are different
Posted: 17 March 2013 at 6:48am

Which WinDbg version do you use? Version 6.12 has a bug reading the pool values. Use 6.11 or the Win8 RTM Build 6.2.9200.

Miscellaneous Utilities : Nonpaged pool in RAMMap and in PE are different

March 17, 2013, 1:55 am
$
0
0
Author: loverboy
Subject: Nonpaged pool in RAMMap and in PE are different
Posted: 17 March 2013 at 8:55am

I am using Windbg 6.12
Can you give me a link to the Win8 RTM Build 6.2.9200 DVD (ISO) windbg version (that I hope still works on Windows 7)?


Edited by loverboy - 12 hours 40 minutes ago at 12:20pm

Process Explorer : Ability to copy environment variable(s)

March 17, 2013, 6:45 am
$
0
0
Author: hijacker
Subject: Ability to copy environment variable(s)
Posted: 17 March 2013 at 1:45pm

Hello,

I have been trying to do the same thing (extracting the classpath of java processes).
It's too bad Process Explorer doesn't allow to do that. I found Process Hacker to be a good replacement for this, thanks wj32.

Also I would like to point out it seems to be a lost feature from 8.61 of PE.
What's new in Version 8.61:
[...]
  • Copy-to-clipboard from process environment variable and strings dialogs
  • Can select and copy text strings of process image properties page

I know this is an old topic, but it's still worth knowing.

Miscellaneous Utilities : Nonpaged pool in RAMMap and in PE are different

March 17, 2013, 7:12 am
$
0
0
Author: loverboy
Subject: Nonpaged pool in RAMMap and in PE are different
Posted: 17 March 2013 at 2:12pm

Ok, with windbg 6.11 this is the result
 
0: kd> !vm
*** Virtual Memory Usage ***
 Physical Memory:     4187937 (  16751748 Kb)
 Page File: \??\C:\pagefile.sys
   Current:  16751748 Kb  Free Space:  16671896 Kb
   Minimum:  16751748 Kb  Maximum:     50255244 Kb
unable to get nt!MmSystemLockPagesCount
 Available Pages:     2981559 (  11926236 Kb)
 ResAvail Pages:      3469232 (  13876928 Kb)
 Locked IO Pages:           0 (         0 Kb)
 Free System PTEs:   33503292 ( 134013168 Kb)
 Modified Pages:       482366 (   1929464 Kb)
 Modified PF Pages:    481582 (   1926328 Kb)
 NonPagedPool Usage:   486639 (   1946556 Kb)
 NonPagedPool Max:    3123220 (  12492880 Kb)
 PagedPool 0 Usage:    152158 (    608632 Kb)
 PagedPool 1 Usage:     10768 (     43072 Kb)
 PagedPool 2 Usage:      4100 (     16400 Kb)
 PagedPool 3 Usage:      4097 (     16388 Kb)
 PagedPool 4 Usage:      4083 (     16332 Kb)
 PagedPool Usage:      175206 (    700824 Kb)
 PagedPool Maximum:  33554432 ( 134217728 Kb)
 Session Commit:        11907 (     47628 Kb)
 Shared Commit:        225391 (    901564 Kb)
 Special Pool:              0 (         0 Kb)
 Shared Process:         7973 (     31892 Kb)
 PagedPool Commit:     175268 (    701072 Kb)
 Driver Commit:          7849 (     31396 Kb)
 Committed pages:     1512068 (   6048272 Kb)
 Commit limit:        8375410 (  33501640 Kb)
 
So 6.11 "NonPagedPool Usage" is the same as "NonPagedPool Usage Nx" given by version 6.12
 
Anyway I think this is Virtual memory (and not  the Physical Memory shown by RAMMap)
 
Let's go back to the original question: Why RAMMap and Process Explorer show different results?
 
*EDIT*
PS
Is there any Poolmon.exe available for Windows 7?


Edited by loverboy - 5 hours 38 minutes ago at 7:22pm

Autoruns : Increase font size

March 17, 2013, 11:20 am
$
0
0
Author: fasttoon
Subject: Increase font size
Posted: 17 March 2013 at 6:20pm

Is there any way to increase font size in the UI?

Thanks.
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>