Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Process Explorer : Procexp and Itanium

December 15, 2014, 9:42 am
Search

Process Explorer : Google Chrome window titles

December 15, 2014, 1:21 pm
$
0
0
Author: lseltzer
Subject: Google Chrome window titles
Posted: 15 December 2014 at 9:21pm

I usually have many Google Chrome tabs open and I just noticed that Process Explorer only shows the Window Title of the foreground tab. This forum limits image uploads to 10K (what is this, 1998?), so here's a link to a screen grab of it:

https://onedrive.live.com/redir?resid=7E79EFAC372DDCA!56767&authkey=!AGcXTL72_YBdfQ0&v=3&ithint=photo%2cjpg

The Window Title is probably the only field you could use to get an indication of which tab, i.e. which page, is which, so it's useful.

PsTools : PSEXEC Hangs when running WMI commands

December 15, 2014, 1:34 pm
$
0
0
Author: jamesavery
Subject: PSEXEC Hangs when running WMI commands
Posted: 15 December 2014 at 9:34pm

I'm running PSEXEC logging into a remote machine and running the firewall.cmd batch file. The log stops when the remote system is trying to run a wmic command on the first line.

  • I am running this from an Administrator Cmd Prompt.
  • When it hangs, I have to go to the remote computer and open Task Manager and kill PSEXEC.

I've tried this with a simple command running PSEXEC. This Hangs and the PSEXEC service is acting like it's waiting for something to complete the script.
psexec \\TEST123 -u TEST123\administrator -p PWD123 -accepteula -h cmd /c "wmic os get version"

But if I use ECHO it works as in this cmd line:
psexec \\TEST123 -u TEST123\administrator -p PWD123 -accepteula -h cmd /c "echo | wmic os get version"

The batch file I'm using works on Windows 7 and Windows 2008 R2. It's only with Server 2003 R2 am I having these issues.

-------------------------------------------------------------------------------------------------
Information of contents and versions
-------------------------------------------------------------------------------------------------
OS Version: Windows Server 2003 R2

PSEXEC version 2.11.0.0

Command running: psexec \\TEST123 -u TEST123\administrator -p PWD123 -accepteula -h cmd /c "c:\SccmTemp\firewall.cmd >c:\SccmTemp\TEST123_Firewall.log"

Firewall.cmd contents:
FOR /F "tokens=1 delims= " %%G IN ('wmic os get version ^|find " "') DO (set _version=%%G)
FOR /F "tokens=1 delims= " %%X in ('wmic cpu get addresswidth ^|find " "') DO (set _osarch=%%X)
For /f "tokens=1,2,3 delims=. " %%G in ('echo %_version%') Do (set _major=%%G& set _minor=%%H& set _build=%%I) 
Echo Major version: %_major%  Minor Version: %_minor%.%_build% OS Architecture: %_osarch%

Log output:
C:\WINDOWS\system32>set _major= 
C:\WINDOWS\system32>set _minor= 
C:\WINDOWS\system32>set _build= 
C:\WINDOWS\system32>set _osarch= 
C:\WINDOWS\system32>FOR /F "tokens=1 delims= " %G IN ('wmic os get version |find " "') DO (set _version=%G ) 
----- Hangs here-----
When it hangs, I have to go to the remote computer and open Task Manager and kill PSEXEC.


IDEAS?

PsTools : PSEXEC Hangs when running WMI commands

December 15, 2014, 2:26 pm
$
0
0
Author: jamesavery
Subject: PSEXEC Hangs when running WMI commands
Posted: 15 December 2014 at 10:26pm

I found it's not necessarily the WMIC call. It's the For /F call.

FOR /F "tokens=1 delims= " %%G IN (c:\sccmtemp\version.txt) DO (set _version=%%G)
echo "%_version%"

Any idea how to get around this in the Server 2003 via PSEXEC?

If I run the command locally, it works perfect. But through PSEXEC, it doesn't. I receive blanks where the "%_version%" should be.

Process Explorer : Remote Control not working in Server 2012

December 15, 2014, 2:36 pm
$
0
0
Author: JoelC
Subject: Remote Control not working in Server 2012
Posted: 15 December 2014 at 10:36pm

Question for any other users/developers:
 
I've got a brand new Server 2012 R2 VM that has Process Explorer downloaded and working properly on. A third-party support tech is attempting to use the Users->Remote Control functionality but it is popping up a dialog that says "Error starting remote control: This function is not supported on this system."
 
I've been unable to find anything in the Process Explorer help file and searching for it on Bing and Google gives me nothing. Any ideas?
 
Thanks in advance

Process Explorer : Google Chrome window titles

December 15, 2014, 3:15 pm
$
0
0
Author: LMiller7
Subject: Google Chrome window titles
Posted: 15 December 2014 at 11:15pm

For Process Explorer to show any kind of Chrome tab information would require that it have detailed internal knowledge specific to the Chrome process. The Chrome Task Manager has that knowledge. Process Explorer does not.

Process Explorer : Google Chrome window titles

December 15, 2014, 3:20 pm
$
0
0
Author: lseltzer
Subject: Google Chrome window titles
Posted: 15 December 2014 at 11:20pm

Really? I figured that background tabs are all windows, just hidden. 

Internals : Finding all installed programs from the registry

December 15, 2014, 4:01 pm
$
0
0
Author: Broni
Subject: Finding all installed programs from the registry
Posted: 16 December 2014 at 12:01am

There are two more registry keys you need to check:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products


Edited by Broni - 5 hours 25 minutes ago at 12:04am
Search

PsTools : How to pass arguments to bat file

December 16, 2014, 4:03 am
$
0
0
Author: AutomationWorld
Subject: How to pass arguments to bat file
Posted: 16 December 2014 at 12:03pm

HI All,

Please, Can share you knowledge to usage of parameters from bat to vbscipt file.?

Requirement:

am calling a bat file by passing one argument (which is path of vbs file) and once if i entered into the bat file , i want to execute vbscript file.

Calling bat file:
strCMD = "C:\RExecution\PSTools\PsExec.exe \\" & strRemoteIP & " -accepteula -d -u " & strDomain & "\" & strVUser & " -p " & strVPassword & " C:\RExecution\Scripts\Run.bat " & strPath & "  1 > C:\RExecution\" & RemotePC

strPath --> what am passing path of the vbs file

My.bat file:
@echo on
echo my check is %1
set arg1=%1
echo C:\RemoteExecution\Runner_Files\& %arg1%
pause 3
cscript.exe %arg1% &  > C:\RExecution\ReferBatch.out

Troubleshooting : msi running on WIN7 boot

December 16, 2014, 4:04 am
$
0
0
Author: MikeNewman
Subject: msi running on WIN7 boot
Posted: 16 December 2014 at 12:04pm

I have been fighting with a Windows 7 Ultimate boot problem for days without success.  When I boot the computer, I have the msi showing about half way through the boot process but nothing is being installed.  The message box just shows that msi is running and the progress bar gets to about 60% and it stops.  The boot process carries on for a while and the same thing happens again before the boot completes and the computer is ready for use.  The computer is a few years uld and the problem only appeared a few weeks ago.
I am worried that it may be some malware that none of the usual commercial products have found.  I have used Avast and MalwareBytes juswt to mention 2.
 
Can anyone assist please?

Miscellaneous Utilities : Sysmon Doesn't Log Events

December 16, 2014, 4:24 am
$
0
0
Author: harvey7
Subject: Sysmon Doesn't Log Events
Posted: 16 December 2014 at 12:24pm

Is it possible to get all three types of hash for every event ?

PsTools : psloggedon.exe returns "unknown time"

December 16, 2014, 8:06 am
$
0
0
Author: irbkorrum
Subject: psloggedon.exe returns "unknown time"
Posted: 16 December 2014 at 4:06pm

Long story short, until a few weeks ago when running PSloggedon.exe \\computername it used to return correct information.  Just recently we started getting all kinds of weird results with "<unknown time>" listed and it's showing almost every user with a local profile.  This is causing problems as we have a script users run to see which computer is available for login.  If we reboot the computer this resolves the issue for a day or so and then it's right back to showing "<unknown time>".  Anyone have any ideas on how to resolve this?

Troubleshooting : msi running on WIN7 boot

December 16, 2014, 8:52 am
$
0
0
Author: pinscomputer
Subject: msi running on WIN7 boot
Posted: 16 December 2014 at 4:52pm

Originally posted by MikeNewman MikeNewman wrote:

.... I have the msi showing about half way through the boot process but nothing is being installed.  The message box just shows that msi is running and the progress bar gets to about 60% and it stops.  .....
 
 
were you trying to install something? 
 
did Microsoft download operating system updates prior to this problem occurring?
 
can you boot to safe mode?
 
have you been able to backup your personal files that were on the computer?

Troubleshooting : msi running on WIN7 boot

December 16, 2014, 9:09 am
$
0
0
Author: MikeNewman
Subject: msi running on WIN7 boot
Posted: 16 December 2014 at 5:09pm

I do not remember when it first appeared but I have not installed any new software for many months.
I have all of the Microsoft updates on automatic download and install.
I can boot in safe mode and the problem does not appear.
I have backed up all on the My Documents folder to another drive.  I have yet to make a copy of the .pst file for Outlook.
I do have another machine also running Windows 7 Ultimate with MS updates on automatic download and install and that does not have the problem.

Site Bugs : Procmon doesnt apply filters when exporting to PML

December 16, 2014, 10:35 am
$
0
0
Author: maialen
Subject: Procmon doesnt apply filters when exporting to PML
Posted: 16 December 2014 at 6:35pm

I'd like to filter a PML file in order to save the information I search for in a new file from the command line.

Drop filtered events is set and so is the filter I need to use, however when using the following command:

Procmon.exe /openlog "Logfile.pml" /saveapplyfilter /loadconfig ProcmonConfiguration.pmc /saveas "Logfile2.pml"

The Logfile2.pml is identical to the original file. However, the command:

Procmon.exe /openlog "Logfile.pml" /saveapplyfilter /loadconfig ProcmonConfiguration.pmc /saveas "Logfile.xml"

Saves just the filtered events I need (as expected).

Is the export functionality different in both file types? The xml files output seems the correct one.
Search

Troubleshooting : msi running on WIN7 boot

December 16, 2014, 2:00 pm
$
0
0
Author: pinscomputer
Subject: msi running on WIN7 boot
Posted: 16 December 2014 at 10:00pm

get your outlook file backed up now while you are still thinking about it....
 
 
here are some options for you to start considering (in no specific order).
 
1. reinstall operating system
2.  repair install (system file checker)
3. perform clean boot (DO NOT..DO NOT... DO NOT ... disable any Microsoft services ) followed by re-enabling items individually.
 
there are some more tool drive approaches such as installing windows performance tools and capturing a boot trace.
you could also download PROCMON from the sysinternals site and capture a boot trace, then post the results for the members to review...
 
HOWEVER, these are only options based on limited information about your problem.
 
 
I would suggest you see if other forum members have any additional suggestions before proceeding with anything.
 


Edited by pinscomputer - 8 hours 2 minutes ago at 10:08pm

Process Monitor : Omit Duplicate Rows?

December 16, 2014, 2:17 pm
$
0
0
Author: XTAL256
Subject: Omit Duplicate Rows?
Posted: 16 December 2014 at 10:17pm

You can right click on a particular column of an event and exclude anything which matches that value. For example, right click on the "Operation" column where the operation is "ReadFile", and you will see an option to "Exclude 'ReadFile'".
That's probably the closest existing feature to what you want, since you are essentially telling ProcMon what constitutes a duplicate (any of the same value in that column). And you can then continue to refine by excluding other columns.
I do that to reduce the amount of noise so I can focus only on the events I want.

Process Monitor : Bug: QueryNetworkOpenInformationFile properties

December 16, 2014, 3:25 pm
$
0
0
Author: XTAL256
Subject: Bug: QueryNetworkOpenInformationFile properties
Posted: 16 December 2014 at 11:25pm

I noticed when looking at a QueryNetworkOpenInformationFile event that some of it's properties seem incorrectly formatted. "AllocationSize" and "EndOfFile" are both given as dates, whereas I would expect them to be integers. See image below.

Screenshot

Process Monitor : Procmon doesnt apply filters when exporting to PML

December 17, 2014, 3:11 am
$
0
0
Author: maialen
Subject: Procmon doesnt apply filters when exporting to PML
Posted: 17 December 2014 at 11:11am

I'd like to filter a PML file in order to save the information I search for in a new file from the command line.

Drop filtered events is set and so is the filter I need to use, however when using the following command:

Procmon.exe /openlog "Logfile.pml" /saveapplyfilter /loadconfig ProcmonConfiguration.pmc /saveas "Logfile2.pml"

The Logfile2.pml is identical to the original file. However, the command:

Procmon.exe /openlog "Logfile.pml" /saveapplyfilter /loadconfig ProcmonConfiguration.pmc /saveas "Logfile.xml"

Saves just the filtered events I need (as expected).

Is the export functionality different in both file types? The xml files output seems the correct one.


PsTools : PSEXEC gets stuck

December 17, 2014, 5:12 am
$
0
0
Author: Esmir
Subject: PSEXEC gets stuck
Posted: 17 December 2014 at 1:12pm

uploads/49416/Gmetrix.zip

I am trying to deploy Gmetrix software using PSEXEC.
When I run it, I get the following error:

Copying \\server\Some_Share........
Starting \\server\Some_Share......

Access is denied.
Access is denied.

Any idea what might be causing this?
This user has admin rights.

I attached copies of both script to this post.
I start my process with Gmetrix.bat file.

Any input would be greatly appreciated.

Thanks

Esmir
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>