Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Troubleshooting : Zip file issue

November 12, 2015, 10:39 am
$
0
0
Author: van_loon
Subject: Zip file issue
Posted: 12 November 2015 at 6:39pm

Maybe itwill help you to solve the problem.

http://sourceforge.net/p/sevenzip/discussion/45798/thread/25bb18fb/

Looks likea compressed and encrypted zip ....I think this will only work if you installwinzip or winrar....only after installing these software u will get a pompt toenter password.

Installwinzip evaluation edition or winrar free edition....then try to unzip.

If thatdoesn't work, then take look at this utility ZIP Recovery Toolbox. http://www.oemailrecovery.com/zip_recovery.html

Search

Troubleshooting : Zip file issue

November 12, 2015, 10:43 am

Utilities Suggestions : WinObj - Needs Search Capability

November 12, 2015, 5:03 pm
$
0
0
Author: rjr
Subject: WinObj - Needs Search Capability
Posted: 13 November 2015 at 1:03am

WinObj is a good utility to view the Windows Object and it has potential so I'm hoping to identify disk volumes referenced within Windows System Event logs such as Event ID: 55, 51, etc., however apparently there is no search (ctrl-F) capability.
 
IE, it's a nice utility to look at but I can't effectively use it because I can't search for anything, so unless I know exactly what I'm looking for and where it's located within the tree, what real benefit is the utility other than just looking at it for fun or perhaps stumbling across what I'm looking for?
 
The solution is to empower the utility and user with the ability to utilize the data.  Please implement a Search (IE - ctrl-F) capability.
 
Thanks!


Edited by rjr - 23 hours 45 minutes ago at 1:04am

Autoruns : Hash extraction/viewing

November 13, 2015, 3:38 pm
$
0
0
Author: Marqo09
Subject: Hash extraction/viewing
Posted: 13 November 2015 at 11:38pm

The command line version of Autoruns (autorunsc.exe) will report hashes if you use -h argument.

autorunsc.exe -h

Hope this helps!

Miscellaneous Utilities : vmmap.exe : Understanding Blocks column

November 14, 2015, 4:12 am
$
0
0
Author: remus
Subject: vmmap.exe : Understanding Blocks column
Posted: 14 November 2015 at 12:12pm

Hi folks,

[System: Windows 8.1, vmmap version 3.21]
              
I am trying to understand the meaning of the column "Blocks" in VMMAP.   In particular --- I am looking at Heap for my test App.

I have a Heap that I have Created myself, like this:

  HANDLE the_heap = HeapCreate(0,0,0);

I had thought, at first, that a Block would represent what comes back from a call to HeapAlloc --- e.g. if I asked for 42 bytes from HeapAlloc, then that would be a "block" of 42 bytes.  (see API for HeapAlloc in msdn:  "Allocates a block of memory from a heap")

But this clearly isn't the case.  e.g. see pic:

http://s24.postimg.org/pk1mdj9g5/vmmap_heap_blocks.png

Blocks as shown in vmmap means something else to what a block means in HeapAlloc API terms.

What does it mean?

Meany thanks in advance

Remus


BgInfo : ECCN id for BG INFO

November 14, 2015, 3:00 pm
$
0
0
Author: nlsdg
Subject: ECCN id for BG INFO
Posted: 14 November 2015 at 11:00pm

Contact Microsoft at eccn@microsoft.com, as listed in their FAQ at https://www.microsoft.com/en-us/exporting/faq.aspx

Miscellaneous Utilities : vmmap.exe : Understanding Blocks column

November 15, 2015, 6:42 am
$
0
0
Author: remus
Subject: vmmap.exe : Understanding Blocks column
Posted: 15 November 2015 at 2:42pm

Thank you.  That helps me understand a bit more.

I have a couple more questions, of you would be so kind!

(I can imagine these questions could be a bit tedious --- I am learning a lot of this stuff for the first time)

1) You say 

"In this case the heap consists of 9 sections of memory"

In this context I guess you use the word "Heap" to refer to all the heaps as a whole (there are 5 Heaps n the example of the picture I posted).  Is that correct?


2)  You say

"The "Largest" column shows the size of the largest block".

I do not see a column called "Largest" --- what do you mean by this?

Thanks

Remus.

Troubleshooting : Zip file issue

November 15, 2015, 10:24 am
$
0
0
Author: collins
Subject: Zip file issue
Posted: 15 November 2015 at 6:24pm

Thank you buddy for your help and time. your recommendations are very useful. the issue is resolved.

Search

Process Explorer : Process Explorer VS MCafee

November 15, 2015, 11:44 am
$
0
0
Author: ChaosEngine
Subject: Process Explorer VS MCafee
Posted: 15 November 2015 at 7:44pm

Did you try going into PE properties/Compatibility tab and seeing if (Run this program as administrator) was checked? I can't see why PE would want to terminate a process without the users permission though?

Process Explorer : v16.05 run as SYSTEM, closes after few seconds

November 15, 2015, 11:56 am
$
0
0
Author: spriditis
Subject: v16.05 run as SYSTEM, closes after few seconds
Posted: 15 November 2015 at 7:56pm

#App:     Process Explorer (procexp.exe)
#Version: v16.05
#OS:      Windows 7 SP1 Professional / 8.1 Pro (32-bit) (clean install)

#Problem:
When starting ProcessExplorer as SYSTEM user - it starts and runs sucessfully,
but after about 2-5 seconds - silently terminates without any error messages.

Note: Older versions (i.e. v14, v15, <= v16.03) working ok..

Note: Windows "Application" Event Log has following message:
Faulting application name: procexp.exe, version: 16.5.0.0, time stamp: 0x54fe13dc
Faulting module name: OLEAUT32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b972
Exception code: 0xc0000005
Fault offset: 0x00004660
Faulting process id: 0x8a4
Faulting application start time: 0x01d11fda5f9167bc
Faulting application path: C:\Users\Test\Desktop\procexp.exe
Faulting module path: C:\Windows\system32\OLEAUT32.dll
Report Id: a0b5d3e3-8bcd-11e5-add3-0050562c6b38



#Replication:
RunasSystem.exe  "procexp.exe"
or
AdvancedRun "procexp.exe"



Edited by spriditis - 1 hour 41 minutes ago at 11:41pm

Process Explorer : "Search Online" doesn't work with Microsoft Edge

November 15, 2015, 11:58 am

BgInfo : Enumerate all network interfaces

November 15, 2015, 1:08 pm
$
0
0
Author: dylan666
Subject: Enumerate all network interfaces
Posted: 15 November 2015 at 9:08pm

You are right, tanks! Smile

Process Explorer : v16.05 run as SYSTEM, closes after few seconds

November 15, 2015, 1:34 pm
$
0
0
Author: ChaosEngine
Subject: v16.05 run as SYSTEM, closes after few seconds
Posted: 15 November 2015 at 9:34pm

In some cases, oleaut32.dll errors could indicate a registry problem, a virus or malware issue or even a hardware failure.

Source:






Process Explorer : v16.05 run as SYSTEM, closes after few seconds

November 15, 2015, 1:48 pm
$
0
0
Author: spriditis
Subject: v16.05 run as SYSTEM, closes after few seconds
Posted: 15 November 2015 at 9:48pm

Originally posted by ChaosEngine ChaosEngine wrote:

In some cases, oleaut32.dll errors could indicate a registry problem, a virus or malware issue or even a hardware failure.


As noted - this is clean install (on VM):
"Windows 7 SP1 Professional (32-bit) (clean install)"

It runs fine as user / admin, problem only occurs when running as SYSTEM user..

Process Explorer : v16.05 run as SYSTEM, closes after few seconds

November 15, 2015, 2:26 pm
$
0
0
Author: pinscomputer
Subject: v16.05 run as SYSTEM, closes after few seconds
Posted: 15 November 2015 at 10:26pm

please capture a crash dump with procdump.exe
 
send an email to Mark indicating the problem & include a copy of the dump file (or a link to it's location if it is too large).
 
Mark's email can be found at the end of the introductory paragraph here:
 
 
Search

Process Explorer : v16.05 run as SYSTEM, closes after few seconds

November 15, 2015, 3:36 pm
$
0
0
Author: spriditis
Subject: v16.05 run as SYSTEM, closes after few seconds
Posted: 15 November 2015 at 11:36pm

Process terminates without any error message = so i don't get a chance to create a dump.
However i can take dump&info files from WER:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_procexp.exe_*******
(has "memory.hdmp" - not sure if this is also usefull)

Anyway - email sent..

UPDATE:
Created full dump using procdump as AeDebug on process terminate:
procexp & procdump.exe -i -ma procexp.exe



Edited by spriditis - 1 hour 26 minutes ago at 11:56pm

Process Explorer : v16.05 run as SYSTEM, closes after few seconds

November 15, 2015, 5:47 pm
$
0
0
Author: pinscomputer
Subject: v16.05 run as SYSTEM, closes after few seconds
Posted: 16 November 2015 at 1:47am

Originally posted by spriditis spriditis wrote:



UPDATE:
Created full dump using procdump as AeDebug on process terminate:
procexp & procdump.exe -i -ma procexp.exe

I was able to reproduce the error .
 
in admin cmd prompt execute:
PSEXEC -s -I -d cmd.exe
to launch system cmd prompt
 
from the system command prompt
launching process explorer v16.05... the app crashes in about 3 seconds.
launching process explorer v16.04... no app crash.
 
 

Miscellaneous Utilities : vmmap.exe : Understanding Blocks column

November 15, 2015, 8:08 pm
$
0
0
Author: LMiller7
Subject: vmmap.exe : Understanding Blocks column
Posted: 16 November 2015 at 4:08am

There is no relationship between the number of sections and the number of heaps. 

"Largest" column is  to the right of the "Blocks" column in the top list.


Process Explorer : Suggestion: Text-Message in Tray-Icon

November 16, 2015, 12:32 am
$
0
0
Author: thejournalist
Subject: Suggestion: Text-Message in Tray-Icon
Posted: 16 November 2015 at 8:32am

""WORKING ", "WAIT"; as SUBSTITUTE for Graph-Display (white on-black text). NOT FLASHING.

Troubleshooting : Missing address book (.wab) in Outlook Express

November 16, 2015, 2:20 am
$
0
0
Author: ChriPatrick1982
Subject: Missing address book (.wab) in Outlook Express
Posted: 16 November 2015 at 10:20am

Exported all messages, but get an error when trying to export the address book.  Only one .wab file on the computer and it's irrelevant.  Wonder if a utility will recover.  Is there a way to build a new contact list in Outlook from all of your messages without having to enter all manually?
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>