Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

PsTools : psPING - few errors

December 17, 2015, 1:08 am
$
0
0
Author: alysko
Subject: psPING - few errors
Posted: 17 December 2015 at 9:08am

Dear Sir/Madam

Following my experience with iperf and jperf, I tried psping on my Windows 7 machine. It works, shows a bit higher performance numbers, except for a few errors reported below.


1) I have run psping and it sems the statistics value "Average" is incorrect. It shows either sum or max, but not the average. Please see the example in below.

psping -b -l 10m 127.0.0.1:5001

PsPing v2.01 - PsPing - ping, latency, bandwidth measurement utility
Copyright (C) 2012-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

Setting warmup count to match number of outstanding I/Os: 16
TCP bandwidth test connecting to 127.0.0.1:5001: Connected
20 iterations (16 warmup) sending 10485760 bytes TCP bandwidth test: 100%

TCP sender bandwidth statistics:
  Sent = 4, Size = 10485760, Total Bytes: 199229440,
  Minimum = 249.89 MB/s, Maximum = 1.66 GB/s, Average = 1.66 GB/s

Please see a print screen of the same in below.


2) When I attempt to run a UDP bandwidth test, there is an error:

I first start the server, then execute the client.

CLIENT SIDE

psping -b -u 1k -l 10m 127.0.0.1:5001

PsPing v2.01 - PsPing - ping, latency, bandwidth measurement utility
Copyright (C) 2012-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

Setting warmup count to match number of outstanding I/Os: 16
UDP bandwidth test connecting to 127.0.0.1:5001: Connected
20 iterations (16 warmup) sending 10485760 bytes UDP bandwidth test:   0%
UDP sender bandwidth statistics:
  Sent = 0, Size = 10485760, Total Bytes: 0,
  Minimum = 0.00 b/s, Maximum = 0.00 b/s, Average = 0.00 b/s
Error exchanging UDP statistics:An established connection was aborted by the sof
tware in your host machine.


SERVER SIDE (my notebook) starts and then shows an error when I try to connect from the client:

psping -s 127.0.0.1:5001

PsPing v2.01 - PsPing - ping, latency, bandwidth measurement utility
Copyright (C) 2012-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

Type Control-C to exit.
Waiting for TCP connection on 127.0.0.1:5001: Error binding UDP socket:
An attempt was made to access a socket in a way forbidden by its access permissi
ons.

Please advise on the UDP testing. Why am I having this problem?

Thanks!

Regards
Albert



Search

Malware : System Log for exexuted Batch file

December 17, 2015, 5:20 am
$
0
0
Author: Altiano
Subject: System Log for exexuted Batch file
Posted: 17 December 2015 at 1:20pm

Let's say I executed 5 batch files yesterday and now I want to know the order of the execution of the files. Does Windows log the execution, maybe in Windows Event Logs or something? Or is there any third party program that does so?

This could be useful if there is a malicious batch file that executed accidentally by the user or automatically by the batch file itself and we want to know the name of the file, where is it located so that we can remove it.

Malware : System Log for exexuted Batch file

December 17, 2015, 10:11 am
$
0
0
Author: pinscomputer
Subject: System Log for exexuted Batch file
Posted: 17 December 2015 at 6:11pm

take a look at this video starting at approx. timestamp 12min 00 sec thru approx. timestamp 15min 20sec
 
the video presenter, Paula Januszkiewicz, appears regularly at Microsoft tech events.
 
also refer to the following web page:
 
 
 


Edited by pinscomputer - 12 hours 14 minutes ago at 6:16pm

Process Monitor : Application has been waited around 360 seconds

December 17, 2015, 6:13 pm
$
0
0
Author: ASuzuki
Subject: Application has been waited around 360 seconds
Posted: 18 December 2015 at 2:13am

Hello ChaosEngin-san,
Thank you very much for response.

I also thought this line has waisted 361 seconds.  However after I posted this question, I checked the meaning of Duration=361.4222372.  Please look at following extracted 10 lines of LOG.  These are filtered by Process Nameis xxxx.exe.  Time difference between line 01 and 10 is 361.4222597(8:37:30.8582993 - 8:31:29.4360396) and this time interval is almost same as Duration of Line 01.  This means that Duration of Line 01 is until start of Line 10. 
No Time of Day      Process Name  Operation                 Path                            Duration
01 8:31:29.4360396  xxxx.exe      IRP_MJ_CREATE             C:\Windows\System32\perfts.dll  361.4222372
02 8:37:30.8282717  xxxx.exe      FASTIO_QUERY_INFORMATION  C:\ProgramData\...\Iron.db        0.0000109 
03 8:37:30.8282896  xxxx.exe      FASTIO_READ               C:\ProgramData\...\Iron.db        0.0000036
04 8:37:30.8282968  xxxx.exe      IRP_MJ_READ               C:\ProgramData\...\Iron.db        0.0000103
05 8:37:30.8283141  xxxx.exe      FASTIO_QUERY_INFORMATION  C:\ProgramData\...\Iron.db        0.0000053
06 8:37:30.8283505  xxxx.exe      FASTIO_QUERY_INFORMATION  C:\ProgramData\...\Iron.db        0.0000053
07 8:37:30.8283770  xxxx.exe      FASTIO_READ               C:\ProgramData\...\Iron.db        0.0000029
08 8:37:30.8283839  xxxx.exe      IRP_MJ_READ               C:\ProgramData\...\Iron.db        0.0296993
09 8:37:30.8284160  xxxx.exe      IRP_MJ_READ               C:\ProgramData\...\Iron.db        0.0296499
10 8:37:30.8582993  xxxx.exe      IRP_MJ_SET_INFORMATION    C:\Windows\System32\perfts.dll    0.0000524

I also checked stuck information and found that line 01 and 10 are real action of process xxxx.exe, but line 02 - 09 are interrupted by Symantec EndpointProtection : Download Insite. Therefore, I think that Duration of line 01 is caused by interruption of Symantec Endpoint Protection (Download Insite).

I appreciated your help in advance.
ASuzuki

Process Monitor : Application has been waited around 360 seconds

December 17, 2015, 6:39 pm
$
0
0
Author: pinscomputer
Subject: Application has been waited around 360 seconds
Posted: 18 December 2015 at 2:39am

is the posted trace "filtered"?
 
if filters were applied to the original trace, first highlight the IRP_MJ_CREATE entry, then remove the filters.
what are the operations prior to the IRP_MJ_CREATE that takes 361 seconds?
 
 
from the sysinternals admin reference:
Duration How long the operation took, in seconds.  For Thread Profiling events, this is the sum of kernel and user time charged to the thread since the previous Thread Profiling event; for Process Profiling events, this value is set to zero. See the “Displaying Profiling Events” section later in this chapter for more information.
 

 

.

Process Explorer : Summary On Lower Pane

December 18, 2015, 6:32 am
$
0
0
Author: klchin
Subject: Summary On Lower Pane
Posted: 18 December 2015 at 2:32pm

Hi,

Is there a option to view a summary count of each type?

Said like  - Type Group Count

   WindowStation   - 2
   Event                 - 30
   Thread               - 10
   TpWorkerFactory - 20
   Timer                  - 4 
 
Instead a detail listing

TQ.

Process Explorer : Summary On Lower Pane

December 18, 2015, 8:27 am

PsTools : PSExec using LIST stalls

December 18, 2015, 9:33 am
$
0
0
Author: dmoosun
Subject: PSExec using LIST stalls
Posted: 18 December 2015 at 5:33pm

Hi all,

Ok, some brief info, we will soon be upgrading to Office 365 and in order to automate it, we require a couple of pieces of software installed.

We have all the hardwired/wireless workstations covered, it's just targeting those using Microsoft VPN connections now.

I'm using this simple command line below, inside VPNIPs.txt I have 50 IPs from 192.168.18.70-192.168.18.119 and the rest you'll know.

PSEXEC @"\\tog1\ITSupport\Installs\VPNIPs.txt" -N 12 -H -S "\\tog1\ITSupport\Installs\SK1.bat"

EXIT

My issue is that when I run it, it stalls on the last IP address even though I've got a timeout of 12 seconds, it repeatedly tries. Screenshot below, please advise.



Any suggestions welcome, thanks.


Edited by dmoosun - 13 hours 24 minutes ago at 5:34pm
Search

PsTools : PSExec using LIST stalls

December 18, 2015, 10:16 am
$
0
0
Author: pinscomputer
Subject: PSExec using LIST stalls
Posted: 18 December 2015 at 6:16pm

what happens if you change the last IP address to .120 ?

PsTools : PSExec using LIST stalls

December 18, 2015, 10:36 am
$
0
0
Author: dmoosun
Subject: PSExec using LIST stalls
Posted: 18 December 2015 at 6:36pm

Originally posted by pinscomputer pinscomputer wrote:

what happens if you change the last IP address to .120 ?

I'll see if I can give it a try, even though our VPN pool is set to 192.168.18.70-119.

Utilities Suggestions : Locked files and SDelete

December 18, 2015, 1:23 pm
$
0
0
Author: cg3
Subject: Locked files and SDelete
Posted: 18 December 2015 at 9:23pm

I ran into an issue where a file lock was preventing me from deleting a file with sdelete 1.6.1.  Since that was the case, I was wondering if there could be a switch added to disable all the file locks on file(s)/folder(s). 

Also, though I have not used the -a switch, could there be another switch added to remove the "S" attribute from files as well?



PsTools : PSExec using LIST stalls

December 18, 2015, 7:01 pm
$
0
0
Author: dmoosun
Subject: PSExec using LIST stalls
Posted: 19 December 2015 at 3:01am

I can confirm after changing nothing, it does close both PsExec.exe and cmd.exe but just takes very long, maybe 15 minutes after the script has completed it just stalls on what you see above, then disappears after a good 15-20 minutes.

Any ideas?

PsTools : PSExec using LIST stalls

December 19, 2015, 5:10 am
$
0
0
Author: pinscomputer
Subject: PSExec using LIST stalls
Posted: 19 December 2015 at 1:10pm

have you tried to capture a process monitor trace and see if that reveals anything when the applications delays execution.

Malware : open mdb files

December 19, 2015, 3:09 pm
$
0
0
Author: velecrihard
Subject: open mdb files
Posted: 19 December 2015 at 11:09pm

When I receive emails from my clients that contain attachments with the extension .mdb, I get a message that Windows mail has removed them before that I had a virus, but I deleted it, whether he could influence this?

Malware : open mdb files

December 19, 2015, 5:08 pm
Search

Miscellaneous Utilities : RAMMap: Periodic refresh and free

December 19, 2015, 7:57 pm
$
0
0
Author: jakesalomon
Subject: RAMMap: Periodic refresh and free
Posted: 20 December 2015 at 3:57am

Greetings from a newbie to this forum.

A recent problem I was having with my Windows-7 PC led me to the RamMap utility.  Something was eating my memory faster than another utility (MemClean) could clear it.  The cause is likely a faulty partition, since reformatted but that's not the main issue for me with RamMap.

RamMap has a nice option: The Free menu, which clears various components of cache memory.  When I use it I can watch my memory usage go down from 3.2GB (out of 4GB) to as low as under 700MB.  That is, until the various stuff that's always going on slowly raises the memory usage rate back up toward 2GB.  (I'm monitoring memory usage with a feature of Process Explorer, likely Mark's magnum opus.

What do I do about it now? I keep open windows of the memory monitor and RamMap open and, whenever memory usage seems to approaching a subjective threshold, I use that [Empty] menu a couple of times.

I haven't seen a way to search the forums but I'm sure I'm not the first one to ask about these desirable (IMHO Smile) features:
  • An automated periodic refresh of the memory map
  • An automated periodic clear of the cache every n minutes (to be selected by the user)
  • A triggered cache-clear when memory usage goes over some threshold, like 3.5GB or so

The idea is to have RamMap do in the background what I'm doing manually every once in a while.

These Sysinternals utilities are stupendous works of art and science, sorta like the original Norton Utilities from the 80's; I salute Mark for his deep internals knowledge of the operating system and thank him for making this available to the public!

Miscellaneous Utilities : RAMMap: Periodic refresh and free

December 19, 2015, 10:22 pm
$
0
0
Author: LMiller7
Subject: RAMMap: Periodic refresh and free
Posted: 20 December 2015 at 6:22am

There are programs all over the Internet that will do what you want but I would strongly urge you not to use them. Mark has a very low opinion of them, as do I. What you need to do is find and correct the problem instead of covering it up. 

Miscellaneous Utilities : RAMMap: Periodic refresh and free

December 20, 2015, 8:56 am
$
0
0
Author: jakesalomon
Subject: RAMMap: Periodic refresh and free
Posted: 20 December 2015 at 4:56pm

Mr. Miller (I'm NOT going to call you L for a first name :-)

That's precisely why I am asking about such a feature within the SysInternals family.  I simple this RAMMap is the easiest place to start, since it provides these features manually already.  Clearly, I am not satisfied with MemClean but it does forestall disaster when it'[s trying to happen.

As for my problem: It seems to have cleared up since I reformatted the suspect partition. But I mentioned it only as an explanation of how RAMMap fits in here. A discussion thereof in this forum would be off-topic.

PsTools : psPING - few errors

December 20, 2015, 10:36 am
$
0
0
Author: myownboss
Subject: psPING - few errors
Posted: 20 December 2015 at 6:36pm

Your Client command: psping -b -u 1k -l 10m 127.0.0.1:5001
Should you not have this pointing to the server address instead od itself?

Autoruns : process picked up by PE but not Autoruns

December 20, 2015, 12:48 pm
$
0
0
Author: ginahoy
Subject: process picked up by PE but not Autoruns
Posted: 20 December 2015 at 8:48pm

I'm running WinXP SP3. I'm trying to disable the acevents.exe process from auto-starting every time I reboot. It's required for my rarely-used smart card reader.

I just noticed it loads every time I reboot, regardless of having unchecked the process in msconfig/startup. It's not listed in the Services list, so I'm not sure how to keep it from loading.

I added the command "sc stop acevents" in my autoexec.bat but no cigar. The only option is to manually stop it after every reboot.

When searching for information, I stumbled across Autoruns. Not sure how I overlooked this great little utility. I've used Process Explorer for years.

Oddly, Process Explorer shows acevents, but it's not listed in Autoruns. Anyone know how to disable acevents, or why it's not picked up by autoruns?

Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>