Internals : How to open a Photoshop file and save it in anothe

March 14, 2016, 10:14 am

≫ Next: Miscellaneous Utilities : Zoom it on Windows 10

≪ Previous: Process Explorer : Process Explorer Virus total - A security error oc

$

0

0

Author: SilasSpencer
Subject: How to open a Photoshop file and save it in anothe
Posted: 14 March 2016 at 5:14pm

I know thisisnt a VB.NET category but does anyone know of a way to open a photoshop image(.psd) through vb.net code and work with it? Basically I just want to open the.psd file and save it as a .gif or .jpg

Thank you!

---

Miscellaneous Utilities : Zoom it on Windows 10

March 15, 2016, 7:03 am

≫ Next: Utilities Suggestions : Logout net user client side

≪ Previous: Internals : How to open a Photoshop file and save it in anothe

$

0

0

Author: lucian
Subject: Zoom it on Windows 10
Posted: 15 March 2016 at 2:03pm

Well - it seems that suddenly Microsoft did something that make ZoomIt work again - hooray!

 

After I was angry that ZoomIt did not work on Windows 10 (and still not working on my old Win10 virtual machine - version 10.0 build 10240), but today I was trying again and it seems to work again with "Live Zoom" and "Drawing" - but this time Windows 10 is version 1511 build 10586.164 as stated by winver.exe.

 

So it seems that Mark Russinovich did a GREAT TOOL, but Microsoft "did it again"... and lately repair it.

 

Thank you Mark for this tool!

Utilities Suggestions : Logout net user client side

March 16, 2016, 5:35 am

≫ Next: BgInfo : BGInfo for Laptop DHCP shows all Adapters Mac

≪ Previous: Miscellaneous Utilities : Zoom it on Windows 10

$

0

0

Author: onsite
Subject: Logout net user client side
Posted: 16 March 2016 at 12:35pm

I need an utility that can be able to logout a user client side.

Example:

I'm connected from a client to a shared folder in a server (or a NAS) using RO credentials and I need to write something to that folder.
I would like to give a command line command to logout the user with RO credentials to be able to login with other credentials with RW rights.

Does it already exist?

BgInfo : BGInfo for Laptop DHCP shows all Adapters Mac

March 16, 2016, 8:26 am

≫ Next: BgInfo : BGInfo for Laptop DHCP shows all Adapters Mac

≪ Previous: Utilities Suggestions : Logout net user client side

$

0

0

Author: ABrescia
Subject: BGInfo for Laptop DHCP shows all Adapters Mac
Posted: 16 March 2016 at 3:26pm

I am looking to display the MAC address and IP for only the network adapters that are connected. Our laptops are set on DHCP and  have wireless and cicso anyconnect on them. Is they a way to show only the adapters that are connected. Having the IP adresss and MAC adresss displayed currently gives me this.

 

IP Address:  (none)

                  (none)

                  (none)

                  (none)

                  XX.XX.XX.XXX

                  (none)

                  (none)

 

MAC Address:     XX-XX-XX-XX-XX-XX

                         XX-XX-XX-XX-XX-XX

                         XX-XX-XX-XX-XX-XX

                         XX-XX-XX-XX-XX-XX

                         XX-XX-XX-XX-XX-XX

                         XX-XX-XX-XX-XX-XX

                         XX-XX-XX-XX-XX-XX

 

 

BgInfo : BGInfo for Laptop DHCP shows all Adapters Mac

March 16, 2016, 8:42 am

≫ Next: BgInfo : BGInfo for Laptop DHCP shows all Adapters Mac

≪ Previous: BgInfo : BGInfo for Laptop DHCP shows all Adapters Mac

$

0

0

Author: ABrescia
Subject: BGInfo for Laptop DHCP shows all Adapters Mac
Posted: 16 March 2016 at 3:42pm

The simple solution would be to add a filter or switch to the end of...

 

SELECT IPAddress FROM Win32_NetworkAdapterConfiguration

 

to show the value of the connected state to be 2   or NetConnectionStatus = 2 ?

Edited by ABrescia - 8 hours 60 minutes ago at 3:51pm

BgInfo : BGInfo for Laptop DHCP shows all Adapters Mac

March 16, 2016, 9:37 am

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: BgInfo : BGInfo for Laptop DHCP shows all Adapters Mac

$

0

0

Author: ABrescia
Subject: BGInfo for Laptop DHCP shows all Adapters Mac
Posted: 16 March 2016 at 4:37pm

Made a custom field WMI that worked for the MAC Address

 

SELECT MACAddress FROM Win32_NetworkAdapter WHERE NETCONNECTIONSTATUS = "2"

 

Still working on showing only the IP address where the connection is active. Problem is that the NETCONNECTIONSTATUS is from Win32_NetworkAdapter but I cannot pull the IP address from there.

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

March 16, 2016, 10:59 am

≫ Next: BgInfo : BGInfo for Laptop DHCP shows all Adapters Mac

≪ Previous: BgInfo : BGInfo for Laptop DHCP shows all Adapters Mac

$

0

0

Author: Obradbl
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 16 March 2016 at 5:59pm

Hello i have the same problem. Here is recorder file.

Thank you very much, you are like a god to ntoskernel problems.

http://www.filedropper.com/highcpuusage

Edited by Obradbl - 6 hours 51 minutes ago at 6:00pm

BgInfo : BGInfo for Laptop DHCP shows all Adapters Mac

March 16, 2016, 11:11 am

≫ Next: Miscellaneous Utilities : RAMMap-Mapped File-High Standby Memory-Where from?

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: ABrescia
Subject: BGInfo for Laptop DHCP shows all Adapters Mac
Posted: 16 March 2016 at 6:11pm

For My IP Address this seemed to work >>>

 

SELECT IPAddress FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True

 

The only downside may be that if a desktop PC is not connected to the network when the user logs in, both fields will display as none. This may not be bad because it would indicate no network connection.

 

Any suggestions are welcome for fine tuning these custom fields.

---

Miscellaneous Utilities : RAMMap-Mapped File-High Standby Memory-Where from?

March 16, 2016, 11:41 am

≫ Next: Miscellaneous Utilities : Autologon utility

≪ Previous: BgInfo : BGInfo for Laptop DHCP shows all Adapters Mac

$

0

0

Author: tct_rammap
Subject: RAMMap-Mapped File-High Standby Memory-Where from?
Posted: 16 March 2016 at 6:41pm

I am using RAMMap to try and understand what is using all my "Standby" memory.

I realise that Standby memory will be reused, on a priority basis from 0-7, for any allocations and is considered part of Windows' "Available Memory" = Free + Standby.

However given the Standby usage is so large (many GBs) I am interested what is currently in a Standby state to see if this indicates anything strange.

Using RAMMap I can see the predominant usage is in the "Mapped File" area.

When I go to the File Summary tab however this tab does not account for the GBs of Standby memory that the Mapped File area reports.

How can I understand what is using this standby memory in the "mapped file" allocations?

I was under the impression that when a process exits its memory is often added to the free list rather than standby?

If I quote from the Windows Internals 6th Edition book from Chapter 10 on Memory Management:

When a process has to give up a page out of its working set (either because it referenced anew page and its working set was full or the memory manager trimmed its working set), thepage goes to the standby lists if the page was clean (not modified) or to the modified list if thepage was modified while it was resident. 

When a process exits, all the private pages go to the free list. Also, when the last reference toa page-file-backed section is closed, and the section has no remaining mapped views, thesepages also go to the free list.

So it would seem if I am interpreting that correctly only active processes will have Standby Memory references, as all exited processes would have returned their memory to the free list.

There is one ambiguous case that comes to mind, and that is if a process, for some reason, placed pages on the Standby List and then exited. In that case could you have memory in standby that does not correspond to an active process?

This explanation, for my system, is somewhat strange as it is not clear why so much memory should be in Standby as I doubt I am seeing conditions regularly where processes referenced a new page and its working set was full or the memory manager trimmed its working set.

Can anyone help?

Miscellaneous Utilities : Autologon utility

March 16, 2016, 12:24 pm

≫ Next: Miscellaneous Utilities : RAMMap-Mapped File-High Standby Memory-Where from?

≪ Previous: Miscellaneous Utilities : RAMMap-Mapped File-High Standby Memory-Where from?

$

0

0

Author: shavelieva
Subject: Autologon utility
Posted: 16 March 2016 at 7:24pm

Running into the same boat, found a solution yet?

Miscellaneous Utilities : RAMMap-Mapped File-High Standby Memory-Where from?

March 16, 2016, 8:12 pm

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Miscellaneous Utilities : Autologon utility

$

0

0

Author: LMiller7
Subject: RAMMap-Mapped File-High Standby Memory-Where from?
Posted: 17 March 2016 at 3:12am

The normal state of available memory is on the standby list. Having a low or even zero value for free memory is a good thing. A high value would be a bad thing but this is often unavoidable.

As part of it's normal activity the system memory manager will trim the working sets of resident processes. Eventually this will get to the standby list but private use pages will go by way of the modified list until they are written to the pagefile.

When a process terminates it's private use pages will go to the free list. But application exe files and DLLs are not private use pages and will go to the standby list. Until standby memory is needed for other purposes it will remain there. If you have a large amount of RAM this could be a long time.

The file cache will be trimmed like process memory and this too will go to the standby list.

I wouldn't be concerned about high standby memory. The higher the better.




 

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

March 16, 2016, 9:58 pm

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Miscellaneous Utilities : RAMMap-Mapped File-High Standby Memory-Where from?

$

0

0

Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 17 March 2016 at 4:58am

you also have the ACPI.sys issue

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

March 17, 2016, 1:21 am

≫ Next: Utilities Suggestions : Sysmon v3.21 Enhancement Request

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: Obradbl
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 17 March 2016 at 8:21am

and that means? 

How can i resolve the problem? 

Thank you very much.

Utilities Suggestions : Sysmon v3.21 Enhancement Request

March 17, 2016, 11:44 am

≫ Next: PsTools : PsExec-Unable to get return exit code from batch.

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: harrytas
Subject: Sysmon v3.21 Enhancement Request
Posted: 17 March 2016 at 6:44pm

The below enhancements will be nice for dynamic malware analysis/researchers.

1 - when you install the software you can change the subject that will show in   
    process list.
    the most important is to choose what will be name of the driver and what   
    name & Description will be shown in the services.

those two enhancements are critical for malware analysis because many malware searches for known sysinternal files.

When an attacker is on your system his first recon on the machine is to get services name and description and process file names.

another enhancement that will help malware analysis is the option to save files that were drop on the computer,deleted from the computer to chosen directory

all those enhancements will be very helpful for malware researchers/analysis.

Thank you very much for all the tools you're writing for us.
You're the best !

PsTools : PsExec-Unable to get return exit code from batch.

March 17, 2016, 5:02 pm

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Utilities Suggestions : Sysmon v3.21 Enhancement Request

$

0

0

Author: DocBrown
Subject: PsExec-Unable to get return exit code from batch.
Posted: 18 March 2016 at 12:02am

From within a Windows cmd batch file, I am executing PsExec to start another batch file on a remote system. The command I am executing is:

psexec \\%_machine%  -h -u %_usr% -p %_pw% -c %_instScript% "\\%computername%\%_srcShare%" "%_srcPath%" %_appver% %_instFlag% "%_otherParms%" 1>> "%_logfile%" 2>&1

As you see, I am copying the file specified in %_instScript% to the remote system and passing a number of parameters. This call works as expected and you can assume that all the variables have reasonable values. The batch %_instScript% will do it's thing and at the end is has the following code:

if [%_err%] == [0] goto :end

:errend
rem If we got here, it is a parm error at the beginning of script.
if [%err%] == [0] set _err=4
echo . err: %_err%; Errorlevel: %ErrorLevel%

:end
echo .. End %~nx0
exit /b %_err%

When the script encounters an error, it sets _err to a non-zero value. When the target system is Windows 7, the local system can see the returned error code and the local script can take the appropriate action. When the target system is Windows XP Pro, the remote script does not return the error code and always returns 0.

Does anyone have a way to make Windows XP return the error code or the local system to see it?

(I know, I wish I wasn't still running XP but where I'm doing this, I don't yet have a choice.)


Edited by DocBrown - 1 hour 7 minutes ago at 12:05am

---

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

March 17, 2016, 6:48 pm

≫ Next: PsTools : PSExec - System Cannot Find File Specified

≪ Previous: PsTools : PsExec-Unable to get return exit code from batch.

$

0

0

Author: brucethemoose
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 18 March 2016 at 1:48am

This ACPI.sys thing is popping up alot. Maybe its a bug in Windows 10?

EDIT: Or maybe it's an NVMe-Windows issue, as my computer and some Macs come with PCIe SSDs. 

zbaw wrote: Hello and thank you for the answer. The system is updated using apple software update. As for the uefi, I don't know how to check the version nor to update. I'm a little affraid of this step. It's very strange, sometimes the cpu goes crazy, sometimes not. Don't know what to do.

Obradbl wrote: and that means?  How can i resolve the problem?  Thank you very much.

I fixed it by flashing the BIOS of my laptop. You don't even need a newer BIOS... just grab the same one from your manufacturer's website, and flash it. 

Edited by brucethemoose - Yesterday at 1:55am

PsTools : PSExec - System Cannot Find File Specified

March 17, 2016, 10:28 pm

≫ Next: Miscellaneous Utilities : Sigcheck v2.5 and win10 10586

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: foteye
Subject: PSExec - System Cannot Find File Specified
Posted: 18 March 2016 at 5:28am

The UPS software I am using has functionality to run a script on the management PC (PC1) when it goes into battery mode. I have come up with a powershell script (ShutdownVM.ps1) that works fine on its own to Invoke-Commands on the VM server; shutting down VM's gracefully and turning off the host machine (SERVER). The first problem arose when the UPS software could not directly run a .ps1 file.

Simple enough, I thought I would make a simple .bat (shutdown.bat) file to run the .ps1 file on PC1 to shut everything off on SERVER. Running my .bat file from the desktop pc worked perfectly, but as the UPS software would run it as a service, my poor .bat file would run from Session 0.

Here is the code i used in Shutdown.bat:

@echo on Powershell.exe -executionpolicy unrestricted -command C:\Windows\ShutdownVM.ps1

The interactive services manager would pop up and my computer would hang and finally the UPS software would turn it off and I'd be back to square one, with SERVER and its VM's still running. So I thought I would download and use PSExec to execute my shutdown.bat file.

I made another .bat file and called it PSExec.bat and below is the code in it:

@echo on psexec.exe -accepteula \\PC1 -h -u user -p pass -i 2 C:\Windows\shutdown.bat

Finally! It tries to run! Upon checking the interactive services manager, it showed the PSExec was throwing the error "the system cannot find the file specified"



I have no idea what file it is even looking for, I have double, triple checked the path names in my scripts and still have no idea as to what it is doing. If anyone could shed any light (or let me know of an easier way to achieve what I am trying to do) that would be great. Thanks!

-F

Miscellaneous Utilities : Sigcheck v2.5 and win10 10586

March 18, 2016, 4:22 am

≫ Next: Troubleshooting : gpsvc not starting

≪ Previous: PsTools : PSExec - System Cannot Find File Specified

$

0

0

Author: Ford Prefect
Subject: Sigcheck v2.5 and win10 10586
Posted: 18 March 2016 at 11:22am

Hi all,
I got a problem when using parameter -i to verify a file's signature.
Sigcheck seems to be caught in a loop when displaying the cat related information.
Could anyone please give advice or confirm this issue?

Best,
Ford


Edited by Ford Prefect - 14 hours 7 minutes ago at 11:43am

Troubleshooting : gpsvc not starting

March 18, 2016, 5:10 am

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Miscellaneous Utilities : Sigcheck v2.5 and win10 10586

$

0

0

Author: willholt89
Subject: gpsvc not starting
Posted: 18 March 2016 at 12:10pm

Thanks Mate. Finally a solution that worked. I was pulling my hair out over this

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

March 18, 2016, 8:53 am

≫ Next: PsTools : PsExec and passwords with double quote

≪ Previous: Troubleshooting : gpsvc not starting

$

0

0

Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 18 March 2016 at 3:53pm

Obradbl wrote: How can i resolve the problem?

try some of the suggestions from the last post (re- flash BIOS, disable some devices in device manager)