Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Utilities Suggestions : PDF FIles Corrupted

June 2, 2016, 1:13 am
$
0
0
Author: Michael Goebel
Subject: PDF FIles Corrupted
Posted: 02 June 2016 at 8:13am

PDF file can be corrupted easily and there are various reasons behind their corruption and large size in one of them. So always check your PDF file and if they are large in size then used their size reducing technique. You can know more about PDF files issue and their solution from the post: Fix PDF Files 
Search

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

June 2, 2016, 5:12 am
$
0
0
Author: xtrm
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 02 June 2016 at 12:12pm

Is still using the cpu like 25% after disabling maintenance tasks.

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

June 2, 2016, 6:56 am
$
0
0
Author: pinscomputer
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 02 June 2016 at 1:56pm

@xtrm... capture a new trace and post a link to the trace file

Miscellaneous Utilities : Sysmon Filter Driver Deployment Bug

June 2, 2016, 5:07 pm
$
0
0
Author: piesecure
Subject: Sysmon Filter Driver Deployment Bug
Posted: 03 June 2016 at 12:07am

Hello all,

I wanted to rehash an issue/bug presented in this post:

http://forum.sysinternals.com/sysmon-v2-issue_topic31133.html

I encountered the exact same issue with Sysmon v3.21and Sysmon v4. I found a way to easily reproduce the symptoms.

After the reboot following the installation of Sysmon. Sysmon rewrites Error 255 as follows.

Error report:

UtcTime: 2016-06-02 22:47:24.387

ID: DriverCommunication

Description: Failed to access the driver (Last error: Thehandle is invalid.).

On a x86 installation of Windows 7, Sysmon will fail tocreate c:\windows\sysmondrv.sys if the installing Sysmon.exe installer is in anyfolder under C:\Windows\. This includes a deployment folder such asC:\windows\ccmsetup\

Failure to create the driver leads to the followingerror trying to reconfigure Sysmon

C:\Windows\system32>sysmon -c -n

Sysinternals Sysmon v3.21 - System activity monitor

Copyright (C) 2014-2016 Mark Russinovich and Thomas Garnier

Sysinternals - www.sysinternals.com

 

Error: Sysmon is not installed.

Configuration updated.

 

Yet, it is really installed.

C:\Windows\system32>sysmon -c

Sysinternals Sysmon v3.21 - System activity monitor

Copyright (C) 2014-2016 Mark Russinovich and Thomas Garnier

Sysinternals - www.sysinternals.com

Current configuration:

 - Service name:                  Sysmon

 - Driver name:                   SysmonDrv

 -HashingAlgorithms:             SHA1

 - Networkconnection:            enabled

 - Image loading:                 disabled

As described in the previous post, from that point on, only Sysmon/3 event records for System-levelprocesses (svchost.exe, and the process with PID = 4).

On x64 systems thisbehavior can be replicated if the installing sysmon.exe is already present in C:\Windows\where as x86 systesm will have this issue occur if the installer is anywhere under C:\Windows\. x86. Infact, x86 systems will register the Sysmon service and driver inplace, so in the deployment folder scenario, the sysmon service will have an image path of c:\windows\ccmsetup\XX\sysmon.exe.

As a related issue, if youattempt to uninstall then reinstall sysmon.exe using the deployed copy in c:\windows\you will introduce the bug after a reboot in either Win 7 architecture.

Hope this description helps.



Edited by piesecure - 14 hours 9 minutes ago at 12:12am

BgInfo : BG Info - IP Address Script & Windows 10

June 2, 2016, 5:22 pm
$
0
0
Author: tonyhes
Subject: BG Info - IP Address Script & Windows 10
Posted: 03 June 2016 at 12:22am

Here is the script we are trying to use:
strMsg = ""
strComputer = "."
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery("Select IPAddress from Win32_NetworkAdapterConfiguration WHERE IPEnabled = 'True'")
For Each IPConfig in IPConfigSet
 If Not IsNull(IPConfig.IPAddress) Then
 For i = LBound(IPConfig.IPAddress) to UBound(IPConfig.IPAddress)
  If Not Instr(IPConfig.IPAddress(i), ":") > 0 Then
    If Len(strMsg) = 0 Then
      strMsg = strMsg & IPconfig.IPAddress(i)
    else
      strMsg = strMsg & vbcrlf & vbtab & IPConfig.IPAddress(i)
    end if
  End If
 Next
 End If
Next
Echo strMsg
 

Internals : When is the 7th edition book for Win 8 coming out

June 2, 2016, 6:05 pm
$
0
0
Author: dalesmoker
Subject: When is the 7th edition book for Win 8 coming out
Posted: 03 June 2016 at 1:05am

Originally posted by pk pk wrote:

Update from http://www.azius.com:

Windows Internals, 7th edition

After the release of each new major version of Windows, I.T. professionals, developers of all stripes, and OEMs eagerly await the publication of the next edition of the book (or, more recently, set of books) that documents how it all works inside. 

Azius principals Brian Catlin and Jamie Hanrahan have signed with Microsoft Press to write Windows Internals, 7th Edition, Book 1: "User Mode." The 7th edition will cover Windows 8.1 and Server 2012 R2. To be released in Spring of 2014, Book 1 will primarily cover user mode aspects (the internals of application support) and system management mechanisms. New coverage for the 7th edition will include .NET, graphics and the desktop, Windows RT, Windows Store applictions, and server management features, as well as expanded coverage of networking. 

Books 2 and 3 are still in the planning stages, but our current plans are for Book 2 to cover kernel mode components and mechanisms, and Book 3, new for this edition, will describe the architecture and operation of the various Windows device driver models. 

Of course, Windows Internals, 6th Edition, by Mark Russinovich, David Solomon, and Alex Ionescu, will be the starting point for this work. (We contributed to the 6th edition and are credited as such in the introduction.)




Amazon is now advertising an updated 7th edition book cover with a new author, Pavel Yosifovich, and not Catlin or Hanrahan.  Yet the (stale?) www.azius.com homepage still shows the announcement above.

http://www.amazon.com/Windows-Internals-Part-architecture-management/dp/0735684189

BgInfo : Remove Back End NIC IP details from the BGinfo

June 2, 2016, 10:17 pm
$
0
0
Author: WindowsStar
Subject: Remove Back End NIC IP details from the BGinfo
Posted: 03 June 2016 at 5:17am

Ok now we are on the same page. I had never heard of "front end" and "back end" for computer NICs this term many be unique to your company. The simplest thing that comes to mind is to use a VBScript to find the name "Front End" or the Network of the systems IP address. This is assuming that you always name the NIC the same and/or you are always on the same network for the Front End NIC. Have the script enumerate all NICs and look for "Front End" once it finds it grab the IP address for that NIC stop the script and display the IP. Or you could enumerate all the NICs looking for the Network (assuming by your screenshot) 192.168.2 once you find that network on a NIC grab the IP address and display it. That should do it. -WS

BgInfo : BG Info - IP Address Script & Windows 10

June 2, 2016, 10:20 pm
$
0
0
Author: WindowsStar
Subject: BG Info - IP Address Script & Windows 10
Posted: 03 June 2016 at 5:20am

The above script works fine on my Windows 10 64bit systems. -WS

Edited by WindowsStar - 9 hours 1 minutes ago at 5:20am
Search

Troubleshooting : Sysmon v4 Not Logging Network Connections

June 3, 2016, 12:21 am
$
0
0
Author: voidNOP
Subject: Sysmon v4 Not Logging Network Connections
Posted: 03 June 2016 at 7:21am

Good Morning!

Same for me. Is there a copy of 3.2 available?

Greetings

void {NOP}

Malware : open mdb files

June 3, 2016, 1:05 am
$
0
0
Author: franks114
Subject: open mdb files
Posted: 03 June 2016 at 8:05am

If you are unable to open .mdbfile then you can apply the three most common methods to do so. These are thethree methods:

METHOD 1: MICROSOFT EXCEL

METHOD 2: MDB VIEWER PLUS

METHOD 3: NOTEPAD

Using these three methods, youwill be easily able to, open .mdb file or you can take third party tool help.Using MS Access Repair Tool would be the best option. This too will the issuethat has been generated in the file for which you are unable to open the fileand will then let you open the MDB file easily. Follow the link below to get the solution:

http://msaccess.filerepairtool.net/blog/open-mdb-file

Just try it once and you willfind that the solution is solved!!!

BgInfo : Remove Back End NIC IP details from the BGinfo

June 3, 2016, 1:53 am
$
0
0
Author: amanaguli
Subject: Remove Back End NIC IP details from the BGinfo
Posted: 03 June 2016 at 8:53am

There will be different naming convention for each NIC in all the server. It is very difficust to write VBscript to find the Front End NIC.

This has been resolved by using the WMI query. The below script will display the IP where in the NIC Adapter Index value is 10 (Index value will be vary from one server to another)
SELECT IPAddress FROMWin32_NetworkAdapterConfiguration WHERE Index=10 



Troubleshooting : Need help with Ntoskrnl thread causing high CPU

June 3, 2016, 9:24 am
$
0
0
Author: xtrm
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 03 June 2016 at 4:24pm

thanks will do. still monitoring though. it seems ok now after I disable idle tasks. will report back.

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

June 3, 2016, 11:57 pm
$
0
0
Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 04 June 2016 at 6:57am

if you capture a new trace use the Win8.1or Win10 SDK/WPT. it looks like you used the Win7/8 one, which doesn't work on 8.1

Troubleshooting : How to Remove Sysinternals Live?

June 4, 2016, 12:11 am
$
0
0
Author: mrm3601
Subject: How to Remove Sysinternals Live?
Posted: 04 June 2016 at 7:11am

Hello.

I am a neophyte when it comes to personal computers.  I mistakenly downloaded and installed Sysinternals Live instead of only Autoruns.

I've looked through my list of installed programs but I don't see SysInternals Live.

Can anyone suggest a method by which I can remove SystInternals Live from my PC?

Thank you.

Troubleshooting : How to Remove Sysinternals Live?

June 4, 2016, 8:46 am
$
0
0
Author: Dax1792
Subject: How to Remove Sysinternals Live?
Posted: 04 June 2016 at 3:46pm

Sysinternals Tools are never installed, so I'm unclear what you mean.
 
If you went to live.sysinternals.com, the files would be downloaded into temporary directories which can be cleared in the usual way with Disk Cleanup  or the delete temporary files command of the browser. 
Search

Miscellaneous Utilities : Diskview crash with large volumes

June 4, 2016, 11:31 am
$
0
0
Author: Soul--Reaver
Subject: Diskview crash with large volumes
Posted: 04 June 2016 at 6:31pm

Diskview is a useful tool but it cannot handle terabyte volumes properly

Refreshing a 5.6 TB partition consumes more then 16 GB of memory and crashes the program

Would it be possible that this tool gets updated to support large volumes properly?

Autoruns : Autoruns and WinPE

June 4, 2016, 8:45 pm
$
0
0
Author: spleenharvester
Subject: Autoruns and WinPE
Posted: 05 June 2016 at 3:45am

Bump, anyone? Seems noone else has this problem at all. This happens on every version of WinPE I can get my hands on with every variant of target installation on any computer I've used, so I'm surprised.

Process Explorer : open handle -- usb drive does not eject

June 5, 2016, 11:02 am
$
0
0
Author: fpefpe
Subject: open handle -- usb drive does not eject
Posted: 05 June 2016 at 6:02pm

Hello -- I can't get a straight answer on this --  I try to eject
a usb drive, but the os say its in use

so, I look for the open handles on the drive and process explorer reports
NONE -- how is this possible?

does does the eject process think is open? 

BgInfo : Network Drives

June 5, 2016, 1:03 pm
$
0
0
Author: MrMeanor
Subject: Network Drives
Posted: 05 June 2016 at 8:03pm

This is a bginfo VBS. it hasn't been tested outside of bginfo. Add it as a custom field VB Script file. It is designed to emulate the default drives format from "Free Space". I don't know if it needs admin or not. I run as admin.

strComputer = "."
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colDisks = objWMIService. ExecQuery("Select * from Win32_MappedLogicalDisk")
For Each objDisk in colDisks
    Echo objDisk.DeviceID & "\ " & Round ( ( objDisk.FreeSpace / 1024 / 1024 / 1024 ) ,2 ) & " GB NTFS"
Next

Good Luck!!!

Process Explorer : open handle -- usb drive does not eject

June 5, 2016, 4:46 pm
$
0
0
Author: pinscomputer
Subject: open handle -- usb drive does not eject
Posted: 05 June 2016 at 11:46pm

when you look for handles just use the drive letter followed by a colon... for example   E:
 
 
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>