Process Explorer : Bug in dll's info?

July 18, 2016, 9:33 am

≫ Next: Process Explorer : Bug in dll's info?

≪ Previous: PsTools : PsExec on Windows 10 localhost

Author: awelito
Subject: Bug in dll's info?
Posted: 18 July 2016 at 4:33pm

Thank you for your replay, pinscomputer.

I executed both listdll tool and powershell console with administrative rights but none of them returns the dll :(

I also performed an analysis of the RAM memory with ramcapture and volatility tools to check the dll's that are loaded into memory and there is no reference to the apisetschema.dll dll.

Thanks!!

↧

Process Explorer : Bug in dll's info?

July 18, 2016, 10:16 am

≫ Next: Process Monitor : Why does procmon require Workstation service?

≪ Previous: Process Explorer : Bug in dll's info?

Author: LMiller7
Subject: Bug in dll's info?
Posted: 18 July 2016 at 5:16pm

I have seen this kind of thing before. I believe the issue is related to the method used to enumerate process modules. listdll and Powershell are probably using the official documented methods which can miss certain DLLs and other modules. I don't know why. Process Explorer is likely using more advanced methods involving reading process memory space which will detect them. The details of how these enumeration methods work is largely undocumented.

↧

Process Monitor : Why does procmon require Workstation service?

July 18, 2016, 10:45 am

≫ Next: Troubleshooting : App hangs PC

≪ Previous: Process Explorer : Bug in dll's info?

Author: LMiller7
Subject: Why does procmon require Workstation service?
Posted: 18 July 2016 at 5:45pm

As mentioned before, the Workstation service runs as part of default system configuration. Reliance on these services is rarely documented. When a program fails it typically does not attempt to determine if this is due to a service that is not running, particularly when that service runs by default. Procmon is by no means alone in this. This behavior is unlikely to change.

When you disable services that run by default you must accept that some things will not work. You cannot expect and typically will not get a meaningful error message when this happens. For good or bad, that is reality.

↧

Troubleshooting : App hangs PC

July 18, 2016, 1:40 pm

≫ Next: Process Explorer : Process Explorer - find bad password

≪ Previous: Process Monitor : Why does procmon require Workstation service?

Author: EvilCooper
Subject: App hangs PC
Posted: 18 July 2016 at 8:40pm

Hello.

I Have Ubisoft app Uplay. And after launching one - get total freeze. I have no logs and crash dumps. I swear!

Problem is repeatable. In safe mode too. 100%.
Operating System have all critical patches. I'm sure 99%.
Chipset/MB and Video adapter have latest drivers update. 100%.

Conf:
Windows 7 x64 SP1
CPU Core i5 4670 3.4Ghz
RAM 8 GB PC3 10700
MB: MSI MS-7918 (z97)
Video MSI GTX 970
HDD Hitachi 3TB 7200rpm

AIDA stress test: passed
RAM regular test (OS): passed
Furmark stress test: passed

Uplay version 20.1.0.4844. (latest version)

;=====Using Process Explorer to help: failed. Cause PE was hanged.
;=====Event logs: failed. Because ia have no logs.
;=====Process Monitor: failed. Cause PM was hanged.

↧

Process Explorer : Process Explorer - find bad password

July 18, 2016, 3:27 pm

≫ Next: Troubleshooting : Auditing Files

≪ Previous: Troubleshooting : App hangs PC

Author: th3messenger
Subject: Process Explorer - find bad password
Posted: 18 July 2016 at 10:27pm

I've seen several references to using Process Explorer to find the culprit of a bad password but I've not seen any specific info on how to use the tool for this.

How would you use process explorer to find bad password attempts?

↧

Troubleshooting : Auditing Files

July 19, 2016, 12:57 am

≫ Next: Troubleshooting : Auditing Files

≪ Previous: Process Explorer : Process Explorer - find bad password

Author: SODIron
Subject: Auditing Files
Posted: 19 July 2016 at 7:57am

The load is on the device you run it on. I'm mapping drives from my support server to remote file servers to ensure there is no noticeable load on the file servers.

Stats on server where I am running it:

CPU (av): 15%

Memory: 53,312K

↧

Troubleshooting : Auditing Files

July 19, 2016, 1:04 am

≫ Next: Process Explorer : Bug in dll's info?

≪ Previous: Troubleshooting : Auditing Files

Author: SODIron
Subject: Auditing Files
Posted: 19 July 2016 at 8:04am

Output file looks like the following:

Pattern, Filename, Path

SVC_, ServiceAccounts.XLS, \\FS1\C$\Support\Info\ServiceAccounts.XLS

ADMIN_,Notes.txt, \\FS1\C$\Support\Info\Notes.txt

ADMIN_,Install.rtf, \\FS1\C$\Support\General\InstallNotes\Install.rtf

It's not intelligent enough to rule out false positives however, the information from the three fields captured should enable me to rule out around 90% of the false positives as I can cross reference the pattern with the filename to rule out the obvious ones.

↧

Process Explorer : Bug in dll's info?

July 19, 2016, 1:13 am

≫ Next: Disk2vhd : Vhd2disk

≪ Previous: Troubleshooting : Auditing Files

Author: awelito
Subject: Bug in dll's info?
Posted: 19 July 2016 at 8:13am

Hi!

From my opinion I think that the apisetschema.dll is in fact a driver. Further research done with the driverview tool of nirsoft showed up that the mentioned dll is related to a driver rather than to a dll of a process.

There are two options in ProcessExplorer "View -> Lower Pane View" that provides the possibility to select whether to show the DLLs or the handles of the process. If I select the "DLLs" option, entries like databases (*.db) or data files (*.dat) are listed, so I think that more data than dll's is listed so it would not be a good idea to consider *.dll entries as dll's linked to the process.

Regarding the way to obtain the dll's of the processes I also develop a custom program to get the modules (dll's) of a process given a process name using the kernel32.dll and it does not recognized the apisetschema.dll dll.

Thanks!!

↧

Disk2vhd : Vhd2disk

July 19, 2016, 11:54 am

≫ Next: Troubleshooting : Open .dbx files after reformatted computer

≪ Previous: Process Explorer : Bug in dll's info?

Author: GertFrobe
Subject: Vhd2disk
Posted: 19 July 2016 at 6:54pm

Bump.

Anything for converting vhdx to physical disks yet?

I have a number of vhdx images and it's impractical to convert them to vhd. Being able to go straight from vhdx to physical disk would be a huge time saver, something my company might even be interested in buying from a reliable programmer.

↧

Troubleshooting : Open .dbx files after reformatted computer

July 19, 2016, 12:20 pm

≫ Next: Troubleshooting : Open .dbx files after reformatted computer

≪ Previous: Disk2vhd : Vhd2disk

Author: Dominik
Subject: Open .dbx files after reformatted computer
Posted: 19 July 2016 at 7:20pm

Do you haveaccess to the old data in hard drive? Ifnot, then what you have saved, DBX files, are what is available. In this case, you need to OE-Mail Recoveryutility on each DBXfile. Each program will allow you toextract the emails from DBX file into individual files with .emlextension. Drag these eml files into theOE preview pane, you and you will access to the emails again. Stored them into the folder you want. http://www.oemailrecovery.com/outlook-express-recovery.html

↧

Troubleshooting : Open .dbx files after reformatted computer

July 19, 2016, 12:23 pm

≫ Next: Autoruns : autoruns file-not-found entries

≪ Previous: Troubleshooting : Open .dbx files after reformatted computer

Author: Dominik
Subject: Open .dbx files after reformatted computer
Posted: 19 July 2016 at 7:23pm

Also, I think that this information will be useful to you.

https://social.technet.microsoft.com/Forums/en-US/432cc822-fffd-410a-932c-aabc3c3ceaac/outlook-express-repair?forum=itproxpsp

↧

Autoruns : autoruns file-not-found entries

July 19, 2016, 7:07 pm

≫ Next: Process Explorer : ** Feature Requests **

≪ Previous: Troubleshooting : Open .dbx files after reformatted computer

Author: Treeant34
Subject: autoruns file-not-found entries
Posted: 20 July 2016 at 2:07am

I too am showing a pile of missing files under HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

I've never seen this before; however, all of my Windows 10 installations are showing these missing files.

One of the previous explanations indicates there should be 64 bit dlls in System32 and 32 bit dlls in SysWOW 64.

Following that logic, shouldn't I see Wow32cpu.dll in SysWOW64 for example (because I do not)?

Or am I not seeing Wow32cpu.dll because it's 64bit Win 10 Pro?

Anyways, is this a system variable or a user variable you are proposing as a fix here?

I'm guessing it's a system variable, just wanted clarification.

Has the AutoRuns code been abandoned by Microsoft and there is no fix forthcoming?

Thanks for your help all, very disturbing seeing all this yellow highlighting.

↧

Process Explorer : Feature Requests

July 20, 2016, 1:10 am

≫ Next: Autoruns : autoruns file-not-found entries

≪ Previous: Autoruns : autoruns file-not-found entries

Author: docmarkus
Subject: ** Feature Requests **
Posted: 20 July 2016 at 8:10am

Hello!
Not sure wether this feature is already there - if so, please excuse me and point out how to enable ...

I would suggest to have the possibility to have a PE window begin with a cosen PID as parent instead of the current system processes and explorer

WHY?
I do programming where "my" processes will be created as children of a service so it would be extremely convenient to be able to focus on that service's process and sub processes

Thank you and best regards, Markus

↧

Autoruns : autoruns file-not-found entries

July 20, 2016, 6:24 am

≫ Next: Process Monitor : Issue with Bitlocker encrypted volumes?

≪ Previous: Process Explorer : ** Feature Requests **

Author: Dax1792
Subject: autoruns file-not-found entries
Posted: 20 July 2016 at 1:24pm

I don't know what you mean by a pile. There are three dlls which do not have 32bit versions Wow64, Wow64cpu and Wow64win. I don't see anything else highlighted.

Here's a description of the WoW dlls.

https://msdn.microsoft.com/en-us/library/aa384274(v=vs.85).aspx

↧

Process Monitor : Issue with Bitlocker encrypted volumes?

July 20, 2016, 7:00 am

≫ Next: Development : MS Project 2010 and 2007

≪ Previous: Autoruns : autoruns file-not-found entries

Author: alexfreu
Subject: Issue with Bitlocker encrypted volumes?
Posted: 20 July 2016 at 2:00pm

Is there a known issue with Process Monitor Boot Logging on a Bitlocker encrypted drive? We keep getting broken PML files that cannot be opened later on any system:

---------------------------
Process Monitor
---------------------------
The file 'C:\....\Bootlog.PML' was not closed cleanly during capture and is corrupt.
---------------------------
OK
---------------------------

We suspected the virus scanner first, but even when we uninstalled it, the created PML files were not readable.

↧

Development : MS Project 2010 and 2007

July 20, 2016, 9:48 am

≫ Next: Development : MS Project 2010 and 2007

≪ Previous: Process Monitor : Issue with Bitlocker encrypted volumes?

Author: MartinRamsey
Subject: MS Project 2010 and 2007
Posted: 20 July 2016 at 4:48pm

You willneed to follow these steps exactly to make the 2010 version default.

Right-clickon your .mpp file and select Open With.

Then select "Choose default program"

Then select2010 version from list, if it's not there use Browse button to point to 2010version

then placea chekmark on "Always use this program to open this kind of file"

then clickOK.

In case ifthe file is corrupted then it is possible to try to recover with ProjectRecovery Toolbox http://www.oemailrecovery.com/project_recovery.html

↧

Development : MS Project 2010 and 2007

July 20, 2016, 9:50 am

≫ Next: Troubleshooting : SQL database in status SUSPECT

≪ Previous: Development : MS Project 2010 and 2007

Author: MartinRamsey
Subject: MS Project 2010 and 2007
Posted: 20 July 2016 at 4:50pm

Look also thishelp
https://social.technet.microsoft.com/Forums/exchange/en-US/d267af68-d06a-4700-bc1e-63fd30b41758/are-there-any-tools-to-recover-a-corrupted-project-file?forum=projectserver2010general

↧

Troubleshooting : SQL database in status SUSPECT

July 20, 2016, 10:12 am

≫ Next: Troubleshooting : SQL database in status SUSPECT

≪ Previous: Development : MS Project 2010 and 2007

Author: Porkelsson
Subject: SQL database in status SUSPECT
Posted: 20 July 2016 at 5:12pm

If yourdatabase is marked suspect and you are desperate, then I'll advice you to setthe status to that database, like:

update master.dbo.sysdatabases
set status = 20
where name = 'YourDatabaseName'

Very sorrythat you have no backup. So if that doesn't help, then the only thing I canadvise is to try to restore database using SQL Server Recovery Toolbox. http://www.oemailrecovery.com/sql_recovery.html

↧

Troubleshooting : SQL database in status SUSPECT

July 20, 2016, 10:23 am

≫ Next: Process Explorer : How do I see my Task Manager again???

≪ Previous: Troubleshooting : SQL database in status SUSPECT

Author: Porkelsson
Subject: SQL database in status SUSPECT
Posted: 20 July 2016 at 5:23pm

Also have a look this Recommended actions

http://www.techrepublic.com/forums/discussions/it-seems-our-sql-database-is-corrupted/

↧

Process Explorer : How do I see my Task Manager again???

July 21, 2016, 3:02 am

≫ Next: Troubleshooting : Open .dbx files after reformatted computer

≪ Previous: Troubleshooting : SQL database in status SUSPECT

Author: TheCanuck
Subject: How do I see my Task Manager again???
Posted: 21 July 2016 at 10:02am

I know this is an old thread, but I have a solution:

Click the start button and type cmd. Wait for the cmd option to pop-up, and right-click opting to run as administrator. Then type TASKMGR, go to options and unselect replace task manager. As a normal user TASKMGR will not allow you to undo that option.

↧