Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Miscellaneous Utilities : ListDLLs

December 11, 2016, 9:48 am
$
0
0
Author: ugly
Subject: ListDLLs
Posted: 11 December 2016 at 5:48pm

I am a fairly new user of Sysinternals - except for Process Explorer.  My question is about ListDLLs. When I run it, I am given a quick listing, but what I am trying to do (I'm sure the answer is simple, I just keep missing it) is to dump the list to an output file.  How do I manage this?

Search

Autoruns : Autoruns source code?

December 11, 2016, 12:07 pm
$
0
0
Author: sredna
Subject: Autoruns source code?
Posted: 11 December 2016 at 8:07pm

All source code was removed when MS took over but some of it can still be found on the old site with archive.org but IIRC the source code for Autoruns was never released, just TcpView, RegMon, FileMon and some of the command-line tools.

Process Monitor : Running process monitor in safe mode

December 11, 2016, 12:26 pm
$
0
0
Author: sredna
Subject: Running process monitor in safe mode
Posted: 11 December 2016 at 8:26pm

If you export some keys from Regedit you can inspect the .reg files to try to figure out the format. It is partially documented @ https://support.microsoft.com/en-us/kb/310516 (and "Windows Registry File Format (ASCII .REG format) [Jeroen Mostert]" if wotsit.org ever comes back online) but yes, @ is the default value and the quotes are not part of the data. You could figure out this yourself just by looking at the existing entries in \SYSTEM\CurrentControlSet\Control\SafeBoot\Network!
 
Safe mode will only load the drivers listed under \SafeBoot\Minimal or \SafeBoot\Network depending on which safe mode you choose to boot.


Edited by sredna - 18 hours 3 minutes ago at 8:26pm

Process Monitor : Running process monitor in safe mode

December 11, 2016, 1:04 pm
$
0
0
Author: tjsepka
Subject: Running process monitor in safe mode
Posted: 11 December 2016 at 9:04pm

Thank you for your help.  Surprisingly enough, a Bing search for "registry @=" didn't return anything useful, which is why I posted here.  I just wanted to be sure my interpretation was correct, and hopefully search engines might pick up on on it in this topic for others' future reference!

Any idea what what is meant by "This will white list the driver in safe mode with networking.?"  Is white listing a standard term when referring to registry entries?  I've not run into it before and again, a Bing search wasn't helpful on it, either.

Process Explorer : ** Feature Requests **

December 11, 2016, 7:20 pm
$
0
0
Author: meanhacker
Subject: ** Feature Requests **
Posted: 12 December 2016 at 3:20am

Hi, process explorer is an amazing tool that comes to the rescue whenever it's needed. Sometimes, a window will hide off screen and I cannot move it because I can't drag its title bar. This happens sometimes when using an external monitor with my Surface Pro 3; sometimes a window will be "stuck" outside the visible desktop area. What would be nice is if Process Explorer had a feature to give the user the ability to change a window's coordinates or simply have an action button to move it to 0,0 or someplace in the visible area ("visible" probably determined by the user). This could be implemented into the already available "Bring to front" feature by adding the window position reset function into the "Bring to front" routine. If Mark thinks this is a bad idea, a separate control could be created instead. I think this would be a beneficial feature for people needing manual control of window positions or undraggable windows since there is still room for a button in the Process Explorer UI under those three buttons. Let me know if this is something you will consider and thank you for reading!

Miscellaneous Utilities : ListDLLs

December 12, 2016, 8:11 am
$
0
0
Author: Dax1792
Subject: ListDLLs
Posted: 12 December 2016 at 4:11pm

ListDLLs is meant to be run in the command prompt, so you use the > operation the redirect the output.
For example
 
C:\Users\Name>listdlls notepad > .\Documents\test.txt

PsTools : PSExec returns error code -1073741502

December 12, 2016, 10:54 am
$
0
0
Author: JamesNorman
Subject: PSExec returns error code -1073741502
Posted: 12 December 2016 at 6:54pm

Hi there, I'm creating a machine that is supposed to duplicate the build functionality of another machine where they successfully used psexec to run certain commands, however I am running into an issue.

I have been both through the FAQ and then "Please READ..." threads and have executed the steps requested in the "Please READ..." thread without  issue.

  • Exact windows version of the local machine "Windows 7 Enterprise, Service Pack 1"
  • Exact Windows version of the target machine, "Windows 7 Enterprise, Service Pack 1"
  • The exact version of the PSTools command you use. Version 2.11.
  • The exact command line as you typed it.   I swapped out our build tool specific command line for this one as they both have the same error.  Obviously some things below are replaced for security...
  • C:\mydir >pstools\PsExec.exe \\OURDESKTOP -accepteula -i -u domain\user -p password -w C:\Everyone cmd /c echo Hi > "hi.txt"
  • In the above scenario the domain\user is an administrator on the box
  • Powershell has also been set to Set-ExecutionPolicy Unrestricted as an experiment which did not help with the erorr message below
  • Everyone has full control of C:\Everyone
  • The exact error message which you received on the local machine. 
PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

Starting cmd on OURDESKTOP...OURDESKTOP...
cmd exited on OURDESKTOP with error code -1073741502.

PsTools : PSExec returns error code -1073741502

December 12, 2016, 11:01 am
$
0
0
Author: JamesNorman
Subject: PSExec returns error code -1073741502
Posted: 12 December 2016 at 7:01pm

A new piece of information I discovered... If I omit -i my substitute command returns an exit code of 0.   Same with my original command.

However, it is a GUI that needs to run interactively and it needs that -i switch.

Search

Process Monitor : ** Feature request list **

December 12, 2016, 12:27 pm
$
0
0
Author: aaron.miller11
Subject: ** Feature request list **
Posted: 12 December 2016 at 8:27pm

Requesting Circular log files

In troubleshooting, not everything is 100% reproducible all the time. Sometimes, issues just occur with no explanation or timeline. That is why it is so handy to have tools like perfmon built natively into Windows - you can set a file to grow to up to 1 GB for example, have it overwrite the oldest data, and just let it run indefinitely

It would be superbly beneficial to be able to do this with process monitor.

It seems like this could potentially be a difficult overhaul, but please know that you would be helping out multitudes of troubleshooters tremendously. Right now, there are 3 randomly-occurring issues pending my action for which I could likely easily solve if I could view the process monitor data from the failure time.

Thanks,

- Aaron

Autoruns : Autoruns source code?

December 12, 2016, 5:57 pm

Autoruns : [BUG REPORT] Autoruns can't see HKCU\...\Run entry

December 12, 2016, 6:01 pm
$
0
0
Author: Marqo09
Subject: [BUG REPORT] Autoruns can't see HKCU\...\Run entry
Posted: 13 December 2016 at 2:01am

Under the Options menu, unselect Hide Microsoft Entries and Hide Windows Entries. Voila!

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

December 13, 2016, 2:16 am

Troubleshooting : pst files outlook

December 13, 2016, 3:57 am
$
0
0
Author: patroo
Subject: pst files outlook
Posted: 13 December 2016 at 11:57am

If you're looking for free solution, the Inbox Repair tool aka scanpst.exe is the best option for you. It comes as a built-in tool with MS Outlook client. It can scan corrupt PST files for errors and repair them. You can read these articles to know more about scanpst.exe and how to use it: 


If scanpst.exe fails or doesn't work due to severe corruption, you can try professional recovery solutions provided by different software vendors in the market. But before you can purchase any paid software, you must download free demo version first. You can read this blog post to compare top 5 PST repair tools http://wordpress.semnaitik.com/2016/01/15/best-pst-repair-tools/

Thanks.


Edited by patroo - 2 hours 51 minutes ago at 11:58am

Autoruns : [SOLVED] Autoruns can't see HKCU\...\Run entry

December 13, 2016, 10:41 am
$
0
0
Author: pol
Subject: [SOLVED] Autoruns can't see HKCU\...\Run entry
Posted: 13 December 2016 at 6:41pm

True. Now I can see. So:
It's not a bug. It's a feature :)

Process Monitor : Running process monitor in safe mode

December 13, 2016, 12:22 pm
$
0
0
Author: sredna
Subject: Running process monitor in safe mode
Posted: 13 December 2016 at 8:22pm

The whitelisting is not a registry thing, the list is just stored in the registry. The list is used by Windows when it boots into safe mode.
 
In general terms, whitelisting; only accept things that are on the list. Blacklisting; accept anything that is not on the list.
 
The whole point of Windows safe mode is to be able to boot a system that is broken in some way. This means you want to load as few drivers as possible because the problem that stops Windows from booting normally might be in a driver.
 
When Windows boots in safe mode it will only allow drivers listed under \SafeBoot\ to load.
 
Search

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

December 13, 2016, 1:41 pm
$
0
0
Author: sakis_the_fraud
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 13 December 2016 at 9:41pm

Hello MagicAndre1981 !!!

I have a similar problem with DPC latency these days on my PC.

Here is the etl file compressed.

https://www.sendspace.com/file/kl2upm

please have a look and tell me what to do.

I would also like you to post some links for educational purposes about the process that you follow. ;)

Thanks in advance for your help! :D

Process Monitor : Running process monitor in safe mode

December 13, 2016, 2:04 pm
$
0
0
Author: tjsepka
Subject: Running process monitor in safe mode
Posted: 13 December 2016 at 10:04pm

Thanks for the clarification.  I'm familiar with the terms whitelist and blacklist, but hadn't run into them applied to the registry before, and an internet search didn't find anything relevant to applying them to the registry.  Unfortunately, but understandably, I believe that third party anti-virus (AV) software (among plent of others) might add drivers to safe mode boot.  I would hesitate to consider them whitelisted because of their invasiveness and have been known to cause their own set of problems!  Accordingly, it would be nice to have a documented safe mode blacklist for any driver that has proven to interfere with the intended functionality of safe boot.

As an aside, I'm not sure if any third party software is prohibited from affecting the minimal safe boot mode.  I haven't specifically looked into the minimal safeboot portion of the registry.  If you know whether or not the minimal safeboot registry can be modified by third party software, this might be a good place to document it so that search engines can pick it up from this site.  I think that this site is probably more reputable, with users who are more knowledgeable about the inner working of Windows and should be directed here.

Thanks again for your help.

Process Monitor : Task Manager association not removable

December 13, 2016, 3:54 pm
$
0
0
Author: jaypizzle
Subject: Task Manager association not removable
Posted: 13 December 2016 at 11:54pm

From the Help menu:

Replace Task Manager: Select the Replace Task Manager entry under the Options menu to have Process Explorer execute instead of Task Manager when you launch Task Manager. Note that this is a global setting that affects all users regardless of how they start Task Manager. After replacing Task Manager the menu item renames to Restore Task Manager and selecting it removes Process Explorer's association.  


''After replacing Task Manager the menu item renames to Restore Task Manager and selecting it removes Process Explorer's association.''

That part didnt work for me. Tried restarting process explorer, the option stays at ''replace task manager''.

Halp :)

Internals : Free Data Recovery of Outlook OST File Emails

December 13, 2016, 11:13 pm
$
0
0
Author: greachsmith
Subject: Free Data Recovery of Outlook OST File Emails
Posted: 14 December 2016 at 7:13am

MaxiaSoft OST Recovery Software is best solution to repairand recover damaged OST file and Conversion Outlook OST file to PST file, EML,MSG. and HTML formats and along with attachments, embedded images, all emailproperties (To, Cc, Bcc, Subject, Date & Time etc.), Contacts, Calendaritems, Notes, Scheduled tasks, appointments, journals, drafts etc. OST Converter software gives you free facility split large PST file into small PST file (1GBinto 5GB).



Process Monitor : Procmon64 crashes on Exchange 2010

December 13, 2016, 11:24 pm
$
0
0
Author: FrankG
Subject: Procmon64 crashes on Exchange 2010
Posted: 14 December 2016 at 7:24am

Hai there,

i'm totaly new in this business and need a helping hand on this bug.

I have to monitor my Exchange 2010 server running on Windows Server 2008 R2 Standard in VMware ESXi 6.0.
The Acronis Advanced Backup for VMware 11.7 does not working 100% and so i have to monitor the Exchange.

But i got permanent crashesover night when the backup is running:





Any help appreciated.
I need this before i leave for holiday on Friday.

Thanks in advance
Frank



Viewing all 10386 articles
Browse latest View live
Search