Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Autoruns : Which Background Processes Can Be Disabled Safely?

January 24, 2017, 11:08 pm
$
0
0
Author: KungFu
Subject: Which Background Processes Can Be Disabled Safely?
Posted: 25 January 2017 at 7:08am

Hello Koolx,

This is a forum in which members try to help each other. If the answer is not what you want or expect or if you don't read the answers well than it's not very nice to react like this.

More I will not say about this.

Kind regards,
Denis
Search

Miscellaneous Utilities : VMMap: Need Call Stack export

January 25, 2017, 12:55 am
$
0
0
Author: about
Subject: VMMap: Need Call Stack export
Posted: 25 January 2017 at 8:55am

For analytical purposes we need to export all Call Stack infos from each entry in Heap Allocations list including resolved DLL file names linked to its heap allocation size. In best way all at once with a single button click.

Alternatively, a diagram of which DLL is responsible for what heap size left (memory leak) would be fine. You should be able to select DLLs, so you can define the weighting of your involved application or DLL. You should be able to group DLLs, for they may appear in a single call stack.

We are dealing with a memory leak with tons of information: We saved a timeline with two snapshots into a MMP file which has got 99 MB of size... Since our application is using our DLLs as well as different ones, we need to be able to point out at which percentage our DLLs are involved in the leaks found with VMMap. For now, it is not managable to do this via GUI nor via MMP file with such enourmous amount of data.

Thanks

PsTools : Delay in PsExec

January 25, 2017, 3:48 am
$
0
0
Author: eunjoochung
Subject: Delay in PsExec
Posted: 25 January 2017 at 11:48am

Hi,

I am using PsExec to control several PCs which are all connected with LAN cables and Switch.

The main (control) PC takes long time to connect to other slave PCs using PsExec.
And, if I try it again immediately (like in 20 seconds), it works faster than first try.
However, if I try PsExec on one of the slave PCs, it works very fast everytime.
Also, only the control PC is connected with several networks. ( so ipconfig shows multiple ip addresses )
And only the control PC has different Username & password.

Can it be because of the other networks?
I am guessing it in this way..
  -> try to find destination using IP Address -> but it reaches to some kind of Router (becuz of the other networks) 
  -> could not find the destination on that networks (takes long time here...) -> Finally find the Hub or Switch which the destination PC is connected. 
Then, what should I do?

Or do you have any other idea about the reason and solution?

Thanks!  Smile

BgInfo : Database can only add not update

January 25, 2017, 8:54 am
$
0
0
Author: CMTR
Subject: Database can only add not update
Posted: 25 January 2017 at 4:54pm

Hi,

I'm having trouble with the Database mechanism. I'm using MariaDB with MySQL ODBC Driver version 3.51 (x86).

If I select "Create a new database record for every run.", it works fine.
But if I select "Record only the most recent run for each computer.", it fails, with this message:
Database add record [update]:
Code = 800a0bb9
Code meaning = Unknown error 0x800A0BB9
Source = ADODB.Recordset
Description = Arguments are of the wrong type, are out of acceptable range, or are in conflict with one another.

I've also tried it with Microsoft SQL Server 2014 - and I get exactly the same result.

It works OK with BGInfo version 4.16, but in version 4.21 it fails.

Oh, it might be worth mentioning - exactly the same error occurs in the same situation when trying to record to a XSL file!

Cheers,
Clive

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

January 25, 2017, 3:02 pm
$
0
0
Author: buenchaval
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 25 January 2017 at 11:02pm

Hello,

I'm also having a 100% CPU issue under Windows 7 x64, and I think it is related to ntoskrnl too.

After every reboot, sooner or later (sometimes it takes a few minutes, sometimes one hour or more) the system becomes completely irresponsive. The task manager shows 100% CPU for the process System. Process Explorer shows 100% CPU usage for ntoskrnl.KeGetCurrentProcessorNumberEx (5 different instances taking 19-20% CPU each).

Googling about the issue led me to this post here and I see people are getting useful help. I've managed to setup the WPR and WPA, and once the issue starts, I've managed to record the performance with the WPR GUI (default settings). Saving the etl file took about 2 hours (due to the constant system irresponsiveness).

I can't make any sense of the data in the etl file. The processes/threads where the CPU usage explodes belong to System but are marked as "Unknown" (after loading symbols in WPA).

My etl file:

https://yadi.sk/d/0YVmvEgw3Av9p4

Any hint to troubleshoot this issue would be greatly appeciated.

The only recent change I can recall is installing the last Microsoft Convenience Rollup Update for Windows 7 SP1 through Windows Update. It certainly has started after this update. Since having the issue, I've updated the network card and NVIDIA drivers, and also a mysterious "INTEL - System - 10.1.1.38" update recommended by the Windows Update control panel, but none of those has helped. According to Windows Update and the Intel(R) Driver Update Utility 2.6 my system is completely up to date, and I have the latest BIOS.

Thanks in advance and best regards,

Vicente

Miscellaneous Utilities : accesschk help

January 25, 2017, 4:43 pm
$
0
0
Author: desmando
Subject: accesschk help
Posted: 26 January 2017 at 12:43am

I'm trying to look for files and folders and I don't have access to. To test, I created a folder on my desktop and removed all rights to it. I then ran the following command:

accesschk64.exe -nsd "domain\username" c:\Users\username\Desktop\

It came back saying "No matching objects found."

Is this not the right tool? Am I not using it right?

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

January 25, 2017, 7:30 pm
$
0
0
Author: mastabog
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 26 January 2017 at 3:30am

I'm having a slightly different problem to those who posted so far. After about 3 minutes of idle time, the ntoskrnl.exe!KeIsAttachedProcess goes to 100% usage on a single core, but as soon as move my mouse or press a key, it goes back to 0% ... this makes it difficult to capture.

Any ideas on how to capture this into an etl file?

EDIT: I'm trying to use a similar xperf command as in the 2nd post of this thread, but with "timeout 300" instead of "timeout -1" so that I don't have to press a key, but so far the problem doesn't occur while xperf is hooked ... I'll keep trying.


Edited by mastabog - 52 minutes ago at 3:45am

Autoruns : Autoruns and Windows 10 KnownDLLs

January 25, 2017, 8:33 pm
$
0
0
Author: kyamauchi
Subject: Autoruns and Windows 10 KnownDLLs
Posted: 26 January 2017 at 4:33am

If I run autoruns v13.62 on Windows 10 1607(x86 and x64 both) with/without admin rights, autoruns's KnownDLLs tab show empty.
But I could see many entries in HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls by using regedit.exe.
 
I want to know why autoruns report empty.
Search

BgInfo : BGInfo + Wallpaper + Diferent size screen

January 24, 2017, 12:23 pm
$
0
0
Author: KungFu
Subject: BGInfo + Wallpaper + Diferent size screen
Posted: 24 January 2017 at 8:23pm

Could you share the script?

Miscellaneous Utilities : SYSMON Uninstall Issue

January 25, 2017, 11:48 pm
$
0
0
Author: MSFT_markc
Subject: SYSMON Uninstall Issue
Posted: 26 January 2017 at 7:48am

Hello

If you want to remove it manually you could do the following:
 
1.  Run regedit.exe and delete the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sysmondrv registry key to prevent the driver reloading
 
2. Delete the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sysmon registry key to prevent the service from restarting
 
3.  Restart the machine then delete the c:\windows\sysmondrv.sys and c:\windows\sysmon.exe files.
 
Please email sysmonsupport@microsoft.com if you experience any further difficulties

Miscellaneous Utilities : Sysmon5 + Win7 + KES = BSOD

January 25, 2017, 11:52 pm
$
0
0
Author: MSFT_markc
Subject: Sysmon5 + Win7 + KES = BSOD
Posted: 26 January 2017 at 7:52am

Apologies for the delay in responding. I don't suppose you still have the dump file for this issue do you ? If so would you be able to share it with us?

Miscellaneous Utilities : Sysmon5 + Win7 + KES = BSOD

January 26, 2017, 2:13 am
$
0
0
Author: sasha237
Subject: Sysmon5 + Win7 + KES = BSOD
Posted: 26 January 2017 at 10:13am

Hello.

Information is sent via PM.

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

January 26, 2017, 8:12 am
$
0
0
Author: mastabog
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 26 January 2017 at 4:12pm

I captured it in the end. It's caused by the Automatic Maintenance of WIndows 8.1 (no driver was misbehaving). It keeps one core of my CPU at 100% while it's running and this time it took 6 minutes.

I was not able to identify any actual subprocess in the WPT Analyzer. Just a thread of "System" that stays at 100%, with a prior trigger by "taskhost.exe".

Can anyone explain if there is a way using WPT Analyzer to identify which actual component is misbehaving? I have WPT 6.3.6900.16384 installed. I'd prefer a pointer rather than uploading my .etl file (which is also huge).

Thanks in advance

Miscellaneous Utilities : Need to monitor overall disk activity

January 26, 2017, 12:16 pm

Process Explorer : Proccess Explorer Help Needed!

January 26, 2017, 12:18 pm
Search

Process Explorer : PE dead?

January 26, 2017, 12:23 pm
$
0
0
Author: MagicAndre1981
Subject: PE dead?
Posted: 26 January 2017 at 8:23pm

try processhacker instead:

http://processhacker.sourceforge.net/

Can you start it?

Also try to to trace the start via Process Monitor:

https://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor
https://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-4-Process-Monitor

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

January 26, 2017, 12:24 pm
$
0
0
Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 26 January 2017 at 8:24pm

Originally posted by Martinw30 Martinw30 wrote:

Thanks, I was searching thru HPs support driver site which did not has the latest one. If I deactivate wifi driver it works fine too, I have for the most my laptop in Ethernet Cable.


nice to hear that it fixes it.

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

January 26, 2017, 12:27 pm
$
0
0
Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 26 January 2017 at 8:27pm

Originally posted by buenchaval buenchaval wrote:

Hello,

I'm also having a 100% CPU issue under Windows 7 x64, and I think it is related to ntoskrnl too.

After every reboot, sooner or later (sometimes it takes a few minutes, sometimes one hour or more) the system becomes completely irresponsive. The task manager shows 100% CPU for the process System. Process Explorer shows 100% CPU usage for ntoskrnl.KeGetCurrentProcessorNumberEx (5 different instances taking 19-20% CPU each).


in your case ntoskrnl.exe!MmGetPageFileInformation causes the CPU usage. like this user:

https://forum.sysinternals.com/hich-cpu-usage-by-system-process_topic27628_post133912.html#133912

also check your pagefile settings. Disable the pagefile, reboot and activate the pagefile again (set to system managed).

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

January 26, 2017, 12:34 pm
$
0
0
Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 26 January 2017 at 8:34pm

Originally posted by mastabog mastabog wrote:


Can anyone explain if there is a way using WPT Analyzer to identify which actual component is misbehaving?

look for  ntoskrnl.exe!RtlpGenericRandomPatternWorker, ntoskrnl.exe!RtlpTestMemoryRandomUp calls


Miscellaneous Utilities : Need to monitor overall disk activity

January 26, 2017, 12:46 pm
$
0
0
Author: Reverend Jim
Subject: Need to monitor overall disk activity
Posted: 26 January 2017 at 8:46pm

Actually, fragmentation is not the problem. It's between ptsvchost.exe and  coreserviceshell.exe. I also found the tool I need to monitor. It's an old one from XP that is still available but buggy and poorly documented.

perfmon.exe

This eventually worked but first I had to find a way to eliminate the error messages that came up on running (and preventing the counters I needed from loading). In order to do that I had to rebuild the performance counters by

lodctr /r

But even after finding that gem buried somewhere in the internet I also had to discover that on a 64 bit OS I actually had to 

Ran lodctr /r from syswow64

because running it from anywhere else resulted in

Error: Unable to rebuild performance counter setting from system backup store, error code is 5

And then I had to search high and low for intelligible info on how to run perfmon (and how to do things like zoom out once I had zoomed in). Then I had to figure out how someone on another computer could take the generated log and load it up for viewing. There is also a Windows program

relog.exe

for reformatting the log files and extracting data that is similarly hidden. All in all I have to believe that Microsoft really doesn't want me to have the tools I need to troubleshoot.
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>