Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Troubleshooting : Microsoft Outlook - Help recovering corrupt PST fi

March 6, 2017, 10:17 pm
Search

Process Monitor : Use ProcMon for random reboots

March 7, 2017, 2:48 am
$
0
0
Author: kayax
Subject: Use ProcMon for random reboots
Posted: 07 March 2017 at 10:48am

I had exactly the same behavior and I checked my memory modules.
One of the four 4GB modules was faulty.
Of course I had to try then each one separately to find out the faulty one.
And so I did.
After removing that module everything was fine and I was happy again.
I hope your problem is similar.

Regards
kayax

Miscellaneous Utilities : MoveFile

March 7, 2017, 4:33 am
$
0
0
Author: yberthol
Subject: MoveFile
Posted: 07 March 2017 at 12:33pm

We (now) all know that the names of the files to be moved atreboot (at shutdown actually, I discovered) are held under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager;PendingFileRenameOperations .

But there is a second possible value, named PendingFileRenameOperations2. This is evenmentioned in the bible (Windows Internals) but without further explanation Cry.Until today, I have been unable to find an explanation for this ..2.

On the Internet, it is sometime suggested to rename PendingFileRenameOperations into PendingFileRenameOperations2 in order tolet a software install himself, in the case he wouldn’t do it as long as thereare rename operations pending. (In other words, PendingFileRenameOperations is checked by the about-to-install-himselfsoftware while PendingFileRenameOperations2is not but they works both the same way). So, it this the reason to have 2values?.

Thank you for your attention, Yves

BgInfo : Not Working Correctly on Windows 10

March 7, 2017, 8:15 am
$
0
0
Author: KhunRoger
Subject: Not Working Correctly on Windows 10
Posted: 07 March 2017 at 4:15pm

Originally posted by Bill_Bright Bill_Bright wrote:

Originally posted by KhunRoger KhunRoger wrote:

And yet there is a new version dated "Published: February 17, 2017"

Either they didn't update the program, or they forgot to post the updated program to the download page. 



Surely not!   

Just for the fun (?) of it, I tried all the versions that I have stored on my PC - 4.07 (2004), 4.12 (2007), 4.20 (2013) and 4.21 (2015). Not surprisingly, they all failed.

Perhaps if we keep posting to this thread it may get the attention of Mark.  (I wonder if he's on Twitter? Smile )

-------------

Edit: Hmm, he is! : https://twitter.com/markrussinovich?lang=en




Edited by KhunRoger - 1 hour 12 minutes ago at 4:26pm

Development : nm or dumpbin equivalent

March 7, 2017, 9:27 am
$
0
0
Author: yong321
Subject: nm or dumpbin equivalent
Posted: 07 March 2017 at 5:27pm

I'm looking for a Windows equivalent of Linux/UNIX nm tool to list symbols from an executable. It's said that the dumpbin utility in Visual Studio can do the job. Is there such a tool that is not part of Visual Studio?

Utilities Suggestions : Migrate NSF file into MS Outlook PST Format

March 7, 2017, 9:45 am
$
0
0
Author: AndrewParmer
Subject: Migrate NSF file into MS Outlook PST Format
Posted: 07 March 2017 at 5:45pm

NSF to PST Converter software is sole that provides an option to convert NSF file(s) directly from Lotus Domino Server to MS Exchange Server. Using this utility, the administrator can get connected with the Domino server and can easily access the user mailboxes. Additionally, this tool can convert unlimited number of NSF files and allows saving them in PST file format or listing them directly to Exchange Server mailboxes.

Key Features:-

* Facilitates efficient migration of data from .nsf to .pst file format.
* Proficient conversion of the entire Domino Server database.
* Converts almost everything into PST including Unicode content.
* Even Lotus Notes files of large size can easily be converted efficiently and quickly.

To download visit:- http://email-recovery-utility.blogspot.in/2017/02/nsf-to-pst-converter-tool.html

Utilities Suggestions : How to Convert OST File into PST?

March 7, 2017, 9:49 am
$
0
0
Author: AndrewParmer
Subject: How to Convert OST File into PST?
Posted: 07 March 2017 at 5:49pm

You can restore OST file and convert OST file to PST file with most excellent OST 2 PST is a smart solution for repairing corrupt/damaged database OST file and extract OST data emails, contacts, calendar, tasks, notes, journals and also successfully Convert OST to PST format easily. You can also successfully loaded in Microsoft Outlook data file format.

Visit :- http://email-recovery-utility.blogspot.in/p/ost-2-pst-converter-tool.html

Miscellaneous Utilities : Sysmon V6 fails to install on Windows 2008 R2

March 7, 2017, 10:40 pm
$
0
0
Author: v1d1an
Subject: Sysmon V6 fails to install on Windows 2008 R2
Posted: 08 March 2017 at 6:40am

Hi ,


I have the same problem.. I'm in a Virtual Machine with Windows 2008 R2 and I have the same message error.

I wan't Use Sysmon with a VM like Metasploitable 3 for doing test of detection and i can't make un update of VM.

How i can do a install of Sysmon without verification of the signature ..


Thanks :)
Search

BgInfo : Error: Missing Rights to change desktop settings

March 8, 2017, 1:51 am
$
0
0
Author: FriedhelmEichin
Subject: Error: Missing Rights to change desktop settings
Posted: 08 March 2017 at 9:51am

Hi,
first I will say, that I am using this tool over many years from Windows xp to Server 2016 or Windows 10. I like it and I have never seen an other tool which could replace it.
 
On newer os i.e. Windows 10 Aniversary I get the error message on the logfile
"An error  occured while attempting to set the new Desktop settings
Please ensure the current user has rights to Change Desktop Settings:
Dieser Vorgang erfordert eine interaktive Arbeitsstation".
 
  • I am using the Task scheduler to start BgInfo.
  • The logon user is member of the Administrator Group and has no Limitation, there are no Group policy limitations.
  • The Task Scheduler Option "Use highest priority" is set, so BgInfo should be startet with Administrator Elevation.
  • BgInfo is started from the Folder c:\Program Files (x86)\Tools\BgInfo
  • As Location for the Output Bitmap I use "User's temporary files Directory"

An Interactive call of the same commandline as used in Task Scheduler succeeds.

What could be the matter of this strange Problem?
Regards Friedhelm
 

BgInfo : Display the Date - BGInfo

March 8, 2017, 4:41 am
$
0
0
Author: Novalee
Subject: Display the Date - BGInfo
Posted: 08 March 2017 at 12:41pm

As in the title really.

I'd like to display the date on the desktop using BGinfo. 
Using the custom fields and WMI I can get the date in the format 08/03/2017

However, I'd prefer it to be something like:
Wednesday 8th March 2017 (or similar).

Also, potentially tied into this, I would like to display a week type. (Context - large school with a two week timetable - week A and week B - it would be convenient to have the current week displayed). Any ideas on how to tackle this?

I'm not a coder so am flailing around a bit with this. I have searched but can't find this has been asked before, so please forgive me if I'm repeating a question! 

Thanks!

Miscellaneous Utilities : Procdump utility problem

March 8, 2017, 12:54 pm
$
0
0
Author: artem.p
Subject: Procdump utility problem
Posted: 08 March 2017 at 8:54pm

Hi,

I am trying to analyze dump created by procdump with WinDbg but I keep getting an error.

...............................................................
Loading unloaded module list
................................................................
ntdll!NtSuspendThread+0xa:
000007fd`e03d4dbb c3              ret

Any idea what could cause it?

Process Monitor : Stream Process Monitor Logs

March 8, 2017, 9:52 pm
$
0
0
Author: ajax
Subject: Stream Process Monitor Logs
Posted: 09 March 2017 at 5:52am

Can Process Monitor write in real time in a format other than native PML?
How can the PML file be continuously streamed out?
Is there any script available that can parse the PML file?

PsTools : Psexec failed on windows 10

March 9, 2017, 12:00 pm
$
0
0
Author: RGIO
Subject: Psexec failed on windows 10
Posted: 09 March 2017 at 8:00pm

I'm having a lot of troubles to run some scripts in a windows 10 machine, this is how it looks:
psexec -u use% -p password \\target_machine \\server\Installers\software_update.exe <commands for each software>

On windows 7 and servers I don't have any problems, but with windows 10 I get:
"PsExec could not start \\server\Inst\software_update.exe on target_machine
The system cannot find the file specified"

I add the next registry on windows 10: LocalAccountTokenFilterPolicy with the 1 value, but I still have the same problem, now I can access with: Run -> \\target_machine\c$  but no with cmd

I read that Psexec have problems with UNC paths but in Windows 7 all the scripts works perfectly
 
Do you have some ideas?

Autoruns : [BUG REPORT] Autoruns64 13.62 is utterly broken

March 9, 2017, 3:36 pm
$
0
0
Author: bugmenot
Subject: [BUG REPORT] Autoruns64 13.62 is utterly broken
Posted: 09 March 2017 at 11:36pm

This problem is still unresolved as of v13.70.

Does anyone at Microsoft read these forums?

Edited by bugmenot - 27 minutes ago at 11:37pm

Process Monitor : Driver Verifier violation in latest ProcMon

March 9, 2017, 4:57 pm
$
0
0
Author: ralish
Subject: Driver Verifier violation in latest ProcMon
Posted: 10 March 2017 at 12:57am

While attempting to isolate a separate system crash we've found that the latest release of Process Monitor (v3.32) reliably crashes in a certain scenario when Driver Verifier is enabled on the driver with standard checks.

When opening Process Monitor to save a boot log having previously enabled the boot log and rebooted the system, a bug check will occur.

Some details on the crash are provided below from a WinDbg analysis on the test Windows 10 Pro x64 (v1607) system:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 000000000002001f, ID of the 'IrqlZwPassive' rule that was violated.
Arg2: fffff8083fbfc9d0, A pointer to the string describing the violated rule condition.
Arg3: 0000000000000000, Reserved (unused). 
Arg4: 0000000000000000, Reserved (unused). 

Debugging Details:
------------------

Page 21437c not present in the dump file. Type ".hh dbgerr004" for details

DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING:  14393.693.amd64fre.rs1_release.161220-1747

SYSTEM_MANUFACTURER:  LENOVO

SYSTEM_PRODUCT_NAME:  10HYCTO1WW

SYSTEM_SKU:  LENOVO_MT_10HY_BU_LENOVO_FM_ThinkCentre M700

SYSTEM_VERSION:  ThinkCentre M700

BIOS_VENDOR:  LENOVO

BIOS_VERSION:  FWKT5FA  

BIOS_DATE:  11/08/2016

BASEBOARD_MANUFACTURER:  LENOVO

BASEBOARD_PRODUCT:  30D2

BASEBOARD_VERSION:  SDK0J40697 WIN 3305029749446

DUMP_TYPE:  1

BUGCHECK_P1: 2001f

BUGCHECK_P2: fffff8083fbfc9d0

BUGCHECK_P3: 0

BUGCHECK_P4: 0

DV_VIOLATED_CONDITION:  ZwClose should only be called at IRQL = PASSIVE_LEVEL.


DV_RULE_INFO: 0x2001F

BUGCHECK_STR:  0xc4_IrqlZwPassive_XDV

CPU_COUNT: 4

CPU_MHZ: 8a0

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 5e

CPU_STEPPING: 3

CPU_MICROCODE: 6,5e,3,0 (F,M,S,R)  SIG: 9E'00000000 (cache) 9E'00000000 (init)

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

PROCESS_NAME:  Procmon64.exe

CURRENT_IRQL:  1

ANALYSIS_SESSION_HOST:  SHODAN

ANALYSIS_SESSION_TIME:  03-10-2017 11:23:01.0946

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

LAST_CONTROL_TRANSFER:  from fffff8083fbf1f13 to fffff803623c76f0

STACK_TEXT:  
ffffe780`97c38d18 fffff808`3fbf1f13 : 00000000`000000c4 00000000`0002001f fffff808`3fbfc9d0 00000000`00000000 : nt!KeBugCheckEx
ffffe780`97c38d20 fffff808`3fbe1505 : ffffffff`80001480 ffffe780`97c38ec0 ffffffff`80001480 ffffe780`97c38ec0 : VerifierExt!SLIC_abort+0x193
ffffe780`97c38d60 fffff808`3fbe152a : 00000000`00000010 00000000`00000082 ffffe780`97c38db8 00000000`00000000 : VerifierExt!ZwCreateKey_wrapper+0x75
ffffe780`97c38d90 fffff808`41977356 : 00000000`00000103 ffffe780`97c38ec0 ffffffff`80001480 ffffbb0b`da626fd8 : VerifierExt!ZwClose_wrapper+0x1a
ffffe780`97c38dc0 fffff808`419722f2 : ffff8801`bb582400 00000000`00000000 ffff8801`bbd935f8 ffffe780`954d1000 : PROCMON23+0x7356
ffffe780`97c39080 fffff808`41972fbf : ffff8801`00000002 00000000`0000057c ffff8801`bc9a7130 ffff8801`bb582400 : PROCMON23+0x22f2
ffffe780`97c390c0 fffff808`3f9210a3 : ffffe780`00000001 00000000`00000010 ffffd683`8c0926d0 00000000`00000000 : PROCMON23+0x2fbf
ffffe780`97c390f0 fffff808`3f90f560 : 00000000`00000000 ffffe780`97c39350 ffff8801`bb582400 ffff8801`bc9a7130 : FLTMGR!FltpvConnectionNotify+0x83
ffffe780`97c39150 fffff808`3f903475 : ffffbb0b`dba8cf70 00000000`00000000 00000000`00000004 ffff8801`00000007 : FLTMGR!FltpOpenClientPort+0x44c
ffffe780`97c39260 fffff808`3f9041f2 : ffffbb0b`dba8cea0 ffffe780`97c39350 ffff8801`b6fec260 ffff8801`bc91ef40 : FLTMGR!FltpMsgDispatch+0x175
ffffe780`97c392d0 fffff803`6297dd26 : ffffbb0b`dba8ce00 ffff8801`b6fec260 00000000`00000000 00000000`00000000 : FLTMGR!FltpCreate+0x482
ffffe780`97c39380 fffff803`622e9272 : 00000000`00000025 ffffe780`97c396d0 ffff8801`b6fec260 ffff8801`bc91ef40 : nt!IovCallDriver+0x252
ffffe780`97c393c0 fffff803`626feb94 : 00000000`00000025 ffffe780`97c396d0 ffff8801`b6fec260 00000000`00000001 : nt!IofCallDriver+0x72
ffffe780`97c39400 fffff803`62750022 : fffff803`626fe1d0 fffff803`626fe1d0 ffffe780`00000002 ffff8801`b6fec230 : nt!IopParseDevice+0x9c4
ffffe780`97c395d0 fffff803`62702cdd : ffff8801`bbf19b01 ffffe780`97c39830 00000000`00000040 ffff8801`b54d56e0 : nt!ObpLookupObjectName+0x8b2
ffffe780`97c397a0 fffff803`626e5ae9 : 00000000`00000001 ffff8801`bc8c22d8 00000043`f3cff050 00000000`00000028 : nt!ObOpenObjectByNameEx+0x1dd
ffffe780`97c398e0 fffff803`626e56f9 : 00000043`f3cff020 ffffd683`8c01a9f0 00000043`f3cff050 00000043`f3cff090 : nt!IopCreateFile+0x3d9
ffffe780`97c39980 fffff803`623d2393 : ffff8743`9ffed760 ffff8743`a1cfff68 ffff8743`a1d0e7f8 ffffc02c`26948447 : nt!NtCreateFile+0x79
ffffe780`97c39a10 00007ffb`62f86b74 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000043`f3cfeeb8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`62f86b74


STACK_COMMAND:  kb

THREAD_SHA1_HASH_MOD_FUNC:  56ea485fb9b85cfae89c725908902253570559a5

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  1ccba113cf65a8f12042ddbc5e2b15553fc66c40

THREAD_SHA1_HASH_MOD:  72510b3f4d8a46ba20ecf271f08bd1b227805646

FOLLOWUP_IP: 
PROCMON23+7356
fffff808`41977356 85db            test    ebx,ebx

FAULT_INSTR_CODE:  7578db85

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  PROCMON23+7356

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: PROCMON23

IMAGE_NAME:  PROCMON23.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  5898d66f

BUCKET_ID_FUNC_OFFSET:  7356

FAILURE_BUCKET_ID:  0xc4_IrqlZwPassive_XDV_VRF_PROCMON23!Unknown_Function

BUCKET_ID:  0xc4_IrqlZwPassive_XDV_VRF_PROCMON23!Unknown_Function

PRIMARY_PROBLEM_CLASS:  0xc4_IrqlZwPassive_XDV_VRF_PROCMON23!Unknown_Function

TARGET_TIME:  2017-03-09T22:48:23.000Z

OSBUILD:  14393

OSSERVICEPACK:  0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2016-12-21 17:50:57

BUILDDATESTAMP_STR:  161220-1747

BUILDLAB_STR:  rs1_release

BUILDOSVER_STR:  10.0.14393.693.amd64fre.rs1_release.161220-1747


Edited by ralish - 2 hours 12 minutes ago at 12:58am
Search

BgInfo : Muitliple IP and Mac

March 9, 2017, 9:14 pm
$
0
0
Author: dft01
Subject: Muitliple IP and Mac
Posted: 10 March 2017 at 5:14am

Does any one know how to filter the IP address information and not include the empty IP NIC s?
 
Thanks
David
 

BgInfo : Permanent Display

March 10, 2017, 7:58 am
$
0
0
Author: ideprize
Subject: Permanent Display
Posted: 10 March 2017 at 3:58pm

Hi All
Cannot remove the BGinfo display from Server 2008 r2 screen.  Have removed completely from disks and registry.  Program is not running either - no startup display presenting options of continue, cancel, etc.  The display is just there after desktop is reached.  Have done scans with both malwarebytes and eset; eset tech support came in but could not remove either.  Is this part of the "wallpaper" now and if so how do I change the wallpaper back to solid color without the display.  Worried that I may still have a rogue process running but if I do nothing is finding it.
Respectfully,
ideprize

Miscellaneous Utilities : Minor bug in sync.exe: -accepteula

March 10, 2017, 8:00 am
$
0
0
Author: rjt69
Subject: Minor bug in sync.exe: -accepteula
Posted: 10 March 2017 at 4:00pm

sync.exe /accepteula  Fixed June 2016.  

P:\APPS>sigcheck.exe P:\apps\sync.exe

Sigcheck v2.54 - File version and signature viewer
Copyright (C) 2004-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

p:\apps\sync.exe:
        Verified:       Signed
        Signing date:   8:09 PM 6/12/2016
        Publisher:      Microsoft Corporation
        Company:        Sysinternals - www.sysinternals.com
        Description:    Flush cached data to disk.
        Product:        Sysinternals Sync
        Prod version:   2.2
        File version:   2.2
        MachineType:    32-bit

Site Bugs : accepteula

March 10, 2017, 8:09 am
$
0
0
Author: rjt69
Subject: accepteula
Posted: 10 March 2017 at 4:09pm

i know this is old, but google brings this up as one of first results.  Verified sync.exe /accepteula works with June 2016 version.  

Miscellaneous Utilities : Using ProcDump for svchost

March 10, 2017, 11:06 am
$
0
0
Author: Mark_E
Subject: Using ProcDump for svchost
Posted: 10 March 2017 at 7:06pm

I am try to troubleshoot a computer, that seems to be having crackling audio issues every time that a svchost.exe consumes more then 21% of the CPU, whether it be Skype, Webex, GotoMeeting, or Youtube.  The CPU is a dual core with Hyperthreading.  I am trying to run the procdump based on the svchost PID with the following command:

procdump.exe -c 21 -s 2 -n 3 -x C:\Temp\procdump 1488

This errors with "The system cannot find the file specified. (0x00000002, 2)  Am I missing something? I used process explorer to grab the PID and I am running the powershell prompt as Administrator.  The location of Sysinterals has been added to the Paths location.

Any suggestions?


Edited by Mark_E - 39 minutes ago at 7:08pm
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>