Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Miscellaneous Utilities : Desktops + Windows 7 hotkeys

May 9, 2017, 11:52 pm
$
0
0
Author: Furia
Subject: Desktops + Windows 7 hotkeys
Posted: 10 May 2017 at 6:52am

Well if the Alt, Shift or Ctrl keys were my preference we wouldn't be here in the first place now, would we? The windows key is the perfect solution for me, so I'm committed to getting it to work.

The problem is clearly a bug with how secondary desktops are created in Win 7. Presumably the problem isn't limited to the DisabledHotKeys option, but it's the immediate visible result, hence I'm reporting it.

Search

Utilities Suggestions : Repair MDB and ACCDB files ?

May 10, 2017, 4:25 am
$
0
0
Author: RusselWood
Subject: Repair MDB and ACCDB files ?
Posted: 10 May 2017 at 11:25am

Kernel for Access is a powerful and effective solution to recover complete data from corrupt or damaged MDB and ACCDB files of a MS Access database. The software is also capable to maintain the integrity of internal data structure.

The software is integrated with dual recovery modes-

  1. Standard Mode
  2. Template Mode

To evaluate the features and functionalities of the software, visit- https://www.kerneldatarecovery.com/access-recovery.html

Miscellaneous Utilities : PageDefrag ERROR

May 10, 2017, 10:08 am
$
0
0
Author: comanchero
Subject: PageDefrag ERROR
Posted: 10 May 2017 at 5:08pm

Hi LMiller7 and Dax1792,

thanks for all the infos and assistance. So don't you know of any third party SW of this kind, besides the BloatPUP from Auslogics? I've just found this Free Registry Defrag/Compact - do you know it, is it safe to use?

Thanks for now.

All the best!


Edited by comanchero - 8 minutes ago at 5:10pm

Internals : Licensing question

May 10, 2017, 12:07 pm
$
0
0
Author: Mark_E
Subject: Licensing question
Posted: 10 May 2017 at 7:07pm

If I understand the licensing correctly, I am allowed do distribute the programs to all of our corporate owned computers.  Is the a restriction on how they can be redistributed or repackaged?  I want to build a MSI that will place the necessary Sysinternals tools on the local machine, add the install location into the Path variable and configure sysmon.  This would allow for easier, install, upgrade, and remove the tools, as well as inventory by MSI code.  I think this is allowed as the MSI is only be used for internal use, but I want to verify.

Process Monitor : A fruitful experience

May 10, 2017, 11:28 pm
$
0
0
Author: VeryOldGuy
Subject: A fruitful experience
Posted: 11 May 2017 at 6:28am

I've been using Sysinternals for a few years now, but today Process Monitor and Process Explorer helped a lot.

My Windows\Temp directory was filling with TMP files, sometimes up to several Gb per day, and I was getting worried.

I fired up Process Monitor, and chose the columns that show the path of the culprit application that was creating these temp files (filtering mainly for "create file" operation) and then kept filtering till I cornered the Windows\Temp directory.

It turned out that somehow the indexing service (most probably due to my own fault) was turned on, and my PC was indexing huge amount of data. I turned the indexing off, verified in Process Explorer that the service has been turned off, and was finally rid of the problem.

Although I have often used Autorun to solve pesky problems, but I consider today a fruitful experience, and I had to share.

Utilities Suggestions : Procexp / TCPView port search

May 11, 2017, 3:40 am
$
0
0
Author: beirtipol
Subject: Procexp / TCPView port search
Posted: 11 May 2017 at 10:40am

Would be useful to be able to hunt for open ports using either procexp or tcpview so I can identify the process and shut down / take other action. Perhaps it's already available and I can't easily find the function?

PsTools : Command Fails when using PSEXEC

May 11, 2017, 11:33 am
$
0
0
Author: sujith
Subject: Command Fails when using PSEXEC
Posted: 11 May 2017 at 6:33pm

Hi,

I have an AppCMD Command like below and its Importing AppPools

C:\Windows\System32\inetsrv\appcmd.exe list apppool /config /xml > "E:\BiztalkSchemas\apppool.xml"

it works Perfectly

when I want to run it remotely or on my Machine using PSExec like below, It always gives me an Error.

"E:\PSTools\PsExec.exe" -s \\SUJAY-PC  -accepteula C:\Windows\System32\inetsrv\appcmd.exe add apppool /in < "\\SUJAY-PC\E$\BiztalkSchemas\apppool.xml"

Th Error is Like below

Failed to process input: Invalid XML input - please make sure that your XML is well-formed and follows the required format (HRESULT=c00cee3a).
C:\Windows\System32\inetsrv\appcmd.exe exited on PC with error code -1072894406.

It is the same xml when i run through AppCMD works but when i use with PSEXEC it fails.

Can you Please help me with this?

Thanks,
Sujith.

PsTools : start remote windows service

May 11, 2017, 11:39 am
Search

Internals : Licensing question

May 11, 2017, 1:39 pm
$
0
0
Author: pmatula
Subject: Licensing question
Posted: 11 May 2017 at 8:39pm

I read the licensing and there is no specific section about the "how". I think it's okay, when you use the distribution mechanism only for corporate computers. (no guarantee)

Process Explorer : procex64 wont load

May 12, 2017, 1:55 am
$
0
0
Author: passanto
Subject: procex64 wont load
Posted: 12 May 2017 at 8:55am

further info:

SRP denies execution of user folder's executable.

running procexp.exe results in failure, since it extracts the 64bit image in the user's temp folder, but of course it cannot be executed.

disabling the resctriction and launching procexp.exe, of course temporary procexp64.exe gets launched.

while running, take a copy of the 64bit image and pasted on Desktop.

close the running instance (which is a nested process of the procexp.exe file).

leaving the restriction off, the pasted procexp64.exe executable works, also if pasted into other folders.


copy the 64bit image into an allowed path (ie C:\Program Files\Portables\SysinternalsSuite\) it doesnt open, but the process is listed by task manager (restrictions are still off, and this is very strange).

gave a try on changin ownership and acl as well, in order to match the procexp.exe ones, won't load neither.


conclusion, when pasting the procexp64.exe inside progamfiles it won't load

probably with process monitor is possible to get why?

Troubleshooting : Recovering emails from a corrupted personal folder

May 12, 2017, 4:11 am
$
0
0
Author: shivgupta
Subject: Recovering emails from a corrupted personal folder
Posted: 12 May 2017 at 11:11am

In case, Scanpst.exe fails to fix PST error issues, you can try an Outlook PST repair software. The software can easily solve PST corruption issues without any hassle. You can also use it to recover deleted or inaccessible Outlook mailbox items from corrupted PST files. For more information, visit: http://www.pstoutlookrepair.com/


Edited by shivgupta - 1 hour 8 minutes ago at 11:13am

Troubleshooting : pst files outlook

May 12, 2017, 4:18 am

Utilities Suggestions : Tools Information File

May 12, 2017, 8:29 am
$
0
0
Author: gazbea
Subject: Tools Information File
Posted: 12 May 2017 at 3:29pm

Hi guys,

Something that would be really awesome and easy for you guys to knock together.

What would be really useful would be to have a single XML/JSON file that contains all of the tools information. Something like the following for each tool:

<tools>
    <tool>
        <name></name>
        <description></description>
        <version></version>
        <date></date>
        <url></url>
    </tool>
    <tool>
        <nam.......
</tools>

Then when you release a new version we can quickly get an update of your tools by looking at the XML in a script.

Thanks in advance,

Gaz

PsTools : Command Fails when using PSEXEC

May 12, 2017, 2:43 pm
$
0
0
Author: Tecnico
Subject: Command Fails when using PSEXEC
Posted: 12 May 2017 at 9:43pm

Try this command:

psexec \\SUJAY-PC -user @@  -p @@@ -i appcmd.exe add apppool  \\SUJAY-PC\E$\BiztalkSchemas\apppool.xml

@@-->user
@@@-->password

Development : Process environment variables

May 12, 2017, 5:42 pm
$
0
0
Author: wormworm
Subject: Process environment variables
Posted: 13 May 2017 at 12:42am

It surly does not work with the fixed address --- a better way is to get the PEB address first, then check PEB->ProcessParameters->Environment, which is a LPVOID, then you can read the variable strings from there.
Search

Development : How find SSDT Shadow address in Windows 10 x86?

May 13, 2017, 2:54 pm
$
0
0
Author: flashcoder
Subject: How find SSDT Shadow address in Windows 10 x86?
Posted: 13 May 2017 at 9:54pm

Based in this article ( http://www.developersite.org/905-42385-service ) i'm using the following code to get address of shadow table and works perfectly from WinXP x86 until Win8.1 x86 (Operating systems that was tested), only on Win10 x86 that cannot found the address.

Thank you by any suggestion.


#include <ntddk.h>
#include "ntapi.h"  -> https://pastebin.com/BFwWUvmT

typedef NTPROC * PNTPROC;

typedef struct tag_SYSTEM_SERVICE_TABLE {
    PNTPROC   ServiceTable; // array of entry points to the calls
    int  CounterTable; // array of usage counters
    ULONG ServiceLimit; // number of table entries
    PCHAR ArgumentTable; // array of argument counts
} SYSTEM_SERVICE_TABLE, *PSYSTEM_SERVICE_TABLE, **PPSYSTEM_SERVICE_TABLE;

typedef struct tag_SERVICE_DESCRIPTOR_TABLE {
    SYSTEM_SERVICE_TABLE ntoskrnl; // main native API table
    SYSTEM_SERVICE_TABLE win32k; // win subsystem, in shadow table
    SYSTEM_SERVICE_TABLE sst3;
    SYSTEM_SERVICE_TABLE sst4;
} SERVICE_DESCRIPTOR_TABLE, *PSERVICE_DESCRIPTOR_TABLE, **PPSERVICE_DESCRIPTOR_TABLE;

extern "C" NTOSAPI SYSTEM_SERVICE_TABLE KeServiceDescriptorTable;
extern "C" __declspec(dllimport) NTSTATUS NTAPI KeAddSystemServiceTable(ULONG, ULONG, ULONG, ULONG, ULONG);

PSERVICE_DESCRIPTOR_TABLE __stdcall GetServiceDescriptorShadowTableAddress() {
    char * check = (char *)KeAddSystemServiceTable;
    PSERVICE_DESCRIPTOR_TABLE rc = NULL; int i;
    for (i = 0; i < 1024; i++) {
        rc = *(PPSERVICE_DESCRIPTOR_TABLE)check;
        if (!MmIsAddressValid(rc) || ((PVOID)rc == (PVOID)&KeServiceDescriptorTable)
            || (memcmp(rc, &KeServiceDescriptorTable, sizeof(SYSTEM_SERVICE_TABLE)))) {
            check++; rc = NULL;
        }
        if (rc)
            break;
    }
    return rc;
}

VOID DriverUnload(IN PDRIVER_OBJECT DriverObject) {
    DbgPrint("DriverUnload()!\n");
    return;
}

extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING RegistryPath) {

    NTSTATUS NtStatus = STATUS_SUCCESS;

    pDriverObject->DriverUnload = DriverUnload;
    DbgPrint("DriverEntry()!\n");


    PSERVICE_DESCRIPTOR_TABLE pShadow = GetServiceDescriptorShadowTableAddress();
        if (pShadow) {

               DbgPrint("SSDT Shadow address found!");
        }
        else
            DbgPrint("Error: Can't get Win32k Address!\n");



    return NtStatus;
}




Edited by flashcoder - 41 minutes ago at 9:55pm

Miscellaneous Utilities : Feat.Req.RAMMap: Remember sort order and last tab

May 14, 2017, 3:13 am
$
0
0
Author: pstein
Subject: Feat.Req.RAMMap: Remember sort order and last tab
Posted: 14 May 2017 at 10:13am

I am particularly interested in the tab "File summary".

Whenever I launch RAMMap I  have to click (again) manually the tab "File Summary" and to manuyll sort the column "Total".

This is unconvenient and unnecessary.

Could RAMMap automatically remember the last opened tab and sort column?

E.g. in separate *.ini file or Registry?

Alternatively as a workaround a start of RAMMap through command line with parameters would be acceptable like

rammap.exe -tab "File Summary" -sort "Total"

Can this option be added in the next release?

Thank you
Peter

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

May 14, 2017, 9:45 am
$
0
0
Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 14 May 2017 at 4:45pm

@alecajuice

this time 1 bit in memory for kernel is corrupted:

CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
    fffff80367886a6d - nt!MiInsertNonPagedPoolOnSlist+45d
[ f6:ba ]
1 error : !nt (fffff80367886a6d)

MODULE_NAME: memory_corruption

IMAGE_NAME:  memory_corruption

FOLLOWUP_NAME:  memory_corruption

MEMORY_CORRUPTOR:  ONE_BYTE

FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_ONE_BYTE

run memtest and check file system with chkdsk

Process Explorer : ** Process Explorer Bugs **

May 15, 2017, 4:24 am
$
0
0
Author: delphifreak
Subject: ** Process Explorer Bugs **
Posted: 15 May 2017 at 11:24am

Running Process Explorer 16.20 on Windows 10 x64 on a Workstation with two E5-2680 v4 processors I have 56 threads (28 physical cores). When trying to set a processes affinity using PE it always removes the affinity to every cpu larger than "CPU 30" (sic!). The display of the affinity works correctly though for all 56 threads.

I.e. start a process through:
start /AFFINITY AAAAAAAAAAAAAAAA notepad.exe
gives me this (which is expected):
Just by clicking on "OK" (without any modifications) and reopening the dialog again I get this:

Miscellaneous Utilities : Why Time Tracking Tools don't work with Desktops

May 15, 2017, 10:04 am
$
0
0
Author: dmanty45
Subject: Why Time Tracking Tools don't work with Desktops
Posted: 15 May 2017 at 5:04pm

Hi, 

My apologies ahead of time if this is the wrong place for this topic. Its not an issue with Desktops application itself. 

I use a time tracking tool at work called procrastitracker. Procrastitracker (and a few other similiar apps) cannot seem to track any activity in any other virtual destop but desktop 1. What is the reason for this? 

I guess I should post my question in the procrastitracker forum as well. 


Thanks,
Drew Morrissey
  
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>