Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Miscellaneous Utilities : Remove NTFS Check for Junction Utility

February 22, 2018, 8:51 pm
$
0
0
Author: dl7749
Subject: Remove NTFS Check for Junction Utility
Posted: 23 February 2018 at 4:51am

I tried the utility (version 1.07) on an ReFS file system and it said 'Junctions are only supported on NTFS volumes'.

First the message is no longer true since the introduction of ReFS.

Second From my limited knowledge, junctions are manipulated using DeviceIoControl() function with various control codes (FSCTL_*_REPARSE_POINT). The API has nothing NTFS-specific and should work with ReFS. So I concluded that it must be the utility itself that thought it wouldn't work, rather than DeviceIoControl().

I fetched the source code for an older version (version 1.04,released before Microsoft acquisition of Sysinternals). There was indeed a check on whether the file system (of the junction directory) was NTFS. I removed the check, recompiled and ran the utility, and it indeed worked on ReFS.

I suggest that a newer version of the utility be released with the NTFS check removed.

Thanks.



Search

Process Explorer : Process Explorer Caused BSOD - Server 2012 R2

February 23, 2018, 5:41 am
$
0
0
Author: tommynoble
Subject: Process Explorer Caused BSOD - Server 2012 R2
Posted: 23 February 2018 at 1:41pm

Thanks, I guess that's an option, but we need to use it as admin; if it gets left running, I'm not going to blame an operator for badly behaved software.  I'm simply not willing to trust it at all in production environments.

Miscellaneous Utilities : Sysmon v7.01 uninstallation causing bugcheck 0x3b

February 23, 2018, 10:28 am
$
0
0
Author: evgeny.golov
Subject: Sysmon v7.01 uninstallation causing bugcheck 0x3b
Posted: 23 February 2018 at 6:28pm

Hello Everyone!
 
We are trying to sort out the following problem yet unsuccessful so far. We have hundreds ofservers where Sysmon must be installed (and was partly installed already). We noticed that in some occasions whenit was necessary to uninstall Sysmon, the server BSOD’ed. As a test, we’veinstalled and uninstalled Sysmon with a 20 minute interval on a group of verylighly loaded servers and were able to cause 7 BSODs on different machines(there were overall hundreds of install/uninstall cycles).

 

Hosts - both virtualized and physical

OS - Windows Server 2012 R2 in most recent tests

 

Bugcheck details – thebugcheck code, faulting IP has been the same in all dumps:

 

SYSTEM_SERVICE_EXCEPTION(3b)

An exception happenedwhile executing a system service routine.

Arguments:

Arg1:00000000c0000005, Exception code that caused the bugcheck

Arg2:fffff800404c4048, Address of the instruction which caused the bugcheck

Arg3:ffffd0002311c620, Address of the context record for the exception that causedthe bugcheck

Arg4:0000000000000000, zero.

 

EXCEPTION_CODE:(NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at0x%08lx. The memory could not be %s.

FAULTING_IP:

SysmonDrv+8048

fffff800`404c4048488b4840        mov     rcx,qword ptr [rax+40h]

 

Processes wherebugcheck happens: splunkd.exe, noderunner.exe, Microsoft.Exchange.Search.Service.exe(recent tests were made on Exchange Server 2016 servers).

 

Upon dump analysis, we’venoticed that the unregister thread runs concurrently with another thread whereSysmonDrv is referenced for filtering an I/O event. In one case it was total of 3 executingthreads – 2 with I/O event and 1 for unregistering SysmonDrv filter.

 

Has anyone seen this behavior? How can we work around this? Thanks a bunch!

 

Attaching example in a zippeduploads/52858/example.zip .txt file as apparently it doesn't fit in the post limits.

 

 



Edited by evgeny.golov - 45 minutes ago at 6:35pm

BgInfo : JET4.0 or later be installed

February 23, 2018, 7:50 pm
$
0
0
Author: JerryMa1971
Subject: JET4.0 or later be installed
Posted: 24 February 2018 at 3:50am

Any other suggestion?

BgInfo : JET4.0 or later be installed

February 24, 2018, 3:28 am
$
0
0
Author: Dax1792
Subject: JET4.0 or later be installed
Posted: 24 February 2018 at 11:28am

Are you running Bginfo or Bginfo64? I think JET was 32bit only.

PsTools : Use psexec in a commercial product

February 25, 2018, 3:33 am
$
0
0
Author: HypnoDog
Subject: Use psexec in a commercial product
Posted: 25 February 2018 at 11:33am

Hi,
I have a question regarding use of psexec in a commercial product. The EULA has the following line:

You may not
...
* use the software for commercial software hosting services.

I'm not sure what the "hosting services" part means. Basically I wanted to offer a remote execution capability in the product, and to utilize psexec.exe for that. I'm planning to include a line about use of PsExec in the About box of the software. 

Can someone give a definitive answers if we can use psexec in a commercial product? 

Thanks.

Process Explorer : Cannot connect to VirusTotal

February 25, 2018, 6:51 am
$
0
0
Author: eitanc
Subject: Cannot connect to VirusTotal
Posted: 25 February 2018 at 2:51pm

Hi,
I use processexplorer 16.21 on win 10 build 1709.
When I run it in admin mode, for the VirusTotal column I get an error of "A connection with the server could not be established" for all processes.

I can see in my GW FW that the traffic to www.virustotal.com is allowed and at Wireshark I see that there are events of SSL handshake but from my view they are not fully completed as I don't see records of "Application Data" of the encrypted data.

So, it looks like either a SSL issue.

Can you please check?

Thanks,

Eitan

Miscellaneous Utilities : Remove NTFS Check for Junction Utility

February 25, 2018, 7:29 am
$
0
0
Author: sredna
Subject: Remove NTFS Check for Junction Utility
Posted: 25 February 2018 at 3:29pm

I suppose it should fall back to checking if GetVolumeInformation reports the FILE_SUPPORTS_REPARSE_POINTS flag on non-NTFS volumes.


Edited by sredna - 6 hours 58 minutes ago at 3:30pm
Search

Miscellaneous Utilities : Remove NTFS Check for Junction Utility

February 25, 2018, 8:54 pm
$
0
0
Author: dl7749
Subject: Remove NTFS Check for Junction Utility
Posted: 26 February 2018 at 4:54am

Thanks for the reply. I was thinking that using DeviceIoControl() with reparse points would fail anyway if the file system doesn't have such feature, so perhaps there is no need to do an *additional* check beforehand.

Doesn't hurt if the check (for reparse point) is there though.


PsTools : Windows 10 1709 killed PSExec -sdi

February 26, 2018, 7:06 am
$
0
0
Author: Aditza
Subject: Windows 10 1709 killed PSExec -sdi
Posted: 26 February 2018 at 3:06pm

*bump from forum second page*

it's almost the end of february...still no news of a fix. :(

Autoruns : Autoruns64.dll ... wait, what dll ??!!

February 26, 2018, 7:29 am
$
0
0
Author: Aditza
Subject: Autoruns64.dll ... wait, what dll ??!!
Posted: 26 February 2018 at 3:29pm

i discovered that there's a new file dll in the recently released version: Autoruns64.dll

anyone has any idea what's up with this file? why was a new dll needed?

https://www.virustotal.com/#/file/80691828d9059015687128adaefe766de4b290faea0c1dc97f178322546ec4f0/details

https://live.sysinternals.com/Autoruns64.dll

autoruns64.exe works normally even after i deleted it, so what is its real purpose there?

Troubleshooting : ACPI.sys & constant high system interrupts

February 27, 2018, 1:16 am
$
0
0
Author: 1iveowl
Subject: ACPI.sys & constant high system interrupts
Posted: 27 February 2018 at 9:16am

I'm trying to troubleshoot this issue where I'm having one logical CPU at a constant 100 % and where I'm seeing a constant system interrupts usage level of 3 %, which I think is high in this particular system.

Also, the system feels sluggish doing basic stuff such as browsing (especially switching between tabs) etc. The system is all new, with 64 GB RAM, intel X299 chipset, 2 TB SSD and an 18 core Intel i9. It shouldn't feel sluggish.

I'm running Windows 10 Pro (build 16299.248). When using the system with a DAW (Digital Audio Workstation) sush as Ableton Live 10 I get pops and crackles using just one instrument.

I've tried updating drivers, to unplug USB's. I've even tried to unplug SATA drives. I've tried resetting the power scheme as suggested here.

Using LatencyMon, I see that ACPI.sys is generating the constant high flow of interrupts, which I understand is difficult to troubleshoot.

I've tried most of what I can get my hands on of advice, but nothing have helped so far.

Any suggestions would be much appreciated. I also have create an .etl file and would be thrilled if someone who has the expertice is able to use it.

Thank you.





Edited by 1iveowl - 26 minutes ago at 9:42am

Troubleshooting : Outlook 2016 Rules are not working

February 27, 2018, 2:10 am
$
0
0
Author: RusselWood
Subject: Outlook 2016 Rules are not working
Posted: 27 February 2018 at 10:10am

Kernel for Outlook PST recovery, a perfect software to easily resolve all kind of corruption issue and to restore then at your desired location. The software free evaluation version is also available to download at- http://www.outlooktools.org/outlook-recovery.html

Miscellaneous Utilities : Sysmon PipeEvent

February 27, 2018, 7:27 am
$
0
0
Author: Nemo7891
Subject: Sysmon PipeEvent
Posted: 27 February 2018 at 3:27pm

I was gone for a week and my machine was rebooted a few times and now PipeEvent events are being generated again. Other machines which are rebooted don't generate PipeEvents events with the same config. Behavior appears super-spotty.

Miscellaneous Utilities : SDelete v2.01 - dangerous bug

February 27, 2018, 11:57 am
$
0
0
Author: Bob456
Subject: SDelete v2.01 - dangerous bug
Posted: 27 February 2018 at 7:57pm

I just downloaded and attempted to use SDelete 2.01 and have found a similar issue (possibly related).
 
When I try and use SDelete on a file with no extension, it returns the error "the system cannot find the file specified.".
 
C:\Users\Bob\Documents>sdelete.exe foo
SDelete v2.01 - Secure file delete
Copyright (C) 1999-2018 Mark Russinovich
Sysinternals - www.sysinternals.com
SDelete is set for 1 pass.
Cleaning disk foo:
Error opening disk foo:
The system cannot find the file specified.

The older version of SDelete did not have this bug.  I'll revert to that version until this can be fixed.
 
Thanks!
Search

Miscellaneous Utilities : SDelete v2.01 - dangerous bug

February 27, 2018, 12:07 pm
$
0
0
Author: Bob456
Subject: SDelete v2.01 - dangerous bug
Posted: 27 February 2018 at 8:07pm

Just went back and tested a couple of previous versions and found that the same bug (can't delete a file without an extension) also occurred in version 2.0.  It works properly in version 1.61.
 
Thanks,
-Bob

BgInfo : 32-bit OS crash with VB scripts

February 27, 2018, 12:36 pm
$
0
0
Author: Chriz78
Subject: 32-bit OS crash with VB scripts
Posted: 27 February 2018 at 8:36pm

I just noticed that VB scripts cause BGinfo to crash in a 32-bit OS.  I add a custom attribute, put in the path to the vbs, and as soon as I close the "user defined fields" box, BGinfo crashes.  I was running version 4.22, but this happens with 4.25 as well.

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

February 27, 2018, 12:39 pm
$
0
0
Author: 1iveowl
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 27 February 2018 at 8:39pm

I'm having the same issue and it's driving me nuts that I can't figure out why.  

I described it in details and added an .etl here in this forum: 

BgInfo : 32-bit OS crash with VB scripts

February 27, 2018, 12:40 pm
$
0
0
Author: Chriz78
Subject: 32-bit OS crash with VB scripts
Posted: 27 February 2018 at 8:40pm

Oh, and this was Windows 7 32-bit.  Not sure if it happens in Windows 10 32-bit.

Troubleshooting : Cannot install KB4074588

February 28, 2018, 5:18 am
$
0
0
Author: sr_mkrn
Subject: Cannot install KB4074588
Posted: 28 February 2018 at 1:18pm

Hi all,

I have an issue with Windows Update.

When I try to install updates, I get this errormessage:
• 2018-02 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4074588) - Error 0x80070002

When looking into the update history, the error says: "Last failed install attempt on ‎15.‎02.‎2018 - 0x80240034".

I've also tried to download the applicable file from windows update catalog, and update using the Windows Update Standalone Installer. I get an error there as well, saying: "The update is not applicable to your computer".

I have tried to clear the folders with update-files and restarted the services, to no avail.

At the same time I have an error with a device driver for: "Intel(R) Xeon(R) E3 - 1200/1500 v5/6th Gen Intel(R) Core(TM) PCIe Controller (x16) - 1901"

The errormessage is:
"This device cannot start. (Code 10)

An ACPI Power Object failed to transition state"

This leads to problems when returning from sleep state, where the screen goes black after boot and after a while the computer plays typical errorbeeps and restarts.

Could these two issues be connected somehow?

My Specifications is:
Platform: Lenovo T470p (20J6)
BIOS: 1.20
Edition: Windows 10 Pro
Version: 1709
OS Build: 16299.192

What could cause this error?


Edited by sr_mkrn - 9 minutes ago at 1:20pm
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>