Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Miscellaneous Utilities : DU: Question Marks In Output

July 15, 2013, 4:50 am
$
0
0
Author: Gushchin
Subject: DU: Question Marks In Output
Posted: 15 July 2013 at 11:50am

Hello everyone,
 
I tried the DU utility and found out that it outputs question marks instead of Russian symbols. Is there a workaround for this issue? Smile
 
I checked that my non-Unicode applications use Cyrillic code page. I also tried to run "chcp 1251" before running DU, and changed fonts in the cmd window.
 
Yours faithfully,
Igor Gushchin.
Search

Miscellaneous Utilities : Utility to lock my computer remotely

July 15, 2013, 12:28 pm
$
0
0
Author: mariamx
Subject: Utility to lock my computer remotely
Posted: 15 July 2013 at 7:28pm

Hello all,
I am new to this forum and really not a tech person at all. I recently lost my laptop and wonder if there is a way to lock my computer remotely to safeguard the information. A co-worker told me that I may find something on Microsoft website. I found PSshutdown and wonder if it is the right utility to use. If anybody knows how to use it, please contact me.
Thanks a lot,
Maria

Process Explorer : "no symbols" for Kernel Memory limits system info

July 15, 2013, 12:31 pm
$
0
0
Author: R37ribution
Subject: "no symbols" for Kernel Memory limits system info
Posted: 15 July 2013 at 7:31pm

I got it working!

I only needed symbols for C:\Windows\system32\ntkrnlpa.exe on both the Windows Server 2003 SP2 and the Windows XP Pro SP3 hosts. I didn't use any symbols for ntoskrnl.exe to get the system information page to display correct max pool values for paged and nonpaged pool memory.

Below are two examples of how I got it working.
1) From a Windows XP host connected to the cloud where I used symchk.exe to download the symbols and pointed Process Explorer to a static directory on the machine.
2) From a Windows 2003 Server SP2 x86 host without internet access, in which I used symchk.exe to create a manifest of ntkrnlpa.exe and copied that manifest over to a computer with internet access and used symchk.exe to pull down those files. Similar to the offline walk thru here - http://blogs.technet.com/b/askperf/archive/2008/04/08/using-process-explorer-without-an-internet-connection.aspx
NOTE: I could not get the "Paged Limit" to work on my Windows 7 Ultimate x64 based computer, it still says "no symbols".

Apparently the instructions in the article below are not complete or inaccurate. Can someone go over what I have done here and determine if the documentation needs updating? This would have saved me a day of troubleshooting.
Using Process Explorer without an Internet Connection
http://blogs.technet.com/b/askperf/archive/2008/04/08/using-process-explorer-without-an-internet-connection.aspx

If you're trying to avoid installing Debugging Tools for Windows to get the DLL file copied over, you can install it on a non production host and copy the following files over to your "island" computer:
C:\Program Files\Windows Kits\8.0\Debuggers\x86\dbghelp.dll
C:\Program Files\Windows Kits\8.0\Debuggers\x86\symchk.exe
C:\Program Files\Windows Kits\8.0\Debuggers\x86\SymbolCheck.dll
C:\Program Files\Windows Kits\8.0\Debuggers\x86\symsrv.dll (appears to only be needed to download symbol dependencies, symchk.exe will still generate your manifest without this file)

Link to Debugging Tools for Windows:
http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx

The following error when running symchk.exe appears to be normal as symchk.exe is trying to download a pdb file from the MS symbol server which of course is not available on your island computer. This error will also happen if you run symchk.exe on a "cloud" computer and symsrv.dll is not available.
"SYMCHK: ntoskrnl.exe         FAILED  - ntkrnlmp.pdb mismatched or not found"


Here is what I did on the XP host (has an internet connection but used symchk.exe to pull down symbols):
1) Purged C:\symbols
2) Changed my symbol path in Process Explorer to C:\symbols so it wouldn't reach out to the MS web server (old path - SRV*C:\WINDOWS\SYMBOLS*http://msdl.microsoft.com/download/symbols)
3) Executed the following at the cmd prompt to manually pull down the symbols for ntkrnlpa.exe:
Originally posted by Windows XP Pro ntkrnlpa.exe symchk symbol download Windows XP Pro ntkrnlpa.exe symchk symbol download wrote:

C:\Program Files\Windows Kits\8.0\Debuggers\x86>symchk.exe /if C:\Windows\System32\ntkrnlpa.exe /oi /op /ov /v /s SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
[SYMCHK] Searching for symbols to C:\Windows\System32\ntkrnlpa.exe in path SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
[SYMCHK] Using search path "SRV*c:\symbols*http://msdl.microsoft.com/download/symbols"
DBGHELP: No header for C:\Windows\System32\ntkrnlpa.exe.  Searching for image on disk
DBGHELP: C:\Windows\System32\ntkrnlpa.exe - OK
SYMSRV:  ntkrnlpa.pdb from http://msdl.microsoft.com/download/symbols: 395043 bytes - copied
DBGHELP: ntkrnlpa - public symbols
        c:\symbols\ntkrnlpa.pdb\497890CCBAF846F2944EC59C921550431\ntkrnlpa.pdb
[SYMCHK] MODULE64 Info ----------------------
[SYMCHK] Struct size: 1680 bytes
[SYMCHK] Base: 0x00400000
[SYMCHK] Image size: 2066048 bytes
[SYMCHK] Date: 0x498c11d3
[SYMCHK] Checksum: 0x00206ac2
[SYMCHK] NumSyms: 0
[SYMCHK] SymType: SymPDB
[SYMCHK] ModName: ntkrnlpa
[SYMCHK] ImageName: C:\Windows\System32\ntkrnlpa.exe
[SYMCHK] LoadedImage: C:\Windows\System32\ntkrnlpa.exe
[SYMCHK] PDB: "c:\symbols\ntkrnlpa.pdb\497890CCBAF846F2944EC59C921550431\ntkrnlpa.pdb"
[SYMCHK] CV: RSDS
[SYMCHK] CV DWORD: 0x53445352
[SYMCHK] CV Data:  ntkrnlpa.pdb
[SYMCHK] PDB Sig:  0
[SYMCHK] PDB7 Sig: {497890CC-BAF8-46F2-944E-C59C92155043}
[SYMCHK] Age: 1
[SYMCHK] PDB Matched:  TRUE
[SYMCHK] DBG Matched:  TRUE
[SYMCHK] Line nubmers: FALSE
[SYMCHK] Global syms:  FALSE
[SYMCHK] Type Info:    TRUE
[SYMCHK] ------------------------------------
SymbolCheckVersion  0x00000002
Result              0x00130001
DbgFilename
DbgTimeDateStamp    0x498c11d3
DbgSizeOfImage      0x001f8680
DbgChecksum         0x00206ac2
PdbFilename         c:\symbols\ntkrnlpa.pdb\497890CCBAF846F2944EC59C921550431\ntkrnlpa.pdb
PdbSignature        {497890CC-BAF8-46F2-944E-C59C92155043}
PdbDbiAge           0x00000001
[SYMCHK] [ 0x00000000 - 0x00130001 ] Checked "C:\Windows\System32\ntkrnlpa.exe"
SYMCHK: ntkrnlpa.exe         [5.1.2600.5755   ] PASSED  - PDB: ntkrnlpa.pdb DBG: <N/A>

SYMCHK: FAILED files = 0
SYMCHK: PASSED + IGNORED files = 1

C:\Program Files\Windows Kits\8.0\Debuggers\x86>
4) Opened up Process Explorer > System Information and "no symbols" is GONE! I have max pool values now.



This same process worked on my "island" Windows Server 2003 SP2 computer as follows:
1) Purged C:\symbols
2) Removed any data from an existing symlist file as symchk appends data to this file
Originally posted by ntkrnlpa.exe manifest generation on Windows 2003 Server SP2 island ntkrnlpa.exe manifest generation on Windows 2003 Server SP2 island wrote:

C:\xxxxxxx\vodbo\symchk_x86>symchk.exe /om .\symlist /if C:\WINDOWS\system32\ntkrnlpa.exe /v
[SYMCHK] Searching for symbols to C:\WINDOWS\system32\ntkrnlpa.exe in path SRV*C:\WINDOWS\SYMBOLS*http://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path: SRV*C:\WINDOWS\SYMBOLS*http://msdl.microsoft.com/download/symbols
[SYMCHK] Using search path "SRV*C:\WINDOWS\SYMBOLS*http://msdl.microsoft.com/download/symbols"
DBGHELP: No header for C:\WINDOWS\system32\ntkrnlpa.exe.  Searching for image on disk
DBGHELP: C:\WINDOWS\system32\ntkrnlpa.exe - OK
SYMSRV:  C:\WINDOWS\SYMBOLS\ntkrpamp.pdb\81143165DF564A62956C4EF4CFE2C62F1\ntkrpamp.pdb not found
SYMSRV:  http://msdl.microsoft.com/download/symbols: not available
DBGHELP: ntkrnlpa - no symbols loaded
[SYMCHK] MODULE64 Info ----------------------
[SYMCHK] Struct size: 1680 bytes
[SYMCHK] Base: 0x00400000
[SYMCHK] Image size: 2465792 bytes
[SYMCHK] Date: 0x4a799091
[SYMCHK] Checksum: 0x00246e62
[SYMCHK] NumSyms: 0
[SYMCHK] SymType: SymNone
[SYMCHK] ModName: ntkrnlpa
[SYMCHK] ImageName: C:\WINDOWS\system32\ntkrnlpa.exe
[SYMCHK] LoadedImage: C:\WINDOWS\system32\ntkrnlpa.exe
[SYMCHK] PDB: ""
[SYMCHK] CV: RSDS
[SYMCHK] CV DWORD: 0x53445352
[SYMCHK] CV Data:  ntkrpamp.pdb
[SYMCHK] PDB Sig:  0
[SYMCHK] PDB7 Sig: {81143165-DF56-4A62-956C-4EF4CFE2C62F}
[SYMCHK] Age: 1
[SYMCHK] PDB Matched:  TRUE
[SYMCHK] DBG Matched:  TRUE
[SYMCHK] Line nubmers: FALSE
[SYMCHK] Global syms:  FALSE
[SYMCHK] Type Info:    FALSE
[SYMCHK] ------------------------------------
SymbolCheckVersion  0x00000002
Result              0x00010001
DbgFilename         ntkrnlpa.dbg
DbgTimeDateStamp    0x00000000
DbgSizeOfImage      0x00000000
DbgChecksum         0x00000000
PdbFilename         ntkrpamp.pdb
PdbSignature        {81143165-DF56-4A62-956C-4EF4CFE2C62F}
PdbDbiAge           0x00000001
[SYMCHK] [ 0x00000000 - 0x00010001 ] Checked "C:\WINDOWS\system32\ntkrnlpa.exe"
SYMCHK: ntkrnlpa.exe         FAILED  - ntkrpamp.pdb mismatched or not found

SYMCHK: FAILED files = 1
SYMCHK: PASSED + IGNORED files = 0

C:\xxxxxxx\vodbo\symchk_x86>
Here is the contents of C:\xxxxxxx\vodbo\symchk_x86\symlist:
Originally posted by C:\xxxxxxx\vodbo\symchk_x86\symlist C:\xxxxxxx\vodbo\symchk_x86\symlist wrote:

C:\xxxxxxx\vodbo\symchk_x86>type .\symlist
ntkrpamp.pdb,81143165DF564A62956C4EF4CFE2C62F1,1
ntkrnlpa.exe,4a79909125a000,1

C:\xxxxxxx\vodbo\symchk_x86>
4) Copy the symlist manifest from step 3 over to the "cloud" computer
5) Run symchk.exe on the "cloud" computer pointing it at the symlist manifest and download symbols to C:\win2k3_symbols...
Originally posted by ntkrnlpa.exe symbol download on the cloud computer ntkrnlpa.exe symbol download on the cloud computer wrote:

C:\Program Files\Windows Kits\8.0\Debuggers\x86>symchk.exe /im c:\symlist /s SRV*C:\win2k3_symbols*http://msdl.microsoft.com/download/symbols /oi /op /ov /v
[SYMCHK] Downloading symbols in manifest c:\symlist from SRV*C:\win2k3_symbols*http://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path: SRV*C:\win2k3_symbols*http://msdl.microsoft.com/download/symbols
SYMSRV:  ntkrpamp.pdb from http://msdl.microsoft.com/download/symbols: 429711 bytes - copied
DBGHELP: C:\win2k3_symbols\ntkrpamp.pdb\81143165DF564A62956C4EF4CFE2C62F1\ntkrpamp.pdb - OK
SYMCHK: ntkrpamp.pdb         [N/A             ] DOWNLOADED
DBGHELP: Symbol Search Path: SRV*C:\win2k3_symbols*http://msdl.microsoft.com/download/symbols
SYMSRV:  C:\win2k3_symbols\ntkrnlpa.exe\4a79909125a000\ntkrnlpa.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntkrnlpa.exe/4a79909125a000/ntkrnlpa.exe not found
SYMCHK: ntkrnlpa.exe         ERROR - Unable to download file. Error reported was 2

SYMCHK: FAILED files = 1
SYMCHK: PASSED + IGNORED files = 1

C:\Program Files\Windows Kits\8.0\Debuggers\x86>
6) Copy the C:\win2k3_symbols directory contents over to the "island" host's symbol directory C:\WINDOWS\Symbols
7) Open up Process Explorer > Options > Configure Symbols... and point it to the directory where you copied the downloaded symbols from step 5, don't forget to point the dbghelp.dll path to the version you copied over from a computer where you installed Debugging Tools for Windows from.


Edited by R37ribution - 21 hours 46 minutes ago at 8:14pm

Miscellaneous Utilities : Utility to lock my computer remotely

July 15, 2013, 2:02 pm
$
0
0
Author: LMiller7
Subject: Utility to lock my computer remotely
Posted: 15 July 2013 at 9:02pm

There isn't really any utility that can lock a computer remotely, even if it could be accessed, and that is essentially impossible under the circumstances. There are a number of precautions that can be taken to safeguard your data while the computer is in your possession but the opportunity for that is past. 

Miscellaneous Utilities : Utility to lock my computer remotely

July 15, 2013, 3:40 pm
$
0
0
Author: mariamx
Subject: Utility to lock my computer remotely
Posted: 15 July 2013 at 10:40pm

Not a great news for me but I appreciate your reply! :)

Miscellaneous Utilities : Utility to lock my computer remotely

July 15, 2013, 5:26 pm
$
0
0
Author: WindowsStar
Subject: Utility to lock my computer remotely
Posted: 16 July 2013 at 12:26am

There are many ways to do this:
 
#1 PowerShell
#2 VBScript
#3 Command Line
 
All will need security modifications when used on Windows Vista/7/8/8.1 {ie turn on Remote Admin and/or turn off UAC, etc.} -WS
 
Example Command Line (Untested):
 
psexec \\computername -i "C:\Windows\System32\rundll32.exe" user32.dll,LockWorkStation


Edited by WindowsStar - 17 hours 31 minutes ago at 12:29am

Troubleshooting : System Process High Cpu windows 2003 server x64

July 15, 2013, 6:40 pm
$
0
0
Author: El Senku
Subject: System Process High Cpu windows 2003 server x64
Posted: 16 July 2013 at 1:40am

Hi!

Unfortunately I can't tell something to srv.sys+srv.sys+0x62010. (Hopefully anyone else?!)

Is it possible to tell something more about the system?
Is it a virtual maschine? Did you something change since last week? (maybe any driver change or implementation?) Do you have more accesses to this server since last week? Did you install some windows updates?

PsTools : psexec to Windows 2008 R2 SP1

July 16, 2013, 12:27 am
$
0
0
Author: avishar
Subject: psexec to Windows 2008 R2 SP1
Posted: 16 July 2013 at 7:27am



psexec hangs when connecting to Windows 2008 R2 with no error message.UAC is disabled on the target Windows 2008 R2 server and all UAC policies are also set to disabled. The -h option makes on difference, from Windows 7 / Windows 2003 the result is the same. The cmd window is started with a user account with local administrator access to the target Windows 2008 R2 server.


Sample command:

psexec \\Windows2008server -h cmd

What change is required on Windows 2008 R2 for psexec to make a successful connection ?

Search

PsTools : psexec pipes problems

July 16, 2013, 3:34 am
$
0
0
Author: xm00fb9m
Subject: psexec pipes problems
Posted: 16 July 2013 at 10:34am

Hi,

I actually use psexec v1.63 in a Windows 2008 environnement to parallelize some process.
The main program called netsync use always 20 threads that execute a psexec command on the same host (localhost). When a thread ended, another thread is created to maintain 20 threads.
The conception must permit to change the server that execute the commands, in order to customize dispatch.

I meet pipes limit reached error for 5 of the 97 threads. The errors occurs with a random order.
Error code 231:all pipe instances are busy

I read this article but no new solution for me
   http://forum.sysinternals.com/psexec-error-communicating_topic3097.html

I measure the count of existing pipes when I start the program Netsync and I join the statistics file.
I also join the time when errors (max pipes reached) happens.

I've not seen correlation between max pipes and error.
Can someone tell me :
   - what is a limit of pipe instance on each OS ?
   - can it be customized ?
   - is there another way to continue to use psexec and to solve the problem ?


Thanks for reading


uploads/47204/pipes.zip

BgInfo : Displaying pending WinUpdates possible?

July 16, 2013, 5:45 am
$
0
0
Author: PhreN
Subject: Displaying pending WinUpdates possible?
Posted: 16 July 2013 at 12:45pm

Hi all,
 
I would like to know if it is possible to use Bginfo to show if there are any Microsoft Updates pending on a Windows 7/8 or 2008/2012 server? Maybe extracting information from WSUS or directly from the server itself? Can i create an User defined field which accomplishes this?
 
kind regards,
Mark

PsTools : psexec to Windows 2008 R2 SP1

July 16, 2013, 9:35 am
$
0
0
Author: El Senku
Subject: psexec to Windows 2008 R2 SP1
Posted: 16 July 2013 at 4:35pm

Hi!

My psexec doesn't know the command -h.

What should the -h do?

(Btw: I tried the psexec command on a windows server 2008 r2 and it was successful. For sure, without the -h) 


Edited by El Senku - 1 hour 24 minutes ago at 4:36pm

PsTools : psexec and echo username

July 17, 2013, 2:32 am
$
0
0
Author: McNetic
Subject: psexec and echo username
Posted: 17 July 2013 at 9:32am

It works like this:

psexec \\remotemachine cmd /c echo ^%username^%

If adding the command in a batch script, you'll have to double the percent signs like this:

psexec \\remotemachine cmd /c echo ^%%username^%%

Process Monitor : Different number of bootlog files

July 17, 2013, 3:05 am
$
0
0
Author: dosser
Subject: Different number of bootlog files
Posted: 17 July 2013 at 10:05am

I have a Problem with some roaming Windows-XP-profiles in Windows Domain.

( Comment: Some profiles are onl working if the user has local admin rights )

So i used PM with bootlogging to find out whats going wrong.

Logging on with admin-rights i got 2 log-files xxx.pml & xxx-1.pml ( size ~300MB }
Logging on wihout admin-rights i got 90 log-files xxx.pml to xxx-90.pml ( size ~ 30 GigaByte !!!! )
All log files have different files-size.

Did not find a documentation for this logfile creating mechanism ;-(
Can someone explain me why so many different log-files are created ? Will i have to load each log separatly for debugging ?

Thanks in advance for your help





Edited by dosser - 11 hours 53 minutes ago at 10:07am

Process Monitor : Different number of bootlog files

July 17, 2013, 4:13 am
$
0
0
Author: Dax1792
Subject: Different number of bootlog files
Posted: 17 July 2013 at 11:13am

The following are quotes from the Windows Sysinternals Reference Manual which is worth buying if you are using the tools frequently.
 
When you enable boot logging from the Options menu, Procmon configures its drivers to run as a boot start driver that loads very early in the boot sequence at the next system startup, before most other drivers. Procmon's driver will log activity into %windir%\Procmon.PMB and it will continue logging through shutdown or until you run Procmon again. Thus, if you don't run Procmon during a boot session, you'll capture a trace of the entire boot-to-shutdown cycle. As a boot start driver, it remains loaded very late into the shutdown sequence.
 
 
Backing Files
If you choose a named file, Procmon might create additional files to keep the individual file sizes manageable. Files will have the same base name, with an incrementing number appended. As long as the files are kept in the same folder and with the same base name, Procmon will treat the file set as a single log.  

Process Monitor : Different number of bootlog files

July 17, 2013, 4:37 am
$
0
0
Author: dosser
Subject: Different number of bootlog files
Posted: 17 July 2013 at 11:37am

Thanks for the super fast and perfect explanition.

I didn't need such deep knowledge since 15 years, so buying/reading technical reference is overdo Wink

regards dossi
Search

Autoruns : sdelete

July 17, 2013, 8:35 am
$
0
0
Author: msem
Subject: sdelete
Posted: 17 July 2013 at 3:35pm

Hi everybody
We are using vmware view with Atlantis ILIO solutions, following atlantis best practice we configured our windows base image with a scheduled task that run sdelete every night in order to delete unused storage blocks saving storage space on our SAN.
Unfortunatley sdelete need to run once in order to accept the EULA, this cause the scheduled task to stuck waiting for a user input that will never come.
Does someone know if there is a method to avoid the initial sdelete message ?
Thanks to everybody
 

Troubleshooting : High CPU usage on 1 core while system is idle

July 17, 2013, 9:21 am
$
0
0
Author: Gilligan
Subject: High CPU usage on 1 core while system is idle
Posted: 17 July 2013 at 4:21pm

Originally posted by MagicAndre1981 MagicAndre1981 wrote:

Run this command:

xperf -on latency -stackwalk profile -buffersize 1024 -MaxFile 384 -FileMode Circular && timeout 60 && xperf -d DPC_Interrupt.etl

Ok, got it done.  It did throw up a warning about the 64 bit system not setup for tracing which I had already seen and changed but I guess the settings didn't take?

Said it traced anyway and that it was just a warning.

Here is the file:
https://dl.dropboxusercontent.com/u/107410464/DPC_Interrupt1.zip

63MB

Thanks for your help,
Gilligan

Autoruns : sdelete

July 17, 2013, 12:03 pm
$
0
0
Author: Dax1792
Subject: sdelete
Posted: 17 July 2013 at 7:03pm

Use the command sdelete.exe /accepteula
 
In case sdelete does not accept the /accepteula switch, you will need to manually set the Registry beforehand using a command such as
reg add hkcu\software\Sysinternals\sdelete /v eulaaccepted /t reg_dword /d 1 /f 

Miscellaneous Utilities : desktops in Windows 8

July 17, 2013, 1:18 pm
$
0
0
Author: wily
Subject: desktops in Windows 8
Posted: 17 July 2013 at 8:18pm

I just try 20 desktops tools to replace sysinternal desktops as I really need the msft "Mouse without borders" or "input director" to work with it but none are really as good as Sysinternal desktops, it is fast, reliable, they just need to:
1) fix the win 8 bugs
2) make it work with microsoft mouse without border or input director
and that will be usable

Miscellaneous Utilities : Desktops v2.0 and msft 'Mouse without Borders'

July 17, 2013, 1:20 pm
$
0
0
Author: wily
Subject: Desktops v2.0 and msft 'Mouse without Borders'
Posted: 17 July 2013 at 8:20pm

Please make desktops 2.0 play well with mircosoft Mouse without Borders, both tools on the same 2 laptops make a really great combination but there are issues, please try and fix them.
thanks.
Viewing all 10386 articles
Browse latest View live
Search