Questions tagged [sysinternals]
Usually refers to applications from the Sysinternals Suite (eg. Process Explorer, Process Monitor, RAMMap, ...)
110
questions
0
votes
1
answer
2k
views
TCPView (Windows) doesn't show any addresses
I'm using TCPView 4.16 for Windows 10 (downloaded from https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview). Up until a few days ago it worked fine, but all of a sudden it simply stopped ...
- 1
0
votes
0
answers
98
views
How can I catch a briefly executing process with SysInternals Process Explorer? (or any standard tool)
For example with SysInternals Process Explorer I can briefly see a process popping up, I even see the window on-screen for half a second, but I can't figure out which tool or method to use to catch it ...
- 159
0
votes
1
answer
793
views
RamMap empties Standby Lists but doesn't free them
My problem is: when I use RamMap to empty some standby memory, it gets emptied and zeroed, but the freed memory isn't added to the Free memory counter afterwards. Instead, it keeps contributing to the ...
11
votes
1
answer
2k
views
Why windows executables show incorrect compiler timestamps?
I have observed that windows executable files show incorrect timestamps when I view them in PE studio.
For example this Notepad.exe file shows a compiler timestamp of 0x86FCBD69 (Mon Oct 07 03:45:05 ...
- 123
0
votes
1
answer
748
views
Sysinternal's VMMap is unable to find injected memory
I'm writing a Python script that uses the Windows API to learn process injection.
The injection is successful. I can verify that the shellcode is running, and Process Explorer shows the connection:
...
- 301
1
vote
1
answer
819
views
Different Imphash for same PE file
I am analyzing a windows executable (C:\Windows\System32\xcopy.exe). The Imphash value calculated with Python is different from the one shown with PE studio. How can Imphash for a same file be ...
- 123
1
vote
0
answers
233
views
How to run as admin an .Net exe with PSExec ( doesn't work on some of EXE)
I use PsExec to run some exe with administrators right on a Windows Server 2016.
It works.
Saddly, i have a .net exe which run not in admin right despite the use of psExec. I think it's due to the exe ...
1
vote
1
answer
422
views
Unable to locate the physical disk sector(s) a file occupies
Sysinternals Diskview is producing what seems like an unlikely situation. I have a series of files I know exist on an NTFS filesystem (which is on a spinning disk hard drive), but when I try to use ...
- 31
3
votes
3
answers
3k
views
Sysinternals Handles Close Command?
https://docs.microsoft.com/en-us/sysinternals/downloads/handle >>> I downloaded the file on this site. Everything is fine but I cannot do exactly what I want. I explained exactly what I ...
- 31
0
votes
0
answers
36
views
procmon - reset "relative time"
procmon allows to add column Ralative Time (since the start of profiling).
I want to measure distance between recorded events and it would be trivial if I can reset relative time to zero at some ...
- 2,046
1
vote
2
answers
518
views
Why is it that a tool like sysinternals Autoruns might not know the location of a startup?
From the help file for autoruns:
Note: before you send e-mail reporting what you believe to be an auto-start location that's overlooked by Autoruns, please make sure that Autoruns doesn't cover it and ...
0
votes
1
answer
259
views
How are Windows SysInternal Utilities Licensed? [closed]
Specifically I want to know about SDELETE by Mark Russinovich. I didn't find any license attached, although he holds a Copyright for it..
I want to know because I want to distribute it in my own ...
- 534
0
votes
1
answer
481
views
How to launch a program on different desktop, using sysinternals desktops
Is there a way to start a program on a different desktop? Say if Desktop 2 is currently displayed, how could I open Notepad on Desktop 4?
- 111
0
votes
0
answers
72
views
Checking all connections on Windows 7
I want to check all outbound/inbound connections when my pc is (apparently) idle and possibly permit/deny selectively each of them as soon as they occur. Unfortunately it seems not possible on Windows ...
- 130
1
vote
0
answers
749
views
Process Monitor: Any way to tell what process is terminating another?
I use Process Monitor from SysInternals to view logs from users' when they're being unable to launch an application. Very often users are running various security software they're not even aware of, ...
- 81