Questions tagged [sysinternals]
Usually refers to applications from the Sysinternals Suite (eg. Process Explorer, Process Monitor, RAMMap, ...)
110
questions
0
votes
1
answer
32
views
editing sysinternal log to post on forum
I use sysinternal tool procmon
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
I want to edit its log because I want to post it online on technical forums for disucssions.
I want to ...
- 119
0
votes
1
answer
242
views
Sysinternals Live unexpectedly slow?
I understand that the live version will inevitably be slower than a local copy. However, considering my system specs and bandwidth, the amount of latency experienced seems far too disproportionate to ...
- 1,183
1
vote
1
answer
471
views
How to enable "View Source" in Process Monitor?
Sysinternals Process Monitor has a button to "view the source" on a Event Properties > Stack element:
It is disabled in my trace. What do I need to enable it?
- 442
1
vote
1
answer
629
views
Bypassing agreement prompt for DiskUsage.exe?
I am running du.exe on a remote windows machine and do not want to have to access the remote machine's desktop, but the first run of du.exe is requiring an acceptance of the agreement which would ...
- 13
4
votes
0
answers
1k
views
High CPU usage from Explorer.exe - Suspecting Dropbox and/or Onedrive shell integration at fault
I'm experiencing high CPU usage from Explorer.exe and I am using SysInternals' Process Explorer to try to diagnose the issue.
Frequently I will get a CPU History graph like this (or worse, showing ...
- 651
0
votes
1
answer
81
views
What is corel doing on my udp connections for Chrome?
I have a weird mc.corel.com address lingering in Chrome and some parts of svchost processes, what is going on?
0
votes
1
answer
1k
views
Cmd instantly closes
So my cmd instantly closes, I tried following this: https://stackoverflow.com/questions/5373137/cmd-exe-closes-immediately-after-calling-win7-64 this kind of solves the problem but it introduces a new ...
- 43
0
votes
1
answer
2k
views
Alternative WHOIS client for Windows 10?
The de-facto whois client is Whois 1.20 From SysInternals, but it currently tries to contact moniker.com each time you attempt a whois, and now it is running into an endless loop situation.
- 763
1
vote
1
answer
995
views
What determines a DLL's "create time" in the ListDLLs output?
I've run ListDlls on an EXE that I'm unsure should be running no my computer. The dates are all over the place for the DLLs in the output. I'm curious as to how the "create time" field is set.
- 11
1
vote
0
answers
320
views
In Process Monitor, is it possible to see what data is written/read per entry?
In Process Monitor, is it possible see what data is being read/written to a particular item, be it a file or registry? For example, if a program added "platform=x64" to settings.ini somewhere, Process ...
- 5,994
1
vote
2
answers
2k
views
In the output of SysInternals Handle.exe what does RWD stand for?
I'm using handle.exe from SysInternals to grab information about open handles. Running just handle.exe -p cmd to get the handles for cmd.exe, I get the following output. Other output is similar, just ...
- 113
1
vote
3
answers
5k
views
PsExec treats second remote computer in list as a program name
PsExec behaves very strangely when run on a specific server
When I use PsExec to run a program on multiple remote machines in most cases, it works perfectly fine. When I run the same command on one ...
- 13
6
votes
1
answer
1k
views
Where does chocolatey install sysinternals?
Chocolatey has a nice sysinternals package, but where does it install to? (by default)
https://chocolatey.org/packages/sysinternals
- 2,322
2
votes
2
answers
1k
views
How to change "Volume Serial Number" in Windows docker image?
I am trying to change the "Volume Serial Number" of a docker image with Sysinternals VolumeId but I'm getting Error reading drive: The request is not supported. when I run Volumeid64.exe C: 1AAA-111A -...
- 166
1
vote
1
answer
1k
views
System Internals procexp64 wont restore Task Manager
Prior versions of Process Explorer would allow you to toggle on/off the Replace with Task Manager option. However the current version seems not to toggle so well. After turning it on I can no longer ...
- 5,235
60
votes
3
answers
44k
views
Restore the original task manager after replacing it with the Sysinternals process explorer
After replacing the default Windows task manager with Sysinternals’ process explorer via the Options → Replace task manager menu, how do you undo that action, i.e. restore the original task manager? I’...
- 2,461
2
votes
1
answer
1k
views
Why do programs start working when I open Process Monitor?
I have a script I wrote that creates and writes to a file every 20 or 30 seconds and it has been doing that fine for the past 15 years or so on 5 versions of Windows, but I installed the outstanding ...
- 21
6
votes
2
answers
3k
views
How can I run SysInternals ProcMon (or equivalent) inside a docker Windows container?
I'm trying to diagnose an issue where a complicated process does not run inside of my Windows Core container. I really need to figure out why it is failing. If this was a VM, I would just pop up the ...
- 163
7
votes
3
answers
27k
views
Errors starting PsExec to run a program as a local service
When I run the following command from an Administrative Command Prompt:
psexec64 -i -u "nt authority\network service" C:\Windows\System32\cmd.exe
I'm getting these error messages:
Couldn't install ...
- 909
3
votes
1
answer
821
views
"I/O write" or "Disk write" affects the SSD?
I like to find out which program using mostly my SSD.
I'm using Process Hacker (in elevated mode) to get an overview of my SSD usage and find the programs whose using it mostly. To test the ...
- 171
0
votes
0
answers
2k
views
Process Explorer: Process Disk: Read/Write bytes not working?
I like to find out which program using mostly my SSD.
On Windows 7 x64 machine in Process Explorer (opened as Administrator) double clicking on a process opens up the details of it. On the Disk and ...
- 171
4
votes
0
answers
4k
views
Extremely high modified memory usage and pages won't flush
My Lenovo Y50-70 machine suffers of extremely poor performance lately.
I'm disturbed by some memory-related issues. The machine has 8gb RAM and the pagefile size is currently 24gb ("Autmomatically ...
- 233
0
votes
1
answer
883
views
Running Process Monitor causes application to work
This is a longshot, but perhaps someone with knowledge of the internal workings of Sysinternal's Process Monitor may have an idea.
Recently we've had a very murky problem at work. We have a software (...
- 115
0
votes
1
answer
2k
views
Why does running a specific command remotely over SSH fail?
I am creating two Bash scripts on my Raspberry Pi, which is running the default Debian-based Linux distro: one to sleep my desktop computer, and one to shut it down.
The script to shutdown the ...
- 452
2
votes
1
answer
377
views
What is the most practical way of finding out which certificate is the problematic one?
I've been using wsusoffline for quite sometime, but recently, I've had this problem. The program downloads an update but then immediately deletes it producing the following warning in the log:
...
- 1,953
1
vote
0
answers
715
views
PSEXEC OpenSCManager fails when execute command for workgroup from domain
I am trying to run sysinternals' PSEXEC from my domain machine to workgroup machine and vice versa:
Cmd Line:
Psexec \\\MachineName -u "username" -p "password" -i -s -d cmd.exe
If I run this ...
- 11
2
votes
0
answers
563
views
PsGetSID shows two usernames and one SID
We changed the logon name of a person in AD from 'name1' to 'name2'. We had problems with some sql boxes picking up the old 'name2' and using it to authenticate so in tracking down why I ran:
...
- 21
10
votes
3
answers
14k
views
PsExec requirements on local computer
What services and settings are required to run psexec on local computer?
(e.g. psexec -s -i -d regedit)
- 379
3
votes
2
answers
3k
views
Windows10 - DBGView-Sysinternals outputs from various Windows-Tasks
I´ve got a Laptop (HP ProBook 4720s) with Windows 10 running.
For work we use DBGView from sysinternals too catch outputs from our self writen programs in order too find hard to find errors / bugs ...
- 31
0
votes
1
answer
1k
views
DEP: Sysinternals Process Explorer != static analysis != BinScope
I have an executable running ("heidisql.exe"). The Sysinternals Process Explorer shows "DEP (permanent)" in the column DEP.
I checked the binary statically (among other things using pestudio). The ...
- 155