Questions tagged [sysinternals]
Usually refers to applications from the Sysinternals Suite (eg. Process Explorer, Process Monitor, RAMMap, ...)
110
questions
0
votes
1
answer
2k
views
Which processes are accessing CD/DVD drive?
I'm trying to install StarCraft 1 on my Windows 7 machine, but it's taking forever and it sounds like the DVD drive is thrashing. Is there any way to see which processes are reading from the DVD drive?...
- 685
0
votes
1
answer
337
views
“Strings” utility including linefeed (LF) and carrier return (CR)
I want to filter a large file (a raw partition image) for strings (an accidentally deleted text file). The normal "strings" utility (Linux GNU strings or Windows sysinternals strings) does not count ...
0
votes
1
answer
347
views
Huge number of strange entries reported by SysInternals' autoruns on my Win7 Ultimate pc
I have been searching for an answer to this for about a month, but without success: A Huge number of strange entries are reported by SysInternals' autoruns utility when I run it on my Windows 7 ...
0
votes
1
answer
679
views
Running command on remote windows server and add results to a text file
I am trying to find the installed version of a piece of software on a lot of servers (800+).
The command is: "dsmqver -f 2" which returns output like "Version: 7.5.0.2"
I have been trying to ...
- 11
8
votes
1
answer
33k
views
What does "I/O Reads or Writes" and "I/O Read Bytes or Write Bytes" mean?
In Task Manager (and Sysinternals' Process Explorer) there are columns called "I/O Reads", "I/O Writes", "I/O Read Bytes" and "I/O Write Bytes". So what do these counters mean exactly? What else, ...
- 91
1
vote
1
answer
917
views
Is there a GUI or context menu for Windows Explorer for PsFile?
PsFile is a great tool for closing network files that have been held open for some reason on another machine. This happens a lot with Office files, often because the user just left the file open and ...
- 2,018
2
votes
1
answer
3k
views
Run a scheduled task that can update the desktop background wallpaper without causing a foreground flash?
I like how certain Windows themes rotate through various images, but I also like to use BgInfo to write out various machine info to the desktop wallpaper image.
I created a customized BGI file and ...
- 913
3
votes
1
answer
4k
views
Portmon - Portmsys.sys not found
I've been wrestling with Sysinternals' Portmon utility and am trying to get it working under Windows 8.1 64-bit. Initially it would not start - it gave "Error 2" and exited, as detailed in this Stack&...
- 1,596
0
votes
1
answer
399
views
Can I use PsExec or similar tool to determine if a remote PC is already logged in?
I'm writing a utility which lets you remotely run a test application on network PCs. I plan to use PsExec to remotely launch the application on each PC but I need to check
The PC is reachable
The PC ...
- 5,336
8
votes
4
answers
6k
views
TrueCrypt dismount on Windows 8.1 keeps prompting: "volume contains files or folders being used by applications or system"
I have a volume mounted by TrueCrypt. All works fine, except when I try to dismount it (after verifying I don't have any application or explorer using anything in it). Every time I click the Dismount ...
- 216
12
votes
3
answers
92k
views
Could not start PSEXESVC service on [MachineName]: Access is denied
I'm trying to use PsExec to start a process on a remote machine. I posted this question on SO, but I realized it's probably better suited here. I also have spent a few hours trying to figure this out, ...
- 223
11
votes
1
answer
6k
views
SysInternals Desktops not launching Chrome
I'm using Desktops from SysInternals on Windows 8 and experiencing a problem launching Chrome. Even if I go to the exe of Chrome it will not launch in anything but the first Desktop. Does anyone know ...
- 244
3
votes
1
answer
2k
views
Why is high repurposed standby memory a sign of memory pressure?
I've been watching an older episode of defrag tools, where Andrew Richards explains RAMMap (http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-6-RAMMap)
At 24:45 he mentions that repurposing ...
- 442
4
votes
0
answers
2k
views
"Access is denied" to Admin when using Sysinternals Contig to defrag the $LogFile metadata file
I have folders with hundreds of thousands, to over a million files and subfolders in each parent. I'm reading that the NTFS log file may be responsible for slow file creation and other actions.
How ...
- 2,325
0
votes
0
answers
167
views
Strings.exe does not see Cyrillic
Sysinternals utility Strings.exe does not see Cyrillic strings despite the fact that it works with Unicode. Does exist any utilities or libraries that really can extract all printable Unicode strings ...
- 441
0
votes
2
answers
1k
views
capture output of runas command cross domain
I want to run the sysinternals tool psloglist to get the event log of a server that is on another domain.
If I run
runas /netonly /user:DOMAIN2\USER psloglist \\TARGETSERVER
Then a new command ...
- 882
4
votes
4
answers
6k
views
Defrag NTFS $LogFile
I have the super descriptive "my computer is slow" issue. In resource manager I notice that c:\$LogFile access times are continuously around 800 ms, and I suspect this is causing much of the slowdown. ...
- 3,342
0
votes
0
answers
71
views
How may I suppress the pslist (un)welcome lines?
How may I suppress the pslist (un)welcome text lines seen here?
2>NUL need not apply, since I want error output not suppressed.
- 381
2
votes
2
answers
2k
views
Sysinternals - Streams access is denied error
I am using streams.exe to remove blocking of game by Windows but it is showing me "Access is denied" error although I am running the command with administrator.
Article (that one I am following) : ...
30
votes
2
answers
29k
views
MKLINK vs. Junction.exe
SysInternals has a program junction.exe that creates Junctions (aka. reparse points, aka. symlinks) in Windows.
However, Windows also comes with a mklink which seems to do the same thing.
Is there a ...
- 983
1
vote
1
answer
612
views
in ProcessExplorer what is the difference between remote address = 127.0.0.1:0 and *:*?
In Process Explorer when I select a process click on "TCP/IP" tab it shows 5 columns: Protocol, Local Address, Remote Address, State, Service. Under Remote Address, I often see entries such as 127.0.0....
- 187
1
vote
0
answers
2k
views
Windows sessions: Process Explorer vs. Logonsessions.exe
In researching a problem with an API call that is limited to particular sessions, I found some information that implied when you use runas to create a process as another user, a new security token is ...
- 1,765
6
votes
2
answers
4k
views
Changing colors of Process Explorer
I want to make my Process Explorer dark. I managed to change all colors except these very bright columns:
How can I change these bright colors to something dark?
- 5,250
30
votes
4
answers
9k
views
What does the path '\REGISTRY\A\...' in Sysinternals Procmon log mean?
I use Sysinternals Procmon utility to monitor the registry access by some programs. Most log entries have the Path property starting from HKCU\… or HKLM\…, that corresponds to the registry hives ...
4
votes
1
answer
2k
views
Internet Explorer 10 doesn't seem to work with Sysinternals Desktops
I heavily use Sysinternals Desktops version 2 to manage multiple desktops. In the past, I used Internet Explorer 9 as this was the only web browser I found that could function across multiple ...
- 636
9
votes
1
answer
976
views
Is there a way to reset the toolbar minigraphs in Process Explorer?
Windows Sysinternals Process Explorer includes in its toolbar some minigraphs showing recent usage history for CPU, Memory, and so on:
These are nice. However, an inadvertent click on the 'thumb' of ...
- 264
0
votes
2
answers
753
views
How can I determine which operations or processes prevent screen saver and sleep mode
My desktop will not enter sleep mode or fire up the screen saver. To troubleshoot, I have run procmon and procexp from sysinternals in order to determine if some event is making the system think it ...
- 113
8
votes
1
answer
21k
views
Huge memory usage in Nonpaged Pool
I have a one-year-old iMac with 8GB RAM running a bootcamped Windows 7 Ultimate 64 bit.
The following memory analysis with Sysinternals RamMap.exe leaves some questions open:
What could be the ...
- 1,563
8
votes
3
answers
23k
views
How to unlock files using handle.exe and process name?
I tried Unlocker 1.9.1 but it doesn't work correctly for me on Windows7 (worked ok on Windows XP) and also I tried LockHunter 2.0.2.103 x64 and reported a bug but .... LockHunter actually unlocks the ...
- 3,104
1
vote
1
answer
550
views
USB-keyboard & mouse powered off in windows-7
I have a problem with a pc where usb devices are not getting any power as soon as windows starts up (it works in preboot). This pc has no ps/2, so there is no chance for input, also not in secure boot ...
- 509