Questions tagged [sysinternals]
Usually refers to applications from the Sysinternals Suite (eg. Process Explorer, Process Monitor, RAMMap, ...)
110
questions
2
votes
1
answer
1k
views
Why do programs start working when I open Process Monitor?
I have a script I wrote that creates and writes to a file every 20 or 30 seconds and it has been doing that fine for the past 15 years or so on 5 versions of Windows, but I installed the outstanding ...
- 21
2
votes
1
answer
377
views
What is the most practical way of finding out which certificate is the problematic one?
I've been using wsusoffline for quite sometime, but recently, I've had this problem. The program downloads an update but then immediately deletes it producing the following warning in the log:
...
- 1,953
2
votes
0
answers
563
views
PsGetSID shows two usernames and one SID
We changed the logon name of a person in AD from 'name1' to 'name2'. We had problems with some sql boxes picking up the old 'name2' and using it to authenticate so in tracking down why I ran:
...
- 21
1
vote
2
answers
2k
views
Handle Sysinternals software does not accept -c parameter
I am trying to close a handle to a locked file in Windows, using Sysinternals Handle software (http://technet.microsoft.com/en-us/sysinternals/bb896655).
First I search for opened handle:
handle.exe ...
- 241
1
vote
2
answers
530
views
Why is it that a tool like sysinternals Autoruns might not know the location of a startup?
From the help file for autoruns:
Note: before you send e-mail reporting what you believe to be an auto-start location that's overlooked by Autoruns, please make sure that Autoruns doesn't cover it and ...
1
vote
1
answer
550
views
USB-keyboard & mouse powered off in windows-7
I have a problem with a pc where usb devices are not getting any power as soon as windows starts up (it works in preboot). This pc has no ps/2, so there is no chance for input, also not in secure boot ...
- 509
1
vote
1
answer
828
views
Different Imphash for same PE file
I am analyzing a windows executable (C:\Windows\System32\xcopy.exe). The Imphash value calculated with Python is different from the one shown with PE studio. How can Imphash for a same file be ...
- 123
1
vote
2
answers
2k
views
In the output of SysInternals Handle.exe what does RWD stand for?
I'm using handle.exe from SysInternals to grab information about open handles. Running just handle.exe -p cmd to get the handles for cmd.exe, I get the following output. Other output is similar, just ...
- 113
1
vote
3
answers
5k
views
PsExec treats second remote computer in list as a program name
PsExec behaves very strangely when run on a specific server
When I use PsExec to run a program on multiple remote machines in most cases, it works perfectly fine. When I run the same command on one ...
- 13
1
vote
1
answer
612
views
in ProcessExplorer what is the difference between remote address = 127.0.0.1:0 and *:*?
In Process Explorer when I select a process click on "TCP/IP" tab it shows 5 columns: Protocol, Local Address, Remote Address, State, Service. Under Remote Address, I often see entries such as 127.0.0....
- 187
1
vote
1
answer
426
views
Unable to locate the physical disk sector(s) a file occupies
Sysinternals Diskview is producing what seems like an unlikely situation. I have a series of files I know exist on an NTFS filesystem (which is on a spinning disk hard drive), but when I try to use ...
- 31
1
vote
1
answer
471
views
How to enable "View Source" in Process Monitor?
Sysinternals Process Monitor has a button to "view the source" on a Event Properties > Stack element:
It is disabled in my trace. What do I need to enable it?
- 442
1
vote
1
answer
1k
views
System Internals procexp64 wont restore Task Manager
Prior versions of Process Explorer would allow you to toggle on/off the Replace with Task Manager option. However the current version seems not to toggle so well. After turning it on I can no longer ...
- 5,235
1
vote
1
answer
917
views
Is there a GUI or context menu for Windows Explorer for PsFile?
PsFile is a great tool for closing network files that have been held open for some reason on another machine. This happens a lot with Office files, often because the user just left the file open and ...
- 2,018
1
vote
2
answers
151
views
What are the main and non-damaging parts of Sysinternals Autoruns?
What are the main parts of Sysinternals Autoruns to use when disabling regular startup items that I can tell a not-so technical user to use? (Not parts for disabling stuff like important services etc.)...
- 417