Skip to main content
Super User

Questions tagged [sysinternals]

Ask Question

Usually refers to applications from the Sysinternals Suite (eg. Process Explorer, Process Monitor, RAMMap, ...)

110 questions
Newest Active Bountied Unanswered
0 votes
0 answers
34 views

SysInternals Process Explorer starts but is unresponsive for a long time, spinning blue disk. Then works fine

I recently downloaded the SysInternals tools. I'm running them on Windows Server 2019. The problem I am having only seems to apply to Process Explorer. I have this problem whether I run procexp.exe or ...
Ramhound's user avatar
Ramhound
  • 43k
30 votes
3 answers
37k views

Equivalent to Sysinternals Process Explorer on Linux

I am using Ubuntu 11.10 and am looking for an equivalent to Process Explorer on Linux. There is System Monitor but it's not nearly as good as Process Explorer with all of its detailed information ...
LinuxExpert's user avatar
LinuxExpert
  • 1
29 votes
4 answers
9k views

What does the path '\REGISTRY\A\...' in Sysinternals Procmon log mean?

I use Sysinternals Procmon utility to monitor the registry access by some programs. Most log entries have the Path property starting from HKCU\… or HKLM\…, that corresponds to the registry hives ...
mbomb007's user avatar
mbomb007
  • 737
0 votes
1 answer
265 views

Process not showing in Process Explorer, even though it's running

Something strange is happening, I am running the game "Sheep dog 'n' wolf" via the SheepD3D.exe executable. While it is running I alt-tab and open SysInternals' Process Explorer (latest ...
Ben Hutchison's user avatar
Ben Hutchison
  • 565
-2 votes
1 answer
815 views

Sysinternals Process Monitor device driver: procedure could not be found

The most recent article I have found on this site regarding Systinternals Process Monitor is 13 years old. I must have missed something because I'm still having the same problem. I have Windows 7 on ...
Giacomo1968's user avatar
Giacomo1968
  • 56k
3 votes
3 answers
3k views

Sysinternals Handles Close Command?

https://docs.microsoft.com/en-us/sysinternals/downloads/handle >>> I downloaded the file on this site. Everything is fine but I cannot do exactly what I want. I explained exactly what I ...
js2010's user avatar
js2010
  • 623
0 votes
0 answers
80 views

What does the "QueryDeviceInformationVolume" operation in Process Monitor mean?

Seeing an operation called "QueryDeviceInformationVolume" in a SysInternals Process Monitor log when I start a desktop application. Simply trying to get some details about this operation and ...
JDeckSQL's user avatar
JDeckSQL
  • 1
0 votes
2 answers
379 views

Sysinternals Handle prints question marks "?" instead of non ASCII symbols

For files that contain non ASCII symbols, The Sysinternals Handle utility prints the file names with ?. A similar problem is also reported in the following places: Handle encoding problem Russian ...
PolarBear's user avatar
PolarBear
  • 533
0 votes
1 answer
72 views

sysinternal Process explorer only show registry events

I have my process explorer installed on my windows machine(sandbox). I run the malware, then capture events in process explorer, after 5 minutes, i stop the capture. to my surprise, it only show the ...
harrymc's user avatar
harrymc
  • 1
0 votes
0 answers
435 views

Is it possible to use procmon to find out why a process ends?

Let's say I started notepad. In a PowerShell window, I run ps notepad | Stop-Process -Force to kill all notepad session. I captured a procmon trace during these operations. Is it possible to find out ...
Fajela Tajkiya's user avatar
Fajela Tajkiya
  • 137
59 votes
3 answers
44k views

Restore the original task manager after replacing it with the Sysinternals process explorer

After replacing the default Windows task manager with Sysinternals’ process explorer via the Options → Replace task manager menu, how do you undo that action, i.e. restore the original task manager? I’...
Mavaddat Javid's user avatar
Mavaddat Javid
  • 217
6 votes
2 answers
3k views

How can I run SysInternals ProcMon (or equivalent) inside a docker Windows container?

I'm trying to diagnose an issue where a complicated process does not run inside of my Windows Core container. I really need to figure out why it is failing. If this was a VM, I would just pop up the ...
Michael Kriese's user avatar
Michael Kriese
  • 19
2 votes
2 answers
1k views

How to change "Volume Serial Number" in Windows docker image?

I am trying to change the "Volume Serial Number" of a docker image with Sysinternals VolumeId but I'm getting Error reading drive: The request is not supported. when I run Volumeid64.exe C: 1AAA-111A -...
Mipster's user avatar
Mipster
  • 11
0 votes
0 answers
417 views

Can not run Sysinternals Process Explorer via Task scheduler (installed via winget on Win11)

I'm unable to setup the Process Explorer to run at startup via Task Scheduler. Regardless if I create the task via the Process Explorer menu 'Run at startup' or manually I am unable to make it work. I'...
Dalibor Čarapić's user avatar
Dalibor Čarapić
  • 223
0 votes
0 answers
332 views

PSExec -c flag does not work with powershell scripts

I'm using PSExec 2.4 to run commands on multiple computers. If I want to run a local batch script on the target computer (named {machine} below), this works no problem: psexec -i \\{machine} -nobanner ...
EllipticalInitial's user avatar
EllipticalInitial
  • 1,620

15 30 50 per page
1
2 3 4 5
8