Stack Overflow
Stack Overflow

Questions tagged [sysinternals]

Windows Sysinternals is a part of the Microsoft TechNet website which offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment.

The Sysinternals web site was created by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information.

The website featured several freeware tools that aid in the adminstration of local and remote Windows systems.

Sysinternals is now part of the Microsoft TechNet website.

166 questions
5
votes
1 answer

How to log cmd.exe built-in commands to Sysmon or Windows Event Logs?

When using the windows command prompt & executing a cmd.exe built-in command such as copy, del, echo, start, etc, the respective command line string executed does not populate in Sysmon Event ID 1 - Process Creation. The Sysmon Event only outlines…
Brandon Mesa
  • 59
  • 3
5
votes
2 answers

psexec fails against windows 10 remote target

Does psexec work against Windows 10 remote hosts? I'm running psexec from a Windows 7 machine. When the remote host is Windows 8.1, it works, when the remote host is Windows 10, it fails as below: C:\Windows 7>psexec -h -u Admin -p passwordHere -n…
luminous
  • 61
  • 1
  • 1
  • 4
5
votes
5 answers

How can I get a list of files loaded by my process?

I'm trying to do a quick and dirty deployment of a project. I thought it would be easy to run my process, use some tool to grab a list of all loaded files (DLLs) and use that list to create a copy file list for my test deployment. Thought about…
TheSean
  • 4,516
  • 7
  • 40
  • 50
4
votes
1 answer

How does the draggable crosshair in Process Explorer work?

There is a feature in Sysinternal's Process Explorer that allows a crosshair to be dragged from the application to a control in any other application you are running and highlights said control. Does anyone know how this was achieved or if there is…
Jason Irwin
  • 1,985
  • 2
  • 29
  • 42
4
votes
1 answer

Unreasonably huge process virtual memory size reported by Process Explorer

Looking for a memory leak I recently noticed that the Virtual Memory value reported by Process Explorer (procexp.exe by Microsoft/Sysinternals v16.26) is very high - like about 2.1TB where my laptop has 32GB RAM running Win 10Pro X64. Here for…
Dror Harari
  • 3,076
  • 2
  • 27
  • 25
4
votes
1 answer

PsExec works only with "runas /netonly", not with -u and -p parameters

What I mean: If I... run runas /netonly /user:computername\username cmd enter the password for the local admin account "username" then type psexec \\computername cmd I now have a working shell and can run commands as the local admin user on…
Mini
  • 445
  • 5
  • 17
4
votes
2 answers

Sysinternals ProcDump -e usage

I am rather new to using the procdump.exe utility and I am trying to find out why a process I am running is crashing without generating a crash dump or writing out an unhandled exception to the log. I am using the following command line procdump.exe…
Marek
  • 863
  • 4
  • 12
  • 19
4
votes
1 answer

Start WPF Application with RunAs Prompt

So I have a WPF application and here is what I want it to do. I can right click on the executable, select Run As Different user, and get the Windows Security box with User Name and Password, as well as the Smart Card logon. I was wondering if…
user3050992
  • 43
  • 6
4
votes
2 answers

PsExec open my remote machine process but application didn't start

I am using this code to open process in remote machine: Process process = new Process(); ProcessStartInfo psi = new ProcessStartInfo(@"D:\tools\PsExec\PsExec.exe"); psi.UseShellExecute = false; psi.RedirectStandardOutput = true; …
user1860934
  • 417
  • 2
  • 9
  • 22
3
votes
1 answer

How does pskill work across the UAC/elevation boundary?

Disclaimer: I'm asking specifically on Stackoverflow because I want to know how to re-implement this feature. We recently noticed that the Sysinternals tool pskill can kill an elevated process from a non-elevated context. Specifically, if you open a…
Martin Ba
  • 37,187
  • 33
  • 183
  • 337
3
votes
0 answers

How I can find why Windows is blocking java.exe?

I encounter some very strange behavior and I don't know how to handle it. I suspect that the behavior started to reproduce after last Windows upgrade. But I am not sure if it has anything related to it. (I discovered it when I tried to run maven,…
mihaic
  • 31
  • 2
3
votes
1 answer

Sigcheck from sysinternals not running in windows container Docker

I am facing a problem when trying to run inside an interactive command prompt Sigcheck.exe from Sysinternals. It starts running and shows the banner info like copyright but it looks like it's blocked, it just stays in running state without going…
Iuliana Porusniuc
  • 31
  • 2
3
votes
1 answer

Command line version of Procmon

I'm using Windows 7 and I'd like to monitor for new Process Create events. (i.e. get an entry for each process that's created, with full details about it.) I succeeded in doing this in Procmon, but I want to do it in the shell, and get text output…
Ram Rachum
  • 84,019
  • 84
  • 236
  • 374
3
votes
1 answer

how to disable logging in Process monitor while startup

How to Open Process monitor with logging on all logging components STOPPED. By default, it starts capturing all the logs giving no time to do CTRL + E which stops Capture Events and apply my filter. It fills virtual memory quick enough to become…
Sundar Rajan
  • 556
  • 4
  • 25
3
votes
2 answers

How can a device driver be EXE like Process Monitor

Process Monitor and Explorer are supplied an EXE file. But they include a driver. -Where is it. By Windows Internals, Process Monitor works by extracting a file system filter device driver from its executable image (Procmon.exe) the first time…
Benjamin
  • 10,085
  • 19
  • 80
  • 130
1
2
3
10 11