Stack Overflow
Stack Overflow

Questions tagged [sysinternals]

Windows Sysinternals is a part of the Microsoft TechNet website which offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment.

The Sysinternals web site was created by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information.

The website featured several freeware tools that aid in the adminstration of local and remote Windows systems.

Sysinternals is now part of the Microsoft TechNet website.

166 questions
3
votes
1 answer

How is ProcDump implemented? Is it essentially a debugger?

I am interested in the internals of ProcDump (a Sysinternals utility): is it essentially a debugger? How does it manage to dump a process on exceptions, first chance exceptions and even managed (CLR) exceptions? I can see that it has imports such as…
qpp
  • 95
  • 8
3
votes
1 answer

Powershell with Psloggedon to see who last logged on a remote host (from a list of hosts)

I am having trouble using powershell and pslogged on to pull the information of "the last logged on user" and the "logged on timestamp" from the psloggedon tool. Basically what I am trying to do is to read from a text file with all the list of the…
Tony
  • 233
  • 2
  • 7
  • 15
3
votes
2 answers

Why isn't handles.exe discovering my DLL while ProcessExplorer can?

The problem: On a windows server 2012 r2 box, I'm trying to use Chef to programmatically replace a .dll command component (aka a vb 6 library that I've registered on the box using regsvr32.exe) but when I try to copy over the file, the app pool of…
user1079703
  • 442
  • 6
  • 15
3
votes
2 answers

How to drill down to code who created the handle

I know if we provide the absolute path to Handle.exe it will list all processes that locked the file. F:\Softwares\Handle>Handle.exe D:\Source\sample.dll Handle v4.0 Copyright (C) 1997-2014 Mark Russinovich Sysinternals -…
Srikanth
  • 980
  • 3
  • 16
  • 30
3
votes
2 answers

Viewing DbgPrint messages in Windows 8.1

I'm trying to write a MiniFilter driver. I've got Visual Studio 2013 Update 3 and WDK up and running on my Windows 8.1 box, along with a template from MS installed called "Filter Driver: Filesystem Mini-filter". I've made a fresh project with this…
athairus
  • 33
  • 1
  • 6
3
votes
1 answer

Launch Notepad.exe using PsExec sysinternal tool

I am trying to launch notepad.exe on remote server A from local server B. below is the command which works fine and I could see notepad.exe process on Task Manager however when I physically remote login to server I do not see notepad launched…
Sam
  • 392
  • 1
  • 6
  • 18
3
votes
0 answers

How to capture OutputDebugString messages

I have an application written in Visual C++ which uses OutputDebugString() (Win32 API) to log messages. The output is a DLL file. Are there ways or a utility that can capture these messages?
user2482613
  • 77
  • 1
  • 6
3
votes
0 answers

Windows 8 incompaitbility with sysinternals Desktops utility

After Googling for about the past hour and a half, I have been unable to find out any definitive information on how the start menu and how windows 8 style applications work behind the scenes. I was under the impression that Windows 8 Style…
Mitch
  • 21,223
  • 6
  • 63
  • 86
2
votes
2 answers

Sysinternals Process Monitor (ProcMon): Using wildcards on filter

I am using Sysinternals Process Monitor to debug some incoming events and now I am trying to create a filter on Path and using wildcards. What I am trying to use is to filter path which begin with c:\MyApp\MyDocuments\Temp and ends with .pdf Path…
Willy
  • 9,848
  • 22
  • 141
  • 284
2
votes
0 answers

hklm\Security Vs Security\Policy

I am researching the way an attacker would get a machine credentials. I figured the most common methods are to dump hklm\sam hklm\security hklm\system I was able to figure what information is stored in the SAM and why would I want to save it,…
Knightwish
  • 51
  • 1
  • 4
2
votes
0 answers

Are addresses from VMMap readable?

I'm using VMMap to view the address space of a process. In the left corner is the address. I attempted to copy the address and read it from the process. Here's an example: I attempted to see if I could read this address with a quick bit of code…
BugHunterUK
  • 8,346
  • 16
  • 65
  • 121
2
votes
1 answer

Sysinternal Close Handle working in Command Prompt But Not Powershell

I have a strange issue. I am trying to close down a handle using Powershell using this 1 liner: (&"D:\handle.exe" -p "–c C –p 3348 -y") I am getting the following response: No matching handles found. When I run the exact same command in Command…
Dritzz
  • 159
  • 1
  • 1
  • 10
2
votes
2 answers

THttpClient is not closing connection in Delphi

My software includes the function below for posting to URL. I'm using Sysinternals TCPView to see the connection. The connection is not closing after posting to URL. How should I change the code for immediate connection close? function PostURL(const…
Xel Naga
  • 826
  • 11
  • 28
2
votes
1 answer

Can't PsPing to Azure VM

I know that ping'ing into Azure VMs is disabled. The following page shows how to use Sysinternals' PsPing to do a TCP-based…
Sabuncu
  • 5,095
  • 5
  • 55
  • 89
2
votes
0 answers

Sysinternals Handle.exe is not detecting process handles that Process explorer can view

When i run Sysinternal Process Explorer i can see when cheatengine is attached to another process and i cant do the same thing with Handle.exe (Same company command line tool). I have tried each 32 bit and 64 bit versions of Handle.exe . It doesnt…
Suleyman DOGAN
  • 185
  • 10
1 2
3
10 11