Stack Overflow
Stack Overflow

Questions tagged [sysinternals]

Windows Sysinternals is a part of the Microsoft TechNet website which offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment.

The Sysinternals web site was created by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information.

The website featured several freeware tools that aid in the adminstration of local and remote Windows systems.

Sysinternals is now part of the Microsoft TechNet website.

166 questions
1
vote
1 answer

Using Sysinternals ProcMon improves performance of sluggish application

Our WPF application works on most user's workstations, but performance is sluggish on one particular user's laptop when the application is responding to some UI work (a Solution Explorer bound to a property grid). I installed Sysinternals Process…
Mr. T.
  • 1,335
  • 4
  • 14
  • 24
1
vote
0 answers

Scripting Sysinternals Process Explorer

So the situation is pretty simple. We have remote management solution LabTech. It has a process view tab, however, what im really looking for is a way to run the process signature verification that is available in Sysinternals Process Explorer. …
Exile
  • 11
  • 2
1
vote
1 answer

Sockets leaked in windows not shown in netstat and tcpview

Is it possible that windows leaks sockets connection and these sockets are not shown in tcpview and netstat? After running a few applications that perform many network connections, my windows machine enters a state in whitch it in not able to open…
Marco
  • 3,337
  • 2
  • 19
  • 25
1
vote
1 answer

Batch file to automate Sysinternals execution

I am trying to create batch file to automate Sysinternals execution. This will eventually be executed by a Python script to automatically elevate credentials of a program (yes, I know this is bad practice, yes, there were ways to supply the password…
Glowie
  • 2,271
  • 21
  • 60
  • 104
1
vote
0 answers

sysinternals ZoomIt How to keep annotations on the screen after exiting drawing mode

ZoomIt from Microsoft Sysinternals suite is a screen zoom and annotation tool for technical presentations that include application demonstrations. By default ZoomIt erase all annotations after exiting drawing mode, I want to keep those…
hichamORCL
  • 11
  • 4
1
vote
1 answer

DLLs reloaded to their preferred address

On Windows Server 2003, my application has started taking a long time to load on fresh install. Suspecting the DLLs are not loading to their preferred address and this is taking some time (the application has over 100 DLLs, 3rd parties included) I…
whtstar2
  • 11
  • 2
1
vote
1 answer

Using dbgview with java

I am writing java code and would like to use dbgview (and log4j if possible). By searching the documentation of log4j it seems that unlike log4net, log4j does not support the OutputDebugStringAppender which redirect output to what dbgview listens…
user1629505
  • 65
  • 9
0
votes
1 answer

windows-kernel - Can a thread id ever be the same as a process id?

Hi I've looked around for an answer to this question and I am wondering if anyone with experience in windows internals knows if the kernel ever will assign a process id that is the same as a thread id. What I mean is say there is process a.exe that…
loop
  • 3,460
  • 5
  • 34
  • 57
0
votes
0 answers

Why are the PID results in Task manager and netstat different?

This is more of a question for the difference in the results more than debugging an issue. It seems that the PID displayed from the netstat command is different from the task manager as shown below for svchost.exe: netstat -ab result: task manager…
Kentaro T. Vadney
  • 117
  • 9
0
votes
2 answers

How do I get SysInternals DebugView to display indents?

I'm using SysInternals DebugView with my .Net application. I've tried using the Indent feature of the .Net Debug class, but DebugView just seems to represent this as a NewLine character. Does anyone know if it's possible to get DebugView to…
RikRak
  • 898
  • 1
  • 7
  • 21
0
votes
0 answers

Shrink Disk and NTFS MetaFile Defragmentation ($BITMAP)

Shrink Disk and Defragmentation I'm trying to shrink a disk. The volume is about 1 To large, and only 200 Go are curretly used. It is a virtual disk. When i ask to the disk management tool to shrink my disk, it lets me shrink only 73 Go and says…
Marc
  • 1
0
votes
0 answers

Should this sysmon configuration be fine tuned more?

I am creating a sysmon configuration to implement in my lab environment. This environment is used to build replica networks for troubleshooting problems and testing different software. I have created this sysmon configuration file to monitor the…
teck223
  • 1
  • 1
0
votes
0 answers

How to view a device driver stack?

There is a picture on the Microsoft site which represent a USB device driver stack (in other word, the list of all drivers which applys for the device work). What software shall I use to get this list? Is such soft in the SysInternals? Some people…
Arseniy
  • 266
  • 2
  • 14
0
votes
1 answer

Why does Systinternals du64.exe unexpectedly output in UTF-16LE with a BOM (noticed it parsing output in perl)?

On a fresh install of Windows 11, running Strawberry perl, I'm debugging a script that parses the output of du64 (disk usage). It worked on Win 10 with ActiveState perl. To debug, I first checked du, without parameters: use strict; my $prog =…
kitchin
  • 774
  • 6
  • 9
0
votes
0 answers

LogonSessionId SID in a Service's Access Token

What's the purpose of having LogonSessionId_0_xxxx (S-1-5-5-0-xxxx) SID on access token of a service ? I know a LogonSessionId_0_xxxx (S-1-5-5-0-xxxx) SID is present in access tokens of non zero terminal session which enables desktop and kernel…
pralaynath_gainda_swamy
  • 21
  • 6
1 2 3
10 11