Stack Overflow
Stack Overflow

Questions tagged [sysinternals]

Windows Sysinternals is a part of the Microsoft TechNet website which offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment.

The Sysinternals web site was created by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information.

The website featured several freeware tools that aid in the adminstration of local and remote Windows systems.

Sysinternals is now part of the Microsoft TechNet website.

166 questions
0
votes
0 answers

How to close a specific handle that is an "Event" Type in Sysinternals?

What I was doing is trying to close an "Event" Type via cmd.exe, Let's just say "\Sessions\1\BaseNamedObjects\ROBLOX_singletonEvent" in Sysinternals Process Explorer in Handles Menu: RobloxPlayeBeta.exe…
Jam The Adventurer
  • 1
  • 1
  • 1
0
votes
0 answers

Active-Passive IIS Infrastructure

We are trying to create an IIS infrastructure. Because of the application's infrastructures (they are many types of applications from old school to SPA) we thought that Active-Passive infrastructure will be more appopriate. So this brings an other…
Can Yıldırmaz
  • 3
  • 2
0
votes
2 answers

Process stdout capture for Autoruns

Hey guys I am working on a project currently where I am trying to run Autorunsc64.exe from the sysinternals suite and, unlike other executables I have tried, I can't get it to give me the output in a form I want. Here is the current iteration of my…
MrHorsePower
  • 1
  • 1
0
votes
0 answers

How to track down access violation "at address 00000000" in third party software using MadExcept of Sysinternals ProcessMonitor?

Access violation "at address 00000000" started appear to my Delphi 2009 installation. I started ProcessMonitor https://learn.microsoft.com/en-us/sysinternals/downloads/procmon and filtered events by bds.exe Process Name and the log is manageable.…
TomR
  • 2,696
  • 6
  • 34
  • 87
0
votes
1 answer

how can i observe interaction/communication between a process (user land) and a driver in windows

I tried to trace some known network API functions in some Sysinternals tools in order to observe/capture the interaction between a process and a driver (say for example arp.exe interaction with the network adapter driver?, what IOCTL is used etc..…
L10N L10N
  • 11
  • 1
0
votes
1 answer

Process handles monitoring

I'm banging my head against the wall to come up with a solution/tool to monitor process handles. I know there's process explorer and handle from sysinternals tools but what I'm trying to achieve here is execute a given process via powershell/cmd,…
Jose Maria Garcia
  • 1
  • 4
0
votes
2 answers

In windows, Why the handle value is in multiple of 4?

If I'm not wrong, A handle is an index inside a table maintained on per process basis. For 64bit Windows, Each entry in this table is made up of 8 byte address to the kernel object + 4 byte of access mask making the entry 12 byte long. However as I…
pralaynath_gainda_swamy
  • 21
  • 6
0
votes
1 answer

In Sysinternals' livekd, how can we find the information associated with a process from its PID?

I want to get information on a process from Sysinternals' livekd using its process ID. How do I do this? The documentation for WinDBG's !process command on MSDN (https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/-process)…
ARV
  • 6,287
  • 11
  • 31
  • 41
0
votes
0 answers

Procmon produces corrupt output file

I am trying to diagnose an issue causing my computer to crash when using audio for some time. I tried running procmon (Process Monitor v 3.84) using the option of ring buffer to a file (to limit the amount of captured data to 4GB) and I used the…
jmbouffard
  • 1,581
  • 1
  • 15
  • 22
0
votes
1 answer

Setting autologon to a local user after joining to a domain

I'm building an application to assist in re-configuring devices on our network. I've got the entire script working except for setting the device to auto logon. Nothing I am trying seems to work. Now, the use is a little different, as the device will…
Harlan
  • 133
  • 1
  • 3
  • 15
0
votes
1 answer

Track system restart

I've written a windows service thats part of software, I deployed the service on both windows server 2003 and 2008, the client contacted me complaining that when they restarted their servers they kept restarting and this happened on the two machines…
Ahmad J. Hamad
  • 121
  • 2
  • 12
0
votes
1 answer

How search for dll and functions in stack of process in process monitor?

I am using process monitor to track a process. ( I don't know if there is a better tool like that). Is there a way to search or filter for where exactly I have a specific dll say myName.dll with a specific function DoWork loaded in stack? The manual…
SunMan
  • 214
  • 1
  • 12
0
votes
2 answers

Sysinternals Process Monitor (ProcMon): Working with Time of Day Filter

I am using Sysinternals Process Monitor to debug some incoming events. Now I am trying to create a filter on 'Time Of Day' in order to filter those incoming events which time is greater than an specific time. For example, If I want to obtain those…
Willy
  • 9,848
  • 22
  • 141
  • 284
0
votes
1 answer

get name of memory mapped file

I have a windows host where, according to rammap, almost all memory is in mapped files. I try to find out which file causes such leak. All available guides suggest using tab File Summary to find out connection between file and mapped files. But…
idementia
  • 851
  • 1
  • 6
  • 12
0
votes
1 answer

Autorunsc64 (sysinternals) command line issue in PowerShell

I am trying to execute autorunsc64.exe (Sysinternals) in PowerShell like so: "C:\Program Files (x86)\Autoruns\autorunsc64.exe" -a * > "C:\Program Files (x86)\Autoruns\output.txt" However, it does not like single or double quotes anywhere. I've tried…
nog
  • 29
  • 4
1 2 3
10 11