sysinternals

问题 Looking for a memory leak I recently noticed that the Virtual Memory value reported by Process Explorer (procexp.exe by Microsoft/Sysinternals v16.26) is very high - like about 2.1TB where my laptop has 32GB RAM running Win 10Pro X64. Here for example, it reports that the virtual memory size of a Chrome.exe process is 2,151,819,136 KB. Any idea what may be causing that? 回答1: Thanks that-other-guy for the tip. As Alex Ionescu explains in his post (How Control Flow Guard Drastically Caused

问题 Does anyone know, how to disable "copyright header" from appearing when running PSExec? Everutime I run "./psexec ..." command I see this message: PsExec v2.11 - Execute processes remotely Copyright (C) 2001-2014 Mark Russinovich Sysinternals - www.sysinternals.com It's really annoying and it bloats up output of my script. Thanks Matthew 回答1: There does not appear to be a way to disable it from occurring, but as a workaround you could redirect STDERR which will suppress the output, psexec \

问题 Does anyone know, how to disable "copyright header" from appearing when running PSExec? Everutime I run "./psexec ..." command I see this message: PsExec v2.11 - Execute processes remotely Copyright (C) 2001-2014 Mark Russinovich Sysinternals - www.sysinternals.com It's really annoying and it bloats up output of my script. Thanks Matthew 回答1: There does not appear to be a way to disable it from occurring, but as a workaround you could redirect STDERR which will suppress the output, psexec \

问题 What I mean: If I... run runas /netonly /user:computername\username cmd enter the password for the local admin account "username" then type psexec \\computername cmd I now have a working shell and can run commands as the local admin user on the remote machine. However , trying to run this without the runas... and instead with the username and password arguments of psexec returns an access denied error. Example below: psexec \\computername -u username -p password cmd Access Denied Note: Others

问题 This is a follow-up from Invoke pstools in Python script When I open a command prompt and execute D:\pstools\psloggedon.exe -l -x \\10.10.10.10 I get DOMAIN\user But when I execute the script import sys, subprocess, socket, string import wmi, win32api, win32con pst = subprocess.Popen( ["D:\pstools\psloggedon.exe", "-l", "-x", "\\10.10.10.10"], stdout = subprocess.PIPE, stderr = subprocess.PIPE ) out, error = pst.communicate() print out, "is output" I get Error opening HKEY_USERS for \10.10.10

问题 I am trying to invoke pstools (specifically, psloggedon.exe) in my Python script import sys, subprocess, socket, string import wmi, win32api, win32con pst = subprocess.Popen( ["D:\pstools\psloggedon.exe", "-l", "-x", "\\10.10.10.10"], stdout = subprocess.PIPE, stderr = subprocess.PIPE ) out, error = pst.communicate() print pst, "is output" This is the output <subprocess.Popen object at 0x0000000002B18D68> is output I would like the output to be DOMAIN\user Thank You 回答1: If you want to print

问题 From where does this structure originates? I know that it is declared in famous ntdll.h and is a part of undocumented windows API. But isn't it vary between different versions of windows? Is there a way to dump this structure from working system? I tried 'dt SYSTEM_HANLDE_INFORMATION' in Windbg and 'type SYSTEM_HANLDE_INFORMATION' in SoftIce but all I get is 'no such symbol' message. I also dumped ntoskrnl.pdb with PdbDump.exe and searched among the dumped structures - and could not find

问题 I am working with a legacy VB6/COM application which sometimes causes Windows 7 to crash. I have now generated a .dmp file of one of these crashes using the ProcDump tool from Sysinternals. However, I have never worked with dump files before. Which resources would you recommend for getting started with dump file analysis? 回答1: Some more links that might be usefull WinDBG and tools: https://developer.microsoft.com/en-us/windows/hardware/download-windbg .Net extension for WinDBG: https://docs

问题 I am trying to create batch file to automate Sysinternals execution. This will eventually be executed by a Python script to automatically elevate credentials of a program (yes, I know this is bad practice, yes, there were ways to supply the password to "runas", etc, etc, but none of these solutions have worked for me) When I open a command prompt as a regular user and type the following .\psexec \\my_IP_address -u DOMAIN\my_admin_account -p my_admin_password cmd I get PsExec v2.0 - Execute

问题 I have a Hudson build script which calls the SysInternals PsExec utility. Normally, when PsExec is run for the first time by a given user it pops up a dialog box asking the user to accept the licence. The build agent runs as a service and I can see that the build gets stuck at PsExec. Process Explorer shows that PsExec is running, so I strongly suspect it's displaying that same prompt, but because it's running non-interactively there is no way to accept the prompt. Is there any way to get