sysinternals

Sysinternals psexec not running on the remote desktop

我与影子孤独终老i 提交于 2019-12-13 22:41:27
问题 I've got two Remote Desktops hosted by a Hyper-V. On Remote Desktop "A", I've got a .bat file, which I want to execute. On Remote Desktop "B", I've got a cmd open with psexec cmd ready to invoke .bat file on machine "A". "path-to\\psexec.exe" \\ip -u domain\username -p pswd -i cmd.exe /c "path-to\\myFile.bat %*" The script contained in .bat file on machine "A" operates on the UI and thus requires a real screen to be open, so I am connected to two RDs simultaneously. However, when I call

How to dump output of Sysninternals handle.exe to a text file?

冷暖自知 提交于 2019-12-11 14:28:06
问题 I want to see who locks a file, quickly. So I created a CMD script that will run Handle, put its output in a file and then open that file in the default text editor. prompt $ cls handle > handle.txt handle.txt When I run the script a new console wnd is open, I see handle running in it, then it quickly closes. It generates a file called handle.txt, but it is empty. I tried to run handle.exe as admin, but still doesn't work. What I do wrong? 来源: https://stackoverflow.com/questions/30504972/how

Command line version of Procmon

走远了吗. 提交于 2019-12-10 18:21:34
问题 I'm using Windows 7 and I'd like to monitor for new Process Create events. (i.e. get an entry for each process that's created, with full details about it.) I succeeded in doing this in Procmon, but I want to do it in the shell, and get text output without a GUI. Is there a CLI command that does that? e.g. I could tell it "Please list all events of the type so-and-so with a path of so-and-so" and it'll run indefinitely, writing details of these processes to stdout? 回答1: You can build your own

Sockets leaked in windows not shown in netstat and tcpview

允我心安 提交于 2019-12-09 07:46:27
Is it possible that windows leaks sockets connection and these sockets are not shown in tcpview and netstat? After running a few applications that perform many network connections, my windows machine enters a state in whitch it in not able to open any new socket connection. Even to itself (localhosts). For example, telnet to a local application failed because windows can't create new sockets. Closing and restarting the network applications does not helps. Only full windows restart solves the problem. netstat (& tcpview) indicates that there are only some dozens of connections. Thanks for your

Executing a batch file in a remote machine through PsExec

旧街凉风 提交于 2019-12-09 06:46:05
问题 I am trying to run a batch file (in the batch file I have just written 'notepad') on a remote PC through PSExec. The psexec command below runs in my laptop but fails to do anything on the remote PC. I don't even see 'notepad' running on the list of processes in the remote machine. c:\Program Files (x86)\PSTools>psexec -u administrator -p force \\135.20.230.160 -s -d cmd.exe /c -c "C:\Amtra\bogus.bat" PsExec v2.11 - Execute processes remotely Copyright (C) 2001-2014 Mark Russinovich

Correspondence between ProcMon and CreateFile disposition options

流过昼夜 提交于 2019-12-08 16:21:21
问题 Process Monitor shows disposition option for CreateFile operation as "Open", "OpenIf", "Overwrite", "OverwriteIf" (may be something else). How does the options which contain "If" differ from those that do not? And to which CreateFile WinAPI function 'dwCreationDisposition' flags do they correspond? 回答1: | CreateFile | NtCreateFile | Process Monitor | | dwCreationDisposition | CreateDisposition | Disposition | |-----------------------|-----------------------|-----------------| | n/a | FILE

Sockets leaked in windows not shown in netstat and tcpview

早过忘川 提交于 2019-12-08 04:36:23
问题 Is it possible that windows leaks sockets connection and these sockets are not shown in tcpview and netstat? After running a few applications that perform many network connections, my windows machine enters a state in whitch it in not able to open any new socket connection. Even to itself (localhosts). For example, telnet to a local application failed because windows can't create new sockets. Closing and restarting the network applications does not helps. Only full windows restart solves the

CMD.exe closes immediately after calling (Win7 64)

南笙酒味 提交于 2019-12-04 18:07:14
问题 Has anyone found such behavior when Command Processor (cmd.exe) closes immediately after calling it? I’ve run McAfee AV and Windows System File Check (sfc.exe) and nothing wrong was detected, I’ve even copied cmd.exe file from other win 7 machine and it is still working same way. Strangest thing is – on the windows 7 64 there is also 32 bit version of that file which works perfectly normal. SysInternals Process Monitor shows that cmd.exe process ends with exit code 0x0... o_O Also calling

Alternatives to DebugView?

血红的双手。 提交于 2019-12-04 12:35:50
问题 I'm using Sysinternals DebugView for debugging/logging during testing, and it's pretty good. However I was thinking is there more advanced tool. Features I'm looking for: Live filters - log everything (well, everything "interesting"), change view by filtering Filter by process name Split log to different views by filtering Parsing messages Extending past OutputDebugString, receiving TCP/UDP messages from non-Windows devices Scripting(?) Features I like in DebugView: Filtering Colors Good

Getting started with dump file analysis

六眼飞鱼酱① 提交于 2019-12-03 15:10:39
I am working with a legacy VB6/COM application which sometimes causes Windows 7 to crash. I have now generated a .dmp file of one of these crashes using the ProcDump tool from Sysinternals. However, I have never worked with dump files before. Which resources would you recommend for getting started with dump file analysis? Some more links that might be usefull WinDBG and tools: https://developer.microsoft.com/en-us/windows/hardware/download-windbg .Net extension for WinDBG: https://docs.microsoft.com/en-us/dotnet/framework/tools/sos-dll-sos-debugging-extension There are some books such as "