sysinternals

I'm using Sysinternals DebugView for debugging/logging during testing, and it's pretty good. However I was thinking is there more advanced tool. Features I'm looking for: Live filters - log everything (well, everything "interesting"), change view by filtering Filter by process name Split log to different views by filtering Parsing messages Extending past OutputDebugString, receiving TCP/UDP messages from non-Windows devices Scripting(?) Features I like in DebugView: Filtering Colors Good timestamps Live view Any tools for this? Or other available techniques? I'm using Windows XP/7 and am

I am trying to launch notepad.exe on remote server A from local server B. below is the command which works fine and I could see notepad.exe process on Task Manager however when I physically remote login to server I do not see notepad launched (GUI). C:\Windows\System32>D:\SysInternals\psexec.exe \\serverB -u Domain\user1 -p passXX -i -d notepad.exe PsExec v1.98 - Execute processes remotely Copyright (C) 2001-2010 Mark Russinovich Sysinternals - www.sysinternals.com notepad.exe started on serverB with process ID 3328. How would I see notepad GUI when logged in ? is serverB a terminal server ?

This is a follow-up from Invoke pstools in Python script When I open a command prompt and execute D:\pstools\psloggedon.exe -l -x \\10.10.10.10 I get DOMAIN\user But when I execute the script import sys, subprocess, socket, string import wmi, win32api, win32con pst = subprocess.Popen( ["D:\pstools\psloggedon.exe", "-l", "-x", "\\10.10.10.10"], stdout = subprocess.PIPE, stderr = subprocess.PIPE ) out, error = pst.communicate() print out, "is output" I get Error opening HKEY_USERS for \10.10.10.10 is output How do I get the subprocess to read the IP address as \10.10.10.10 instead of \10.10.10

I'm using VMMap from SysInternals to look at memory allocated by my Win32 C++ process on WinXP, and I see a bunch of allocations where portions of the allocated memory are reserved but not committed. As far as I can tell, from my reading and testing, all of the common memory allocators (e.g., malloc, new, LocalAlloc, GlobalAlloc) used in a C++ program always allocate fully committed blocks of memory. Heaps are a common example of code that reserves memory but doesn't commit it until needed. I suspect that some of these blocks are Windows/CRT heaps, but there appears to be more of these types

I have installed PS 1.0 on a remote PC(RPC001). I used Windows Sysinternals tool PSExec.exe to execute the following process on the remote: PSExec \\RPC001 -u myID -p myPWD PowerShell C:\script\StartPS.ps1 par1 par2 I can see the PowerShell.exe process running on the remote PC afterwards, but it is actually doing nothing, just hanging there. I tried to put a simple code of "Write-Output/Host" a string in the script. I run the same script on the remote by RTS, it works there. Not sure if I miss anything else to run the script by using PSExec, or it is PSExec.exe limitation. I would like to

I have a Hudson build script which calls the SysInternals PsExec utility. Normally, when PsExec is run for the first time by a given user it pops up a dialog box asking the user to accept the licence. The build agent runs as a service and I can see that the build gets stuck at PsExec. Process Explorer shows that PsExec is running, so I strongly suspect it's displaying that same prompt, but because it's running non-interactively there is no way to accept the prompt. Is there any way to get around this silly limitation? Running on Windows Server 2008 R2 x64. Use the /accepteula command-line