Questions tagged [sysinternals]

Usually refers to applications from the Sysinternals Suite (eg. Process Explorer, Process Monitor, RAMMap, ...)

enter image description here

The Sysinternals web site was created in 1996 by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications.

Sysinternals Suite

The Sysinternals Suite is a suite of applications for administrators to better manage their Windows Systems.

Notable applications include:

Process Explorer - A Task Manager replacement
Process Monitor - An application monitoring tool
PsExec - Allows to (remotely) execute applications
RAMMap - Gives an overview of how your RAM is currently used.

102 questions

votes

5 answers

How can I change the timestamp on a file?

Possible Duplicate: How to modify timestamp in a dll or exe? Windows equivalent of the Linux command 'touch'? How can I set the timestamp for a file via the command-line to a specific date? My specific situation is Windows 7.

windows timestamp sysinternals

asked Jun 03 '11 at 18:41

Joe Hansen

4,138
3
23
27

votes

3 answers

Restore the original task manager after replacing it with the Sysinternals process explorer

After replacing the default Windows task manager with Sysinternals’ process explorer via the Options → Replace task manager menu, how do you undo that action, i.e. restore the original task manager? I’ve already tried clicking that menu again, but…

task-manager sysinternals

asked May 07 '18 at 21:15

9999years

1,831
2
10
13

votes

2 answers

MKLINK vs. Junction.exe

SysInternals has a program junction.exe that creates Junctions (aka. reparse points, aka. symlinks) in Windows. However, Windows also comes with a mklink which seems to do the same thing. Is there a significant difference? I tend to believe that if…

windows-7 junction sysinternals

asked May 12 '14 at 14:51

abelenky

votes

3 answers

Equivalent to Sysinternals Process Explorer on Linux

I am using Ubuntu 11.10 and am looking for an equivalent to Process Explorer on Linux. There is System Monitor but it's not nearly as good as Process Explorer with all of its detailed information about processes. Any suggestions?

linux ubuntu software-rec process-explorer sysinternals

asked May 19 '11 at 03:47

Gautam

votes

4 answers

What does the path '\REGISTRY\A\...' in Sysinternals Procmon log mean?

I use Sysinternals Procmon utility to monitor the registry access by some programs. Most log entries have the Path property starting from HKCU\… or HKLM\…, that corresponds to the registry hives HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE that can be…

windows-registry regedit sysinternals procmon

asked Dec 17 '13 at 18:58

Vladimir Reshetnikov

votes

1 answer

How to exclude every process in Sysinternal's Process Monitor in the filter except for one process?

How to exclude every process in SysInternal's Process Monitor in the filter except for one process? Some kind of using a wildcard filter.

sysinternals process-monitor

asked Dec 28 '11 at 07:12

Tony_Henrich

10,846
28
83
111

votes

3 answers

Could not start PSEXESVC service on [MachineName]: Access is denied

I'm trying to use PsExec to start a process on a remote machine. I posted this question on SO, but I realized it's probably better suited here. I also have spent a few hours trying to figure this out, and haven't really gotten anywhere. Here is one…

windows command-line psexec sysinternals

asked Jan 15 '15 at 21:23

Sean Cogan

votes

1 answer

SysInternals Desktops not launching Chrome

I'm using Desktops from SysInternals on Windows 8 and experiencing a problem launching Chrome. Even if I go to the exe of Chrome it will not launch in anything but the first Desktop. Does anyone know why that might occur?

sysinternals

asked Jan 12 '15 at 13:10

Crowie

votes

1 answer

Does Psexec execute Remote Procedure Calls?

I've heard of RPCs and that they get executed via TCP port 135. I just executed ipconfig via psexec.exe on a remote PC and wondered if this is a RPC. As I've seen in Wireshark, the whole process is beeing done via SMB port 445 not DCE/RPC port…

windows-7 remote-access sysinternals psexec rpc

asked Feb 29 '12 at 19:38

JohnnyFromBF

4,658
18
53
72

votes

1 answer

Why windows executables show incorrect compiler timestamps?

I have observed that windows executable files show incorrect timestamps when I view them in PE studio. For example this Notepad.exe file shows a compiler timestamp of 0x86FCBD69 (Mon Oct 07 03:45:05 2041 ) To validate this today (3 May 2021),I…

windows compile sysinternals

asked May 03 '21 at 12:01

Monk

votes

2 answers

Is there open source software which is to Process Monitor what ProcessHacker is to Process Explorer?

Process Hacker is an open source alternative to the famous Process Explorer by Mark Russinovitch. Is there in the same vein a piece of open source software that can be a serious alternative to Process monitor?

windows software-rec process-explorer sysinternals

asked Dec 22 '11 at 12:54

Benoit

6,883
4
22
31

votes

0 answers

How does rebooting a computer work?

Possible Duplicate: How does a computer restart itself? How does a computer's reboot command actually work? How is the computer told that it shouldn't stay down after powering off, and that it should actually start itself again? Are rebooting and…

windows linux kernel reboot sysinternals

asked Jul 28 '10 at 20:14

Knight Samar

votes

4 answers

TrueCrypt dismount on Windows 8.1 keeps prompting: "volume contains files or folders being used by applications or system"

I have a volume mounted by TrueCrypt. All works fine, except when I try to dismount it (after verifying I don't have any application or explorer using anything in it). Every time I click the Dismount button, I receive this error: Volume contains…

windows-8 windows-8.1 truecrypt sysinternals

asked Feb 13 '15 at 01:09

Very Objective

votes

1 answer

Huge memory usage in Nonpaged Pool

I have a one-year-old iMac with 8GB RAM running a bootcamped Windows 7 Ultimate 64 bit. The following memory analysis with Sysinternals RamMap.exe leaves some questions open: What could be the reason for the nearly 5 GB of memory in the Nonpaged…

windows-7 memory sysinternals

asked Dec 15 '12 at 13:40

cheesus

1,423
2
16
29

votes

3 answers

How to unlock files using handle.exe and process name?

I tried Unlocker 1.9.1 but it doesn't work correctly for me on Windows7 (worked ok on Windows XP) and also I tried LockHunter 2.0.2.103 x64 and reported a bug but .... LockHunter actually unlocks the file from GUI but not from command line. So I…

windows-7 sysinternals

asked Oct 12 '12 at 02:12

Radek

3,014
18
52
75

2 3 4 5 6 7 Next