What is Reddit's opinion of
Sysinternals Suite?
From 3.5 billion Reddit comments
➔ Sysinternals Suite website
By popularity on Reddit, this Service is:
43 reviews of this app found across Reddit:
Sysinternals is the tool set that I turn to the most outside of PowerShell.
Process Monitor:
- Figuring out where on disk/registry GUI based settings are saved
- Something fails to run/install that really should work with vague message
Process Explorer
- Malware hunting or strange processes exploration
AutoRuns:
- Malware hunting
ProcDump:
- When all else fails, do a memory dump and load it in windbg.
ZoomIt:
- For zooming on on my screen when explaining stuff (not just presentations)
PSExec:
- Was a go to tool for everything remote, but replaced by
Invoke-Command
AccessEnum:
- Viewing, troubleshooting or reporting on shared folder permissions.
PSPing:
- Could test open TCP ports, replaced by
Test-NetConnection
Handle:
- For showing the process that has a lock or handle on a file
There are a lot more great utilities in this suite. These are just the ones that I have found myself using the most.
Definitely Putty as suggested, but always handy to have already downloaded the Nirsoft Launcher which includes all Nirsoft tools, as well as the Sysinternals Suite by Microsoft, both free.
Get the Sysinternals suite (good enough that Microsoft bought the company) and NirSoft utilities. They will blow your mind. Free, been around for decades, and super useful.
There's a free third party launcher and updater called WSCC that makes dealing with all them easier. On mobile now, but will try to remember to update this with links.
edit a month later.... oops, forgot about this post. Links:
I was thinking process monitor from here:
https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
Don't reinvent the wheel, unless it's an entertaining exercise for you I guess
There is a tool in sysinternals by Microsoft called autologin I believe , It automatically logs you into the pc on boot, you just have to log in once upon set up. I use this for the exact reason you want too. There is also a power shell script that is on GitHub called windows debloater that lets you pick what bloateare you want uninstalled. Be careful with the debloater though I’ve accidentally deleted software that I wanted because I was careless. But I think I restored it using the same script. I don’t exactly remember as it’s been a while
Here are the links
Sysinternal:
https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
Windows debloater:
I can think of 2 tools that will give you more detail.
Built into Task manager is a program called 'resource monitor', (see bottom of performance tab), which will let you drill into disk activity, and hopefully give you an idea of what process is spiking when you're seeing the performance dips
The other tool is an additional Microsoft-built tool which will give you extreme detail. It's called ProcMon, and is part of the 'sysinternals suite'. It will be overwhelming when you first run it, as it spares zero information, but if you're able to let it run in the background until you get a spike, then pause the logging, you should be able to find out what exactly your PC is doing during those spikes
No worries!
I'm presuming safe mode boot wouldn't really work?
You could download sysinternals (free ms suite of apps for pro diag stuff), run procexp.exe (process explorer) while the issue is replicated and see everything (and I mean every fuckin thing) running on your machine. I've used it to succeasfully target and physically remove viruses from machines.
Procexp actually can replace task manager in windows.
The next step would be to use and setup Wireshark and start packet sniffing. Not for the weak of heart though. Really Wireshark would require some pro networking expertise to know how to effectively use but its the nitty gritty world of network packet sniffing.
E: sysinternals is here:
https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
Get what? Sysinternals is just a website which provides tools for end-users as it describes here:
>The Sysinternals web site was created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications.
This within itself explains enough on whether to "get it". If you want to download every tool, go for it but I doubt you'll be using every single one. Only use what you need, or least learn what they are, how to use them to get a better understanding of Windows systems too.
Additionally you can get the whole Sysinternals Suite if this is what you mean: https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
i also found that just now. the keyphrase was "multiple desktops"
i also found a huge suite of cool windows tools that contains that
https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
It's a bit offtopic and still a long shot but if you can't see where the leak is coming from in the process tab of the task manager, it might be coming from a security software (antivirus, antimalwares) or some kind of "ran as system" process.
You might get a clue if you run a task manager on a system account (which is more elevated than classic Administrator account). I personally use TechNET's tools : ProcXP & psExec : https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
Extract it on an easy to find folder (ex: c:\tools), start a command prompt as admin (windows+X on windows10) then goto there:
- cd c:\tools
- psExec -s -i c:\tools\proceXP.exe
Doing this can be very dangerous for your system and might trigger a BSOD if you kill the wrong process. Also, not that the numerous svchost.exe are usually linked to several services you can find by right clicking the process->properties->"Services" tab
Procmon and friends are all available as downloads either separate or bundled. I find I use psexec a fair amount. It lets you run commands under the SYSTEM context, which can be really helpful for troubleshooting certain enterprise features that just don't run under a user context (like automatic Azure AD device registration for W10 machines).
They're also made available "online" by MS as another form of distribution. Just remember the link "live.sysinternals.com" and you can access them from any machine fairly quickly.
These are the "eye candy" of the toys.
Check out Sysinternals System Information Utilities for some hardcore stuff that allows you to see what's going on in Windows as well as some tools to improve it.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
You can see all the different tools on the left menus but you want to download the whole Suite at one time.
Anyone used to Linux CLI would feel right at home with these.
>If you still have permission issues you may need to elevate above Administrator to the SYSTEM user using psexec from SysInternals
>
>https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
Not sure how to make this one work. I downloaded the suite.
Do you got ssh or rdp turned on? Could run netstat -ano. Or if you are able to do a memory dump and run it through volatilityframework to view the active connections (at the point in time where you dumped said memory).
Maybe also utilize SysInternals, PsLoggedon may be useful. Maybe also the Users tab in task manager. A bunch of ways, there's probably more. Though you might not find what you're looking for.
If you are a Windows user, I would suggest downloading all the tools that dude wrote- not just Process Explorer. There are all sorts of useful things there. They don't make Windows secure in any way- more like they make it possible for you to detect it when you have an intrusion, and also provide some things missing from windows (strings.exe -> prints binary files, minus the weird characters. pskill is like unix "kill" command, psinfo is kinda like top, and ZoomIt is a great magnifying glass program. ) These tools got published as Microsoft's System Internals; here:
https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
You're thinking of Sysinternals Suite which DOES include Autoruns.
As for the answer to the OP...
Can it? Yes, it can.
Did it? Probably not.
The first thing I'd check is swap-space usage, simply because that can be driven by the overall load on your system rather than a particular program.
How much RAM do you have and how often is it nearly all used?
Consider playing around with the Microsoft Sysinternal Suite's Process Explorer to see who's busy doing disk-writes. There's an option to show recent activity as a mini-graph column. Process Monitor is also useful if you've identified a particular program and want to see what it does, or a particular directory and you want to see what's writing there.
Only thing coming to mind is NUMA configuration but your bios is listed as NUMA 1. You could trying downloading sysinternals and running Coreinfo64.exe in a command prompt window to see if Windows also reports 1 NUMA node.
I suppose you could also try to switch "Logical Processor" in the bios to disabled which should be like disabling smt just to see if that changes anything in Windows.
Which version of Windows are you using?
On Windows - SysInternals is the goto. Its a whole suite of tools but several will show you mapped in sections to what they are (range XXXX-XXXX is a stack, range YYYY-YYYY is a heap, range ZZZZ-ZZZZ is thisthing.dll) etc.
On Linux there are several tools, one of which is pmap.
Edit just used pmap on a process to see
00007fff3db27000 132K rw--- [ stack ]
So if i have a memory address in that range (00007fff3db27000 + 132K) its in the stack.
Il meraviglioso mondo dell'informatica, dove il comportamento dei software è determinato dalle fasi lunari :)
Puoi provare a:
- tenere aperto il task manager per vedere se c'è qualche processo impazzito
- lanciare una scansione di windows defender per essere sicuro di non avere virus
- avviare Windows in modalità provvisoria e vedere se il comportamento è lo stesso oppure no
- se proprio vuoi andare a fondo della questione puoi scaricare la Sysinternals Suite e usare gli strumenti di debug della rete e dei processi (ad es. TCPView e Process Explorer)
A parte fare un formattone riparatore non mi viene in mente altro, buon divertimento!
I haven't heard anything about Techbench, but it sounds pretty useless.
Also use Disk Cleanup in Windows or the 3rd party App, System Ninja for removing Temp files. The Sysinternals suite is got the best selection of software tools for you to complete your kit.
if you are ever stuck on a windows machine for awhile, process explorer can be real handy. i usually get it out of the sysinternals suite along with several other useful tools. You can read about it here but basically it was a better task manager built by Mark Russinovich at Sysinternals which MS later acquired; the good news is that he still actively maintains it.
in addition to task manager, you can view process trees, command line args, has a sys tray resource graph, there is a target cursor that you can use to find the process owning a window (similar to xkill on linux but for finding rather than killing), hover on systray icon to see "top" resource hog, a bunch of other advanced features.
I haven't heard it before, but I don't have many non-business apps on my systems. But it's probably an event driven notification... you just need to find what event is triggering it.
If it happens multiple times a day, then it's probably not an application update notification, more like a pm notification. If you don't hear it for days, then maybe you're not getting PMs or you're logged out of the system. Or maybe there's a scheduled task that's running and generating those alerts. It would certainly help if someone could identify the sound, but barring that you'll have to go through the apps installed on your system and see what's running at the time and generating the sounds.
If there's a period of time when you know it's going to happen, you can download and run Microsoft's Sysinternals Procmon... this app will monitor all processes running on the system and when the sound does happen, you can go to the trace and see what was running at that time. You can leave it running for a while but it logs to temporary files which can get very large and cumbersome to deal with when reviewing, so it's best to use when you can narrow it down to a small period of time.
You can also check Sysinternals Autoruns, which will list everything that your system is scheduled to run; that may lead you to an application you weren't aware of that's running in the background.
There's also Process Explorer, which is like Windows Task Manager. That doesn't take much resources... you can leave it running and set the "difference highlight duration" to 9 seconds. So if something pops up and then exits, you might spot it highlighted.
You can get the Sysinternals suite from Microsoft here:
https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
You could also try posting to /r/techsupport to see if they can help, but I'd try going with Procmon, Autoruns and Process Explorer first to see if you can spot it.
Good luck!
try [sysinternals suite]https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite and nirsoft both of these suites are full of utilities for just about any situation
A number of things. A malicious process, could be your Pagefile, I would look at Resource Monitor and under "Disk" it will show the usage from each process writing to the disk and in theory, the culprit would show in the resource monitor. If that isn't enough, download Sysinternals Suite by microsoft. A nice collection of diagnostic programs. https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
I agree, that what this sounds like. Check Event Viewer for any errors that may help. I would also check task manager or Resource Monitor to see what process is using most of the CPU. If those do not give enough information, try Process Explorer in Sysinternals Suite.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
Here you look: https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
(I recommend using autoruns to remove every key seeming to be by mcafee)
I'm interested in investigating this with you. We should be able to see if there any errors generated anywhere when you click the button or if any connection attempts getting blocked.
Download Microsoft SysInternals utils package https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite. There are several utils that could be useful but for starters run TCPView and note if EscapeFromTarkov creates a new connection when you click the ACCEPT button.
Check windows event viewer for any new Application and System events after you click the ACCEPT button.
I don't know if at this stage EFT starts to generate logs but check if there is anything interesting in them also.
I would get a free tool like Autoruns. it's part of the Sysinternals Suite which is free and can help identify applications that are loading on startup of the system or login of a user's account.
Usually, when I hear about people making changes to their system (either resetting, updating, installing new software, etc.) and finding that they run into performance issues, it's some rogue app that tends to hog up the CPU.
Don't just profile what's going on in VR, but what's going on with your PC. For those who are PC literate to some degree, I always recommend getting the freely available Sysinternals Suite for Windows.
Use the process monitor tool to capture what's going on with your PC and the Process Explorer to see what's jolting things at times.
Use Autoruns to see what's automatically running when system starts up or when you log in as a user and disable those things that might use up valuable background processing.
Also, look at your running system services using the Service Control Manager; you might have some seemingly innocuous services that hog up CPU time out of the blue. Make some services manual if they're not required and definitely scan all of the automated system services.
If you have only started experiencing the problem in the past two weeks, re-trace your steps and consider any software or updates you've installed. Sometimes the most seemingly innocuous tool can install one heck of a resource hog if it wasn't coded correctly.
Good keyboard shortcut! I replace my Task Manager with Process Explorer which is a part of the Sysinternals Suite. If you dont know the powerful tools in Sysinternals, check it out: https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
> for /f "tokens=3,6 delims=: " %%I in ('f:\tools\SysinternalsSuite\handle.exe -accepteula -a "AN-Mutex-Window-Guild Wars 2"') do if not "%%J" == "" f:\tools\SysinternalsSuite\handle.exe -accepteula -c %%J -y -p %%I
This requires https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
Process Explorer and Autoruns may be able to help. Run Process Explorer as an admin, look for the crosshairs icon on its toolbar and click/drag that onto the invisible window. Autoruns will let you easily disable the offending items once you find them.
These might help but I just glanced at them.
https://superuser.com/questions/249403/how-can-i-determine-what-process-a-window-belongs-to#249416
https://www.makeuseof.com/tag/manage-windows-startup-programs-autoruns/
Aside from the fact that both apps offer a menu option to disable that behavior you might find "autoruns.exe" in the SysInternals Suite to be handy. SysInternals is a pack of nifty tools and diagnostics that really feel like they should have shipped with Windows but instead it's a zip you download from microsoft.com
https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite Process Monitor to find what keys are modified when you set your options in your installation/software
Usually located in HKLM/Software/name_of_your_software
Sometimes this parameters are set in ini files in the folder installation
node.js is javascript framework. Try another tool to watch processes running like aida64, hwinfo64?
P.S. Hwinfo is not capable viewing processes as i just found out. If you don't have aida, use at least the process explorer from sysinterals suite
Please dont do it if you dont know what you are doing. It can disable services that are necressary for you and can make centrain applications unstable, if you have legit OS you can turn off ads and basic telemetry in settings.
And lets be honest everyone started spying on you the moment you plugged your internet.
Even Chrome, Mozilla and Opera are spying on you for better or worse... i hate it too but its reality.
PS.: for casual users i recommend using build in settings to disable recommended apps from store (a'ka ads) and telemetry. To disable nVidia telemetry use Microsofts AutoRun64 thats part of Sysinternals Suite
A usb thumb drive that has a live Linux distro on it and some of the Sysinternals utilities (process explorer, autoruns, tcpview).
I can usually find the bug with the sysinternals tools then I boot to linux and remove it.
Get sysinternals. There's a program within called Process Explorer. It's like a task manager that is actually useful. You can use it to see what's running in the background and with a little work, track down whatever is accessing that file
The results can be a little difficult to interpret sometimes, but if you have enough background to recognize "other development things" to use them for, then you can probably figure it out ;)
From the creator's screenshots and my own vague recollection, it's prettty "normal" for NDIS drivers to hog more ISR/DPC time than they should. That may just be the nature of the beast due to network latency, I'm guessing. So take it with a grain of salt if you see a few things breaking the 100µs guideline on a regular basis.
Also, if you don't already have the Sysinternals Suite, there are lot of very good diagnostic tools in there. Process Explorer is the bomb. If you go through the hassle of installing the Debugging Tools for Windows and properly setting up symbol resolution in Process Explorer, you can get a much clearer picture of what's going on. Svchost.exe instances are broken down into their guest services, threads have individual CPU usage and (friendly) entry point names, etc.
Gotcha. Watch a few of the videos on Sysinternal toos like Process Explorer. Good starters here: https://docs.microsoft.com/en-us/sysinternals/learn/
Sysinternals tools: https://live.sysinternals.com/ or https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
Windows? If you want to investigate you can use the Sysinternals tools (MS tools meanwhile) for example Process Monitor to look at what the Chrome process is doing (a but like strace on Linux) including the timing.
open command prompt. Either through Run or (ctrl+shift+enter). Type "sfc /scannow"
If that doesn't work try to install it yourself by downloading Sysinternals Suite