The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers

Archive for the ‘SysInternals’ Category

« Previous Entries

Some links I on Windows Memory Compression I want to check out

Posted by jpluimers on 2023/01/24

I’m not sure yet why sometimes my system is lagging with the combination of these four circumstances on a Windows 10 system with 32 gigabyte of memory:

  1. Process Explorer showing low (less than 10%) CPU usage
  2. Process explorer showing Memory Compression using more than 2 gigabytes of Working Set
  3. System Commit being larger than 20 gigabyte
  4. Lots of Chrome tabs open (no easy way to total memory usage, but likely 16 gigabyte or more)

Windows Compression was introduced in Windows 10 (back in 2015) and I’m still fairly new to it.

So here are some links I want to eventually dig into to make myself more familiar with it, and see if it affects Chrome runtime behaviour:

Thanks [Wayback/Archive] magicandre1981, [Wayback/Archive] peterh, [Wayback/Archive] Raymond Burkholder, and [Wayback/Archive] Falco Alexander for the above questions and answers.

From them, I learned that on a UAC elevated administrative command prompt, you can use these PowerShell for managing Memory Compression:

  1. Get-MMAgent shows the current Memory Compression state
  2. Disable-MMAgent -mc disables Memory Compression (requires a reboot)
  3. Enable-MMAgent -mc enables Memory Compression (requires a reboot)

BTW:

–jeroen

Posted in Chrome, Google, Power User, procexp Process Explorer, SysInternals, Windows, Windows 10 | Leave a Comment »

I switched from SysInternals’ TcpView to NirSoft’s CurrPorts (cports)

Posted by jpluimers on 2022/11/18

I was a long time user of SysInternalsTcpView, but a while back I switched to NirSoft‘s CurrPorts (cports).

The main reason is that TcpView does not support filtering, which in the long past was not a problem since few Windows applications keep TCP connection open.

But nowadays with so many network dependencies, especially when using cloud services like DropBox/OneDrive/GoogleDrive/backblaze, these clutter the view a lot.

NirSoft’s CurrPorts (actually the executable is called [Wayback/Archive] cports.exe) can filter for both inclusion/exclusion on the open ports list based on many parameters (search for the “Using Filters” section in the cports.exe documentation: it’s a little bit below the version history).

The filtering syntax is extensive, and for ease of use, the context menu of the open ports list allows adding include/exclude filters on various parameters. After doing that, you can inspect the filter list to get an idea of possibilities and syntax.

For me, the easiest way to install CurrPorts is through [Wayback/Archive] Chocolatey Software | CurrPorts 2.65.

I found CurrPorts when trying to figure out how to use filters in TcpView: [Wayback/Archive] tcpview filter by process – Google Search

–jeroen

Posted in Chocolatey, NirSoft, Power User, SysInternals, Windows | Leave a Comment »

Chocolatey: force install sysinternals after hash mismatch

Posted by jpluimers on 2021/09/28

Shortly after UltraVNC mismatching sha256 hash the chocolatey checksum check (Chocolatey: when upgrades or installs keep insisting the hash has changed, and over time the mismatch changes as well), I bumped into another occasion: now (because of a zero sized .nupkg file), I had to force reinstall sysinternals.

The problem however is that sysinternals chocolatey will always install the latest version as per [WayBack] Chocolatey Software | Sysinternals 2019.12.19

Notes

  • This package supports only latest version.
  • This package by default installs to tools directory which will create shims for all applications. When you install to different directory, shims are not created but directory is added to the PATH.
  • This package downloads the nano edition of sysinternals suite when installing it on a nano server.
  • To have GUI for the tools, install nirlauncher package and use /Sysinternals package parameter.

It means that when reinstalling an older version (in the process of fixing a broken chocolatey install), it is OK to ignore the error caused during forced reinstall:

C:\bin\bin>choco install --force --yes sysinternals
Chocolatey v0.10.15
Installing the following packages:
sysinternals
By installing you accept licenses for the packages.
sysinternals v2019.6.29 already installed. Forcing reinstall of version '2019.6.29'.
 Please use upgrade if you meant to upgrade to a new version.
Progress: Downloading sysinternals 2019.6.29... 100%

sysinternals v2019.6.29 (forced) [Approved]
sysinternals package files install completed. Performing other installation steps.
Sysinternals Suite is going to be installed in 'C:\ProgramData\chocolatey\lib\sysinternals\tools'
Downloading sysinternals
  from 'https://download.sysinternals.com/files/SysinternalsSuite.zip'
Progress: 100% - Completed download of C:\Users\jeroenp\AppData\Local\Temp\chocolatey\sysinternals\2019.6.29\SysinternalsSuite.zip (29 MB).
Download of SysinternalsSuite.zip (29 MB) completed.
Error - hashes do not match. Actual value was 'AE0AB906A61234D1ECCB027D04F5A920D78A31494372193EE944DD419842625C'.
ERROR: Checksum for 'C:\Users\jeroenp\AppData\Local\Temp\chocolatey\sysinternals\2019.6.29\SysinternalsSuite.zip' did not meet 'db59efe1739a2262104874347277f9faa0805a1a7a0acd9cc29e9544fb8040c5' for checksum type 'sha256'. Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary.
The install of sysinternals was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\sysinternals\tools\chocolateyInstall.ps1'.
 See log for details.

Chocolatey installed 0/1 packages. 1 packages failed.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures
 - sysinternals (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\sysinternals\tools\chocolateyInstall.ps1'.
 See log for details.

So in this case, as always the most recent Sysinternals file is used, it is OK to follow the bold guideline above (and quoted below) use the checksum for that file. You might even want to ignore it, as the file is downloaded over https so tampering is virtually impossible:

Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary.

For this checksum, the forced reinstall becomes choco install --force --yes sysinternals --checksum AE0AB906A61234D1ECCB027D04F5A920D78A31494372193EE944DD419842625C

Alternatively (with a slight chance of yet another checksum) would be choco install --force --yes sysinternals --ignore-checksums

Related:

Read the rest of this entry »

Posted in .NET, Chocolatey, CommandLine, Development, Power User, PowerShell, PowerShell, Scripting, Software Development, SysInternals, Windows | Leave a Comment »

A choco install list

Posted by jpluimers on 2021/02/03

Sometimes I forget the choco install mnemonics for various tools, so here is a small list below.

Of course you have to start with an administrative command prompt, and have a basic Chocolatey Installation in place.

If you want to clean cruft:

choco install --yes choco-cleaner

Basic install:

choco install --yes 7zip
choco install --yes everything
choco install --yes notepadplusplus
choco install --yes beyondcompare
choco install --yes git.install --params "/GitAndUnixToolsOnPath /NoGitLfs /SChannel /NoAutoCrlf /WindowsTerminal"
choco install --yes hg
choco install --yes sourcetree
choco install --yes sysinternals

For VMs (pic one):

choco install --yes vmware-tools
choco install --yes virtio-drivers

For browsing (not sure yet about Chrome as that one has a non-admin installer as well):

choco install --yes firefox

For file transfer (though be aware that some versions of Filezilla contained adware):

choco install --yes filezilla
choco install --yes winscp

For coding:

choco install --yes vscode
choco install --yes atom

For SQL server:

choco install --yes sql-server-management-studio

For web development / power user:

choco install --yes fiddler

For SOAP and REST:

choco install --yes soapui

If you don’t like manually downloading SequoiaView at gist.github.com/jpluimers/b0df9c2dba49010454ca6df406bc5f3d (e8efd031d667de8a1808d6ea73548d77949e7864.zip):

choco install --yes windirstat

For drawing, image manipulation (paint.net last, as it needs a UI action):

choco install --yes gimp
choco install --yes imagemagick
choco install --yes paint.net

For ISO image mounting in pre Windows 10:

choco install --yes wincdemu

For hard disk management:

choco install --yes hdtune
choco install --yes seatools
choco install --yes speedfan

For Fujitsu ScanSnap scanners (not sure yet this includes PDF support):

choco install --yes scansnapmanager

–jeroen

Posted in 7zip, atom editor, Beyond Compare, Chocolatey, Compression, Database Development, Development, DVCS - Distributed Version Control, Everything by VoidTools, Fiddler, Firefox, Fujitsu ScanSnap, git, Hardware, Mercurial/Hg, Power User, Scanners, SOAP/WebServices, Software Development, Source Code Management, SQL Server, SSMS SQL Server Management Studio, SysInternals, Text Editors, Versioning, Virtualization, VMware, VMware ESXi, vscode Visual Studio Code, Web Browsers, Web Development, Windows | Leave a Comment »

Keeping a local copy of sysinternals current

Posted by jpluimers on 2020/10/05

From my install script:

mkdir C:\bin
robocopy /mir \\live.sysinternals.com@SSL\DavWWWRoot c:\bin\sysinternals

The \\live.sysinternals.com@SSL\DavWWWRoot comes from following the https://live.sysinternals.com URL in the Windows Explorer: the Windows Explorer automatically translates that to a back-slash based share syntax.

I got at that trick via these links:

–jeroen

Posted in Power User, SysInternals, Windows | Leave a Comment »

dzComputerInfo: a small tool that shows a window on top of all other windows displaying the computer name and currently logged on user.

Posted by jpluimers on 2018/05/18

Interesting as bgInfo does not support top most windows or overlay: it only does the Desktop background, and you need to go through hoops to recreate the background on each logon:

Enter dzComputerInfo. It’s a small tool that I wrote the evening after the above incident which does exactly one thing: It shows a window on top of all other windows displaying the computer name and currently logged on user. Since the window is so small and it places itself automatically just above the start button, it does not really become a nuisance.

The tool and the source code is available from sourceforge, if anybody else thinks he has a use for it.

The G+ thread also the interesting comment by Gaurav Kale:

The Classic Shell Start button supports environment variables in its tooltip. So just specify: %username% on %computername% for the Setting called “Button Tooltip”. Then to see the currently logged on user and computer name, you just have to HOVER over the Start button!

–jeroen

Posted in Power User, SysInternals, Windows | Leave a Comment »

wget for nirsoft

Posted by jpluimers on 2017/08/11

Since they require a referer:

wget --referer=http://launcher.nirsoft.net/downloads/ -m -np http://download.nirsoft.net/nirsoft_package_1.20.10.zip
wget --referer=http://launcher.nirsoft.net/downloads/ -m -np http://download2.nirsoft.net/nirsoft_package_enc_1.20.10.zip

The latter has password nirsoft9876$

The filenames change over time (the 2016 archive of http://launcher.nirsoft.net/downloads/ shows http://download.nirsoft.net/nirsoft_package_1.20.5.zip and http://download2.nirsoft.net/nirsoft_package_enc_1.20.5.zip

Need to check out if I can automate this, as they seem to keep a SysInternals link http://download.nirsoft.net/sysinternals4.nlp

–jeroen

Posted in NirSoft, Power User, SysInternals, Windows | Leave a Comment »

SDelete hangs at 100% – Sysinternals Forums – revert back to v.1.61

Posted by jpluimers on 2016/10/07

I’m a fan of sdelete, but the most recent v2.0 update seems – released alongside SysInternals support for nano server – to be a lot slower than the v1.61 version:

I have the same problem with Sdelete on my SSD.The resource monitor showed v.2 writing the disk at approx 40Mb p/swhile v.1.61 at 1,300 Mb p/s SDelete v.2.0 is faulty (shows 100% all the time) and dead slow, don’t use it.Google v.1.61 , it works just fine.

Source: SDelete hangs at 100% – Sysinternals Forums [WayBack]

–jeroen

Posted in Power User, sdelete, SysInternals, Windows | Leave a Comment »

SysInternals sdelete: zero wipe free space is called -z instead of -c

Posted by jpluimers on 2016/09/20

In the 2009 past, sdelete used the -c parameter to zero wipe clean a hard drive and -z would clean it with a random pattern.

That has changed. Somewhere along the lines, -c and -z has swapped meaning which I didn’t notice.

This resulted in many of my virtual machines image backups were a lot larger than they needed to be.

The reason is that now:

  • -c does a clean free space with a random DoD conformant pattern (which does not compress well)
  • -z writes zeros in the free space

Incidently, -c is a lot slower than -z as well.

TL;DR: use this command

sdelete -z C:

Where C: is the drive to zero clean the free space.

–jeroen

Posted in Batch-Files, Development, Fusion, Hyper-V, Power User, Proxmox, Scripting, sdelete, Software Development, SysInternals, View, VirtualBox, Virtualization, VMware, VMware ESXi, VMware Workstation, Windows | Leave a Comment »

Sysinternals Suite – lots of tools are now available as 64-bit as well

Posted by jpluimers on 2016/07/08

In the past the Sysinternals Suite used to have only a few 64-bit versions of their tools, but recently they added many more.

The documentation doesn’t reflect this yet, but the online versions do:

These are 64-bit:

     Wednesday, June 29, 2016  9:42 PM       403120 accesschk64.exe
     Wednesday, June 29, 2016  9:42 PM       841904 Autoruns64.exe
     Wednesday, June 29, 2016  9:42 PM       742064 autorunsc64.exe
     Wednesday, June 29, 2016  9:42 PM       154792 Clockres64.exe
     Wednesday, June 29, 2016  9:42 PM       268960 Contig64.exe
     Wednesday, June 29, 2016  9:42 PM       158376 diskext64.exe
     Wednesday, June 29, 2016  9:42 PM       190104 du64.exe
     Wednesday, June 29, 2016  9:42 PM       169136 FindLinks64.exe
     Wednesday, June 29, 2016  9:42 PM       226464 handle64.exe
     Wednesday, June 29, 2016  9:42 PM       164520 hex2dec64.exe
     Wednesday, June 29, 2016  9:42 PM       236200 junction64.exe
     Wednesday, June 29, 2016  9:43 PM       220336 Listdlls64.exe
     Wednesday, June 29, 2016  9:43 PM       156840 LoadOrd64.exe
     Wednesday, June 29, 2016  9:43 PM       188584 LoadOrdC64.exe
     Wednesday, June 29, 2016  9:43 PM       249536 logonsessions64.exe
     Wednesday, June 29, 2016  9:43 PM       154792 movefile64.exe
     Wednesday, June 29, 2016  9:43 PM       265904 notmyfault64.exe
     Wednesday, June 29, 2016  9:43 PM       271032 notmyfaultc64.exe
     Wednesday, June 29, 2016  9:43 PM       158896 ntfsinfo64.exe
     Wednesday, June 29, 2016  9:43 PM       156336 pendmoves64.exe
     Wednesday, June 29, 2016  9:43 PM       234160 pipelist64.exe
     Thursday, April 28, 2016 12:25 AM       310440 procdump64.exe
     Wednesday, June 29, 2016  9:43 PM       374944 PsExec64.exe
     Wednesday, June 29, 2016  9:43 PM       168608 psfile64.exe
     Wednesday, June 29, 2016  9:43 PM       326824 PsGetsid64.exe
     Wednesday, June 29, 2016  9:43 PM       351912 PsInfo64.exe
     Wednesday, June 29, 2016  9:43 PM       318624 pskill64.exe
     Wednesday, June 29, 2016  9:43 PM       202400 pslist64.exe
     Wednesday, June 29, 2016  9:43 PM       170160 PsLoggedon64.exe
     Wednesday, June 29, 2016  9:43 PM       168616 pspasswd64.exe
     Wednesday, June 29, 2016  9:43 PM       293032 psping64.exe
     Wednesday, June 29, 2016  9:43 PM       210608 PsService64.exe
     Wednesday, June 29, 2016  9:43 PM       321704 pssuspend64.exe
     Wednesday, June 29, 2016  9:43 PM       164024 RegDelNull64.exe
     Wednesday, June 29, 2016  9:43 PM       160400 ru64.exe
     Wednesday, June 29, 2016  9:43 PM       165544 sdelete64.exe
     Wednesday, June 29, 2016  9:43 PM       856752 sigcheck64.exe
     Wednesday, June 29, 2016  9:43 PM       153768 streams64.exe
     Wednesday, June 29, 2016  9:43 PM       162472 strings64.exe
     Wednesday, June 29, 2016  9:43 PM       158360 sync64.exe
     Thursday, April 28, 2016 12:25 AM       862888 Sysmon64.exe
    Tuesday, February 2, 2016 10:04 PM       221360 Testlimit64.exe
     Wednesday, June 29, 2016  9:43 PM       169648 Volumeid64.exe
     Wednesday, June 29, 2016  9:43 PM       169632 whois64.exe

These do not have 64-bit equivalents yet or (like procexp.exe) have 64-bit versions embedded (some will likely never get them):

  Wednesday, November 1, 2006  1:06 PM       174968 AccessEnum.exe
 Wednesday, November 14, 2012 10:22 AM       479832 ADExplorer.exe
    Tuesday, October 27, 2015 12:13 AM      2425496 ADInsight.exe
  Wednesday, November 1, 2006  1:05 PM       150328 adrestore.exe
   Tuesday, February 22, 2011  2:18 PM       148856 Autologon.exe
    Tuesday, October 27, 2015 11:28 PM      2049168 Bginfo.exe
  Wednesday, November 1, 2006  1:06 PM       154424 Cacheset.exe
      Monday, August 18, 2014  7:29 PM       892088 Coreinfo.exe
  Wednesday, November 1, 2006  1:05 PM       150328 ctrl2cap.exe
     Monday, December 3, 2012 10:10 AM       468056 Dbgview.exe
  Wednesday, November 1, 2006  9:06 PM       158520 DEFRAG.EXE
  Wednesday, October 17, 2012  5:28 PM       116824 Desktops.exe
  Wednesday, November 1, 2006  1:06 PM       224056 Diskmon.exe
    Wednesday, March 24, 2010  1:00 PM       580984 DiskView.exe
      Wednesday, May 20, 2015  2:24 AM       146232 efsdump.exe
  Wednesday, November 1, 2006  1:06 PM       154424 ldmdump.exe
   Tuesday, December 17, 2013  4:01 PM       559808 livekd.exe
  Wednesday, November 1, 2006  1:06 PM       215928 pagedfrg.exe
     Friday, January 13, 2012  4:35 PM       451392 portmon.exe
   Thursday, February 4, 2016 10:19 PM      2694816 procexp.exe
        Friday, June 12, 2015 12:34 AM      2046608 Procmon.exe
      Tuesday, April 27, 2010 10:04 AM       178040 psloglist.exe
     Monday, December 4, 2006  4:53 PM       207664 psshutdown.exe
    Tuesday, February 2, 2016 10:04 PM       625816 RAMMap.exe
  Wednesday, November 1, 2006  9:05 PM       146232 Reghide.exe
    Tuesday, February 2, 2016 10:04 PM       117920 regjump.exe
  Wednesday, November 1, 2006  1:07 PM       334720 RootkitRevealer.exe
  Wednesday, November 1, 2006  1:07 PM       260976 ShareEnum.exe
 Wednesday, February 27, 2008  5:51 PM       103464 ShellRunas.exe
     Wednesday, July 28, 2010  2:47 PM       199544 tcpvcon.exe
        Monday, July 25, 2011 11:40 AM       300832 Tcpview.exe
        Monday, July 20, 2015 11:45 PM      1194128 vmmap.exe
       Tuesday, June 18, 2013  2:12 PM       596160 ZoomIt.exe

–jeroen

Posted in Power User, SysInternals, Windows | Leave a Comment »

« Previous Entries