Posts
  • LeoPonti Blog

    Updates: AccessChk v5.1, Autoruns v.11.33, Coreinfo v3.05, Whois v1.1

    AccessChk v5.1 : This update to AccessChk, a command-line utility that shows the security settings and effective access on many object types, including registry keys and files, now reports Windows 8 claims and capabilities, shows the token of processes running as local system, lists security descriptor flags, and checks for remote interactive logon rights. Autoruns v11.33 : This fixes a bug that caused the run as administrator elevation to fail if Autoruns was started from a path with spaces. Coreinfo v3.05 : Coreinfo, a tool that shows CPU features, cache sizes, and topology, now correctly shows hyperthreading support on AMD multicore systems and lists processor features on Windows XP. Whois v1.1 : Whois is a command-line utility that looks up domain name registration information. This release fixes a bug that could cause an infinite loop and a command-line option, -v, that prints verbose information about domain registration referrals.
  • LeoPonti Blog

    Update: ZoomIt v4.31

    ZoomIt v4.31 : This release fixes a bug that caused ZoomIt to sometimes report an error when dismissing the options dialog.
  • LeoPonti Blog

    Updates: Handle v3.5, Process Explorer v15.22, Process Monitor v3.03, RAMMap v1.21, ZoomIt v4.3

    Handle v3.5 : This update to Handle, a command-line utility that lists open handles, uses the most recent Process Explorer driver so that it now resolves system process handles and types. Process Explorer v15.22 : This release addresses a bug that caused Process Explorer to crash when viewing .NET thread stacks of 64-bit Windows XP and 64-bit Windows Server 2003. Process Monitor v3.03 : A bug that caused some symbols to not resolve in stack traces is fixed in this release. RAMMap v1.21 : This fixes a bug that causes RAMMap to sometimes report an error on 32-bit versions of Windows. ZoomIt v4.3 : This update to ZoomIt, a screen magnification and annotation utility, adds an option that enables you to configure it to automatically start when you login.
  • LeoPonti Blog

    The Case of the Veeerrry Slow Logons

    This case is my favorite kind of case, one where I use my own tools to solve a problem affecting me personally.  The problem at the root of it is also one you might run into, especially if you travel, and demonstrates the use of some Process Monitor...( read more )
  • LeoPonti Blog

    Updates: Autoruns v11.32, Process Explorer v15.21, Process Monitor v3.02, PSKill v1.15, RAMMap v1.2

    Autoruns v11.32 : This update fixes a bug that prevented Autoruns from correctly elevating when the Run as Administrator option is selected. Process Explorer v15.21 : This update fixes a bug related to the autostart functionality introduced in v15.2, a tooltip display bug, and a bug that prevented display of kernel stacks. Process Monitor v3.02 : This release fixes an external logging issue that prevented certain registry paths from display correctly when run with App-V and fixes a bug in the save logic. PsKill v1.15 : This fixes a bug in the remote kill functionality introduced by the v1.14 update. RAMMap v1.2 : This release to RAMMap, a utility that displays a detailed map of a system’s physical memory usage, now supports systems with more than 16GB of RAM, Windows 8, and includes keyboard navigation improvements.
  • LeoPonti Blog

    Announcing Trojan Horse, the Novel!

    Many of you have read Zero Day , my first novel. It’s a cyberthriller that features Jeff Aiken and the beautiful Daryl Haugen, computer security experts that save the world from a devastating cyberattack. Its reviews and sales exceeded my expectations...( read more )
  • LeoPonti Blog

    The Case of My Mom’s Broken Microsoft Security Essentials Installation

    As a reader of this blog I suspect that you, like me, are the IT support staff for your family and friends. And I bet many of you performed system maintenance duties when you visited your family and friends during the recent holidays. Every time I’m visiting...( read more )
  • LeoPonti Blog

    The Case of the Installer Service Error

    This case unfolds with a network administrator charged with the rollout of the Microsoft Windows Intune client software on their network. Windows Intune is a cloud service that manages systems on a corporate network, keeping their software up to date...( read more )
  • LeoPonti Blog

    Fixing Disk Signature Collisions

    Disk cloning has become common as IT professionals virtualize physical servers using tools like Sysinternals Disk2vhd and use a master virtual hard disk image as the base for copies created for virtual machine clones. In most cases, you can operate with...( read more )
  • LeoPonti Blog

    The Case of the Mysterious Reboots

    This case opens when a Sysinternals power user, who also works as a system administrator at a large corporation, had a friend report that their laptop had become unusable. Whenever the friend connected it to a network, their laptop would reboot. The power...( read more )
  • LeoPonti Blog

    The Case of the Hung Game Launcher

    I love the cases people send me where the Sysinternals tools have helped them successfully troubleshoot, but nothing is more satisfying than using them to solve my own cases. This case in particular was fun because, well, solving it helped me get back...( read more )
  • LeoPonti Blog

    Troubleshooting with the New Sysinternals Administrator’s Reference

    Aaron Margosis and I are thrilled to announce that the long awaited, and some say long overdue, official guide to the Sysinternals tools is now available ! I’ve always had the idea of writing a book on the tools in the back of my mind, but it wasn’t until...( read more )
  • LeoPonti Blog

    Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 3

    In the first post of this series , I used Autoruns , Process Explorer and VMMap to statically analyze a Stuxnet infection on Windows XP. That phase of the investigation revealed that Stuxnet infected multiple processes, launched infected processes that...( read more )
  • LeoPonti Blog

    The Zero Day Book Trailer

    I just got back the finished version of the video trailer for my new cyber thriller Zero Day , which I think came out awesome! It’s not hard to imagine what a Zero Day movie trailer would look like. Let me know what you think. Zero Day Book Trailer...( read more )
  • LeoPonti Blog

    Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 2

    In Part 1 I began my investigation of an example infection of the infamous Stuxnet worm with the Sysinternals tools. I used Process Explorer , Autoruns and VMMap for a post-infection survey of the system. Autoruns quickly revealed the heart of Stuxnet...( read more )
  • LeoPonti Blog

    Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1

    Though I didn’t realize what I was seeing, Stuxnet first came to my attention on July 5 last summer when I received an email from a programmer that included a driver file, Mrxnet.sys, that they had identified as a rootkit. A driver that implements rootkit...( read more )
  • LeoPonti Blog

    Zero Day is Here!

    I’m excited to announce that my first novel, a cyber thriller entitled Zero Day , is now available at all major book retailers! Zero Day is a book in the style of Crichton and Clancy, weaving technical fact into the story. If you like the Sysinternals...( read more )
  • LeoPonti Blog

    The Case of the Unusable System

    This post continues in the malware hunting theme of the last couple of posts as Zero Day availability draws near (it’s available tomorrow!). It began when a friend of mine at Microsoft told me that a neighbor of hers had a laptop that malware had rendered...( read more )
  • LeoPonti Blog

    The Case of the Sysinternals-Blocking Malware

    Continuing the theme of focusing on malware-related cases (last week I posted The Case of the Malicious Autostart ) as a lead up to the publication on March 15 of my novel Zero Day , this post describes one submitted to me by a user that took a unique...( read more )
  • LeoPonti Blog

    The Case of the Malicious Autostart

    Given that my novel, Zero Day , will be published in a few weeks and is based on malware’s use as a weapon by terrorists, I thought it appropriate to post a case that deals with malware cleanup with the Sysinternals tools. This one starts when Microsoft...( read more )
  • LeoPonti Blog

    The Cases of the Blue Screens: Finding Clues in a Crash Dump and on the Web

    My last couple of posts have looked at the lighter side of blue screens by showing you how to customize their colors. Windows kernel mode code reliability has gotten better and better every release such that many never experience the infamous BSOD. But...( read more )
  • LeoPonti Blog

    Announcing Zero Day, the Novel!

    You’ve seen the news if you’re my friend on Facebook , follow me on Twitter , or subscribe to the Sysinternals blog : I’m proud to announce that my first novel, a cyberthriller entitled Zero Day , is due to be published by St. Martin’s Press in mid-March...( read more )
  • LeoPonti Blog

    “Blue Screens” in Designer Colors with One Click

    My last blog post described how to use local kernel debugging to change the colors of the Windows crash screen, also known as the “blue screen of death”. No doubt many of you thought that showing off a green screen of death or red screen of death to your...( read more )
  • LeoPonti Blog

    A Bluescreen By Any Other Color

    Note: for an easier way to customize the blue screen’s colors, see my next blog post, “ Blue Screens in Designer Colors with One Click ”. Seeing a bluescreen that’s not blue is disconcerting, even for me, and based on the reaction of the TechEd audiences...( read more )
  • LeoPonti Blog

    The Case of the Slow Project File Opens

    If you’ve seen one of my Case of the Unexplained presentations (like the one I delivered at TechEd Europe last month that’s posted for on-demand viewing ), you know that I emphasize how thread stacks are a powerful troubleshooting tool for diagnosing...( read more )
Page 5 of 6 (126 items) «23456