Slashdot Log In
Microsoft Updates Multiple Sysinternals Tools
Posted by
timothy
on Thu Oct 02, 2008 11:24 PM
from the might-as-well-make-the-best-of-it dept.
from the might-as-well-make-the-best-of-it dept.
wiedzmin writes "A couple of very useful updates have just been released by Microsoft for the ever so popular Sysinternals tool set. The most notable one is ProcessMonitor v2.0 which will now include 'real-time TCP and UDP monitoring.' Another one, released earlier this year — Desktops 1.0, provides a very unique multi-thread way to get multiple desktops running on your Windows box."
Related Stories
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
How about . . . (Score:5, Insightful)
How about making it so ProcessMonitor actually fully unloads when you quit. Nothing is more aggravating then having to reboot because a lot of games consider it a hacking tool and refuse to run.
Re:How about . . . (Score:5, Insightful)
Parent
Re:How about . . . (Score:5, Informative)
Process Monitor loads a kernel driver in order to hook in and read everything the system is doing. Making a kernel driver unload while the system is running is hard, and in some cases, impossible to do without risking the stability of the kernel.
If I ever come across software that treats the best damn troubleshooting toolset available for Windows as as being unfit to run alongside, then that software will come across an express ride to the Recycle Bin.
Parent
Re:How about . . . (Score:5, Interesting)
Look to the popular cheating tool CheatEngine for an open source example of a kernel driver that unloads on demand.
Parent
Re:How about . . . (Score:5, Insightful)
Nearly every Linux kernel module manages it.. (rmmod).
Parent
Re: (Score:3, Insightful)
Re:How about . . . (Score:4, Insightful)
But what about the feature of the NT kernel where game companies actually produce software for it? When is the Linux kernel going to get that one?
Parent
Re: (Score:3, Insightful)
The problem is that the ProcessMonitor driver hooks the system call table. The author, Mark Russinovich, states:
"It's never safe to unload a driver that patches the system call table since some thread might be just about to execute the first instruction of a hooked function when the driver unloads; if that happens the thread will jump into invalid memory."
Can Linux avoid this problem?
Re:How about . . . (Score:4, Informative)
Can Linux avoid this problem?
Linux lets you do the retarded thing and forcibly remove kernel modules, or lets you mark them as removed and only really remove them after anything currently using them has finished.
Parent
Re:How about . . . (Score:4, Funny)
Battlefield 2 did. This is why the third thing I did after installing it was "crack it", and is also one of the reasons I haven't bought the sequel.
(The first thing I did after installing was "try to run it", and the second was "swear at EA".)
Parent
R U sure that you know what U are talking about? (Score:4, Insightful)
(subject line done in illiterate speak to fit)
I didn't get the impression that this was a DRM issue. I took it more as an anti-cheat measure for on-line play. Given that there are huge numbers of players who think it's neat to win by loading up some warez that gives your game an unfair advantage against other on-line players, it's not too unreasonable to have code that detects some of the more common cheats. Unfortunately, when monitoring software starts hooking itself in places where it's not expected, it can look a lot like the cheating software.
Parent
Re:R U sure that you know what U are talking about (Score:4, Informative)
I know of at least one piece of anti-copying software which specifically checks for filemon (as it was at the time, this was before process monitor appeared).
Parent
Re:R U sure that you know what U are talking about (Score:4, Informative)
Hello,
'Process Explorer' has dumping capabilities as well as registry monitor / file monitor capabilities. This could be used to trace the behavior of SecuROM.
Therefore, we do not allow the game to start when this software is active.
We have no immediate plans to allow this software in the future.
Best regards,
SecuROM Support Team
SecuROM on the web: http://www.securom.com/ [securom.com]
or via e-mail: support@securom.com
They have always been this idiotic, it's nothing to do with cheating.
They also blacklist software capable of mounting ISOs as virtual discs, as I found out a few years ago. Except in that case, the choice was "Uninstall the software or do not play the games you bought." Fucking blow me Sony. There's cracks everywhere and we both know it, so let me play the damn game.
Parent
Re:R U sure that you know what U are talking about (Score:4, Informative)
They're not mutually exclusive, and neither perspective is more important than the other, let alone worthy of the arrogant frothing-at-the-mouth tone you took.
I didn't mean to come off as frothing in support of my take on it. My beef is only with SecuROM. Sorry if it seemed like I was giving the parent a doing over. He said:
I didn't get the impression that this was a DRM issue. I took it more as an anti-cheat measure for on-line play.
And I don't agree. We're talking intent here: SecuROM doesn't do any sort of checking for cheats, and they already stated that they detect it solely to trip up crackers. That a dumper/debugger can be used to find methods of cheating is incidental, so I don't see that position as being well supported.
And if you ask a software developer or system admin about the tools, you'll get the equivalent of asking a locksmith about lock picking tools.
Well SecuROM made the lock and they are the software developer. They're bastards, but they're pretty upfront about what the prevention is for, and it's not cheat prevention or detection.
Parent
Re: (Score:3, Interesting)
It's not a BUG at all, it's a deliberate choice. For example Spore's implementation of Securom will NOT allow the game to run if it finds that in the background.
Re:How about . . . (Score:5, Insightful)
I consider this a bug in the custommer. They shouldn't buy games which are deliberately bugy and defective by design ... and now, burn, karma, burn... :)
Parent
Re:How about . . . (Score:5, Insightful)
A bug in software most frequently arises due to bad, or insufficient logic being applied.
I'd say that failing to run because somebody happens to have another (and in this case fully supported by Microsoft) program running in the background.
You can see where the suits (and some knee jerk reactions from developers) are looking; If we put that bit in there, we're safe.
However, the cracks that appear ensure that this is not the case. As has been noted many times on /. DRM does not affect the people who grab the cracked versions and have no intention of ever paying. It only affects someone who has already given the company their money.
This results in a bad customer experience, lowering the credibility of the games house.
In my eyes, this makes the logic applied by the developers (include this, and we'll be safe, and the world will be a better place, and no customer could ever object to this) is inherently flawed. This flaw makes its way into the design.
The design is implemented in the software, which causes an issue with various other applications the end user may wish to run.
So, the logic used in the design results in a piece of software not running. Whether the intent was to have this happen or not, the logic is flawed, thus making it a bug.
Parent
Re:How about . . . (Score:5, Insightful)
I'd most certainly list it as a bug.
Why does the game publisher think it has any rights at all regarding what I run on my PC?
Parent
Finally.. (Score:5, Interesting)
Multiple desktops without annoying flicker. Never understood why multiple desktop managers on windows used window hiding instead of real multiple desktops which were built in into NT family from at least NT4.
Oh well.. Maybe it's too late for me anyway to get used to multiple desktops because now I'm just using 2 lcd panels which provides real multiple desktops and I don't see the point in multiple virtual desktops anymore.
Process monitor looks sweet though.
Mark Russinovich is well known windows system hacker and I always liked his work. Nice to see that after acquisition of sysinternals by MS he still writes software.
Re: (Score:3, Interesting)
Desktops reliance on Windows desktop objects means that it cannot provide some of the functionality of other virtual desktop utilities, however. For example, Windows doesn't provide a way to move a window from one desktop object to another, and because a separate Explorer process must run on each desktop to provide a taskbar and start menu, most tray applications are only visible on the first desktop. Further, there is no way to delete a desktop object, so Desktops does not provide a way to close a desktop, because that would result in orphaned windows and processes. The recommended way to exit Desktops is therefore to logoff.
Re:Finally.. (Score:5, Insightful)
Parent
Finally..shelling out. (Score:2)
Something that can be gotten around by using an alternative shell like Talisman or others.
Re: (Score:2)
I didnt check state of things for a while but Talisman and others seem not to use native win32 desktops either - they just hide windows/taskbar items. Under heavy load this becomes annoying as windows take some time to restore from minimized state. Correct me if I'm wrong. Didn't look at alternative shells for about maybe 8 years now.
Indeed moving window from one real win32 desktop to another is not possible, because desktop "owns" the window and there's no way to change parent. This is just a limitation of
Re:Finally.. (Score:5, Interesting)
Maybe it's too late for me anyway to get used to multiple desktops because now I'm just using 2 lcd panels which provides real multiple desktops and I don't see the point in multiple virtual desktops anymore.
I use two screens AND multiple desktops... More screens and more desktops serve different purposes. You use more screens so you have more pixels for the same task. You use more desktops so you can separate tasks by putting all the windows you need for 1 task on 1 desktop.
Parent
/. and Microsoft articles... (Score:2)
Hands up if you are reading via MSDN! Come on, admit it!
Re:/. and Microsoft articles... (Score:5, Insightful)
Plus, Mark was the one who discovered and publicised the Sony rootkit, when all the professional AV guys were too incompetent or traitorous to say anything. That ought to give him enough karma to go unflamed on Slashdot once or twice.
Parent
Obligatory (Score:2)
Sweet (Score:3)
Finally a free multiple desktop program for x64 Windows XP.
Hang on to your old versions... (Score:2, Flamebait)
Anyone know where we can get the old versions. The pre-Microsoft versions?
One person's 'upgrade' is another's 'hobbled'. Why did the size of so many Sysinternals utilities increase in size from 1-200K to over 1MB for no change in functionality?
For more see posts at: http://www.portablefreeware.com/ [portablefreeware.com]
Re:Hang on to your old versions... (Score:4, Insightful)
Parent
Re: (Score:2)
http://court.shrock.org/sysinternals/ [shrock.org]
http://court.shrock.org/sysinternals-bt/ [shrock.org]
This seems to be a partial mirror. I thought I saw a collection posted to /. back when Mark first announced his assimilation, perhaps someone can dig it up from the /. archive? It is possible the Shrock "bt" collection is that collection.
Re: (Score:2, Informative)
Why did the size of so many Sysinternals utilities increase in size from 1-200K to over 1MB for no change in functionality?
They added a EULA and a call to iexplore http://www.live.com./ [www.live.com] In Redmond, that's about 800k.
Is Desktops-1.0 any better than powertoy version? (Score:4, Informative)
For instance, popups for an application on another desktop would show up on another desktop, even with application sharing off. I would get modal dialog boxes that would pop up, lose focus and fall under my current window. Then when I'd go to check on that application, I couldn't interact with it until I found which desktop an orphaned dialog box was hidden on (it wouldn't get a taskbar slot since it was the child of a process on another desktop). Thunderbird was one of the worst offenders when I'd have to re-enter my password.
Also, firefox would some times 'shift' when I'd change windows too many times, and I found that the CPU bug would trip off easier. The deal breaker, for me, was that switching desktops would screw up Office 2000 applications (shifting the internal frames, some times leaving an app unresponsive, etc.), and at work I have to deal with an internal Access application.
Nothing like starting up the editor on one desktop, documentation on another, firefox with google at the ready on another, and the application/database window on the fourth desktop. Access or the application would crash/move itself if I switched back and fourth too quickly too often, and I was constantly waiting on Firefox to restart after causing the CPU bug to trip and take so many cycles that I couldn't switch desktops to the one with the task manager open. The net gain was a complete loss in productivity, as compared to compiz where I find myself about twice as productive.
At home on my 'doze box, I've got dual screens, but it would be nice to have dual screens with a functioning multiple desktop setup. Does anyone have any hints for this, or think Desktops-1.0 will improve upon the situation?
If I could afford it (broke software development major - my rig is always a generation behind what is 'standard', and two behind bleeding edge), I'd probably just get a third screen and be done with it, but multiple desktops is my only viable solution until I have some cash that isn't earmarked for more important hardware.
Mark Russinovic is GOD. (Score:2)
I have and use all the Systernals stuff, especially Process Monitor.
I just dont agree with him on the Ram Manager issue, but then, I dont have a superdome with 2GB of ram.
Re: (Score:3, Funny)
Re: (Score:2)
I dunno?
If we're going to use the Bible than God created us. It has been said that humans are the ultimate open source. I cry "Bullshit." Every time I see that it makes me cringe. If we were open source why the hell are we still attempting to decrypt it and reverse engineer it after all these years? Where can we go to actually get the code???
Re: (Score:2)
Ram Manager issue?
Are you one of these people that thinks mallocing a whole bunch of RAM and then freeing it actually has some benefit?
Well it doesnt.
Re: (Score:3, Insightful)
Oh contraire mon frere.
It makes the system heap smaller, and flushes out LRU crap from the OS. Something that it should have had in a feature all along. It works increibley well on a Terminal server. Excellent. Increases stability, speed, usability, capacity.
Marks solution? Buy a laptop with 4GB of ram, and get your company give you a superdome to play with.
Mark? Can I have your Superdome?
Just wow. (Score:5, Interesting)
I actually clicked through and read about he virtual desktops. Just wow. I haven't followed Windows closely since 98SE and NT4 and it is amazing how little has changed. They still haven't caught up to things us Linux folk have had since FVWM in 1996. Virtual desktops should not be rocket science folks, the fact Windows is still struggling with them is shocking. More cash on hand than the Pope in Rome, as close to unlimited development resources as any mortal entity and they can't do easy stuff. No wonder they worked years and finally (still) birthed the horror called Vista.
They truly are kept alive by fear and ignorance. Ignorance in the mass consumer public that anything else even exists, and that 'all computers' are as unreliable as Windows and fear amongst those who DO know that their hard earned Windows Power User secret lore would be useless in a world without Windows.
Re: (Score:2)
Re: (Score:2)
They keep creating weird architectural constraints. A windows application at my site needs to spend an hour or so generating a report. Recently it stopped working and the cause turned out to be an IT policy mandating automatic screen lock after 10 minutes of inactivity. Integration between our application and Microsoft office seems to go through the UI and this isn't allowed to work when the screen is locked.
That's just plain laziness on the part of the app developers - Office has a perfectly well documented API which you can follow and totally ignore the UI.
Mind you, IME those developers are in very good company. It's remarkable how many companies have built a business around flogging some cheap & nasty VB monstrosity hacked up by the work experience kid over the course of a few afternoons.
Re: (Score:3, Insightful)
If you look around, I think you will find that most people don't care about virtual desktops. And I don't mean just Windows users. Mac users generally don't care, and Linux users generally don't care, either. Perhaps, if more people had been crying to have the feature, Microsoft would have implemented it sooner. Because you are right: it isn't rocket science. Still, I think Microsoft made the right choice in playing catch up in other races, first: stability, support for Internet protocols and standard, secu
Re: (Score:2)
You're completely wrong. It's a standard feature of Ubuntu and Vista, and everyone under 25 uses it.
Re: (Score:3, Insightful)
Windows has always been about multi-monitor support rather than virtual desktops. However, I doubt most users care about or use either.
Re: (Score:3, Informative)
Virtual desktops have been around a lot longer than since 1996. Stan Switzer wrote a virtual desktop ("recursive window manager") called "winwin [google.com]" in PostScript for the NeWS [wikipedia.org] window system in 1989.
At Sun in the early 90's, we wrote a combined X11/NeWS window manager that supported scrolling over a big virtual desktop space as well as separate rooms, and it seamlessly managed both X11 windows and NeWS windows, supporting customizable window frames with tabs and pie menus for window management commands. It c
Lame (Score:2, Interesting)
From TFA:
Desktops reliance on Windows desktop objects means that it cannot provide some of the functionality of other virtual desktop utilities, however. For example, Windows doesn't provide a way to move a window from one desktop object to another, and because a separate Explorer process must run on each desktop to provide a taskbar and start menu, most tray applications are only visible on the first desktop. Further, there is no way to delete a desktop object, so Desktops does not provide a way to close
Re: (Score:2)
<list of misfeatures of Desktops 1.0>
Remember, folks. This is what "1.0" means in the world of proprietary software. Remember that, next time you're using apt version 0.6.46.4, detach 0.2.3, or QEMU 0.9.1.
Great, but what about Protection Manager? (Score:5, Informative)
They may be updating the Sysinternals tools (after changing the EULA's on them all), but what about Protection Manager? That looked like a great product (and one we were planning to buy), but was conveniently buried the second Microsoft acquired Winternals & Sysinternals.
Protection Manager was launched in March 2006, and removed from the market by Microsoft in November that same year. It was the first thing I looked for when Microsoft acquired Winternals and while I wasn't surprised to see it removed, I've been waiting ever since in the hope that it would be re-launched. That has never happened, and my belief now is that Microsoft deliberately buried it, thinking it would hurt Vista sales.
Protection Manager was a program that gave system administrators a simple and effective way to whitelist the applications that could be run on their network. The idea was that you ran it for a few weeks to generate a baseline list of allowed applications, then turned on protection, after which non authorised programs would be stopped until approved by an administrator. It also allowed you to run individual applications with admin rights, making the management of legacy software far simpler.
Most of the literature regarding the program has gone now, but this is a handy guide:
http://www.inuit.se/?page=130 [inuit.se]
A few choice quotes from MS:
"the decision was made to withdrawal Winternals Recovery Manager, Defrag Manager and Protection Manager in their current form from the market effective November 17th 2006"
Q. What is the future of Protection Manager?
A. Winternals Protection Manager has been withdrawn from the product line. Many Protection Manager usage scenarios are addressed by the new User Account Control feature of Windows Vista."
source: http://www.microsoft.com/systemcenter/wifaq.mspx [microsoft.com]
Personally, I don't see that UAC offerse half the features Protection Manager did, and we have no desire to move over to Vista anyway. To me, it looks like Microsoft removed from the market a program that would have been genuinely useful to many of their customers, once again putting sales & marketing ahead of security and their customers.
Re: (Score:2, Funny)
Athy is a market town situated at the convergence of the River Barrow and the Grand Canal in County Kildare, Ireland.
http://en.wikipedia.org/wiki/Athy [wikipedia.org]
Athy was a constituency represented in the Irish House of Commons to 1800.
http://en.wikipedia.org/wiki/Athy [wikipedia.org] (Parliament of Ireland constituency)
I'm more Athy than you. I'm the Athiest.
Re:Athiests update world domination time-table. (Score:5, Funny)
I put on my wizard robe and hat...
Parent