Forgot your password?
typodupeerror
Windows Operating Systems Software Microsoft Upgrades IT

Microsoft Updates Multiple Sysinternals Tools 179

Posted by timothy
from the might-as-well-make-the-best-of-it dept.
wiedzmin writes "A couple of very useful updates have just been released by Microsoft for the ever so popular Sysinternals tool set. The most notable one is ProcessMonitor v2.0 which will now include 'real-time TCP and UDP monitoring.' Another one, released earlier this year — Desktops 1.0, provides a very unique multi-thread way to get multiple desktops running on your Windows box."
This discussion has been archived. No new comments can be posted.

Microsoft Updates Multiple Sysinternals Tools

Comments Filter:
  • How about . . . (Score:5, Insightful)

    by OverlordQ (264228) on Friday October 03, 2008 @12:28AM (#25242317) Journal

    How about making it so ProcessMonitor actually fully unloads when you quit. Nothing is more aggravating then having to reboot because a lot of games consider it a hacking tool and refuse to run.

    • Re:How about . . . (Score:5, Insightful)

      by fuzzyfuzzyfungus (1223518) on Friday October 03, 2008 @12:33AM (#25242343) Journal
      Your complaint is fair(unless there is some hardcore Windows internals reason that Russinovich has his reasons for); but I am struck by the fact that sharing a platform with applications that treat you with suspicion and contempt is normal.
    • Re:How about . . . (Score:5, Informative)

      by Anonymous Coward on Friday October 03, 2008 @01:30AM (#25242599)

      Process Monitor loads a kernel driver in order to hook in and read everything the system is doing. Making a kernel driver unload while the system is running is hard, and in some cases, impossible to do without risking the stability of the kernel.

      If I ever come across software that treats the best damn troubleshooting toolset available for Windows as as being unfit to run alongside, then that software will come across an express ride to the Recycle Bin.

      • Re:How about . . . (Score:5, Interesting)

        by nog_lorp (896553) * on Friday October 03, 2008 @03:29AM (#25243027)

        Look to the popular cheating tool CheatEngine for an open source example of a kernel driver that unloads on demand.

      • Re:How about . . . (Score:5, Insightful)

        by someone300 (891284) on Friday October 03, 2008 @03:39AM (#25243065)

        Making a kernel driver unload while the system is running is hard,

        Nearly every Linux kernel module manages it.. (rmmod).

        • Re: (Score:3, Insightful)

          by jonadab (583620)
          However, there may be some significant differences between Linux and the NT kernel, both in terms of the design and the implementation. It may be that not everything that's hard to do with one of them is automatically also hard to do with the other.
        • Re: (Score:3, Insightful)

          by jweatherley (457715)

          The problem is that the ProcessMonitor driver hooks the system call table. The author, Mark Russinovich, states:

          "It's never safe to unload a driver that patches the system call table since some thread might be just about to execute the first instruction of a hooked function when the driver unloads; if that happens the thread will jump into invalid memory."

          Can Linux avoid this problem?

      • by ZorbaTHut (126196) on Friday October 03, 2008 @08:05AM (#25244219) Homepage

        Battlefield 2 did. This is why the third thing I did after installing it was "crack it", and is also one of the reasons I haven't bought the sequel.

        (The first thing I did after installing was "try to run it", and the second was "swear at EA".)

      • Try opening device manager, finding the procmon driver name, doing "sc.exe stop <name>". If it succeeds, you can then do "sc.exe delete <name>" (although it will probably already be marked for deletion so the second probably won't be necessary). Boom, unloaded.

        Worst that could happen (theoretically) is Windows simply refuses to stop the driver. Although I suppose some badly coded drivers could bluescreen.

        • Oh yeah in Device Manager you gotta show hidden devices to see these software drivers, and then look under Non-Plug and Play Drivers.
    • Re: (Score:2, Insightful)

      by Talrinys (888624)
      While that is of course true, do you really think that it's Microsofts problem that game developers are paranoid about useful tools? Of course it's a fault at Microsofts end that it doesn't unload correctly, but there is a much deeper and more interesting question as to why consumers have no control over their own computers.
    • by Schnapple (262314)
      You're referring to Process Explorer and yes, this was its behavior.

      It was fixed, however, in version 11.0.

      The version of SecuROM that comes with Armed Assault, S.T.A.L.K.E.R (European release only), Neverwinter Nights 2, Command & Conquer 3: Tiberium Wars (patched to v1.04), Tomb Raider Anniversary (demo and full version), Overlord, BioShock (demo and full version), Hellgate: London (single player mode), Rayman Raving Rabbids (PC version), World in Conflict (single-player campaign only) and Spore (
    • by Thelasko (1196535)
      I'm happy if it tells me what DLLs svchost.exe is running
  • Finally.. (Score:5, Interesting)

    by sw155kn1f3 (600118) on Friday October 03, 2008 @12:49AM (#25242409)

    Multiple desktops without annoying flicker. Never understood why multiple desktop managers on windows used window hiding instead of real multiple desktops which were built in into NT family from at least NT4.
    Oh well.. Maybe it's too late for me anyway to get used to multiple desktops because now I'm just using 2 lcd panels which provides real multiple desktops and I don't see the point in multiple virtual desktops anymore.
    Process monitor looks sweet though.
    Mark Russinovich is well known windows system hacker and I always liked his work. Nice to see that after acquisition of sysinternals by MS he still writes software.

    • Re: (Score:3, Interesting)

      by PsyberS (1356021)
      Perhaps some of the limitations are the reason people use the other virtual desktop managers? From TFA:

      Desktops reliance on Windows desktop objects means that it cannot provide some of the functionality of other virtual desktop utilities, however. For example, Windows doesn't provide a way to move a window from one desktop object to another, and because a separate Explorer process must run on each desktop to provide a taskbar and start menu, most tray applications are only visible on the first desktop. Further, there is no way to delete a desktop object, so Desktops does not provide a way to close a desktop, because that would result in orphaned windows and processes. The recommended way to exit Desktops is therefore to logoff.

      • Re:Finally.. (Score:5, Insightful)

        by urbanriot (924981) on Friday October 03, 2008 @01:24AM (#25242569)
        On the upside of that, if an app crashes on one desktop, it won't bring explorer down on the others.
        • But, on the downside, it seems to prevent apps on the other desktop from responding to each other. Some reason I can't get Firefox running on another "desktop".

          "Firefox is already running but not responding... " etc.

          Which is now making me wonder what is and isn't really running. Hopefully (and I assume) it's just an issue with threads not being able to talk to existing threads...

      • Something that can be gotten around by using an alternative shell like Talisman or others.

        • I didnt check state of things for a while but Talisman and others seem not to use native win32 desktops either - they just hide windows/taskbar items. Under heavy load this becomes annoying as windows take some time to restore from minimized state. Correct me if I'm wrong. Didn't look at alternative shells for about maybe 8 years now.
          Indeed moving window from one real win32 desktop to another is not possible, because desktop "owns" the window and there's no way to change parent. This is just a limitation of

      • by Hatta (162192)

        Are there other virtual desktop managers that actually work? All of them that I've found have serious problems, like taking 5 seconds to switch a desktop, or shuffling the order on my task bar after switching.

    • Re:Finally.. (Score:5, Interesting)

      by The_Noid (28819) on Friday October 03, 2008 @04:20AM (#25243241) Journal

      Maybe it's too late for me anyway to get used to multiple desktops because now I'm just using 2 lcd panels which provides real multiple desktops and I don't see the point in multiple virtual desktops anymore.

      I use two screens AND multiple desktops... More screens and more desktops serve different purposes. You use more screens so you have more pixels for the same task. You use more desktops so you can separate tasks by putting all the windows you need for 1 task on 1 desktop.

    • Well, I don't have the time to compare, but certain apps are generating errors when being asked to run on both "pseudo desktops". Firefox and Opera most notably. Safari & IE7 are currently escaping at least a bit.

      A "Hider" would still be operating in the same App space, right? So all the apps would open, and the visibility would be toggled.

      This might have modestly serious implications at a deep level.

    • by mariushm (1022195)

      The windows hiding part was done to mentain compatibility with some Windows 3.1 and Windows 95 programs that abused some window positioning API functions to determine if they were minimized or not instead of using the proper API.
      It was also needed to make Windows run with several monitors not just one.
      There's lots of posts about this on Raymond Chen's blog (http://blogs.msdn.com/oldnewthing/)

  • Hey, this is the third post, and there hasn't been a flame yet! Has /. been redirected to a more Microsoft friendly audience today?

    Hands up if you are reading via MSDN! Come on, admit it!
    • by fuzzyfuzzyfungus (1223518) on Friday October 03, 2008 @01:04AM (#25242483) Journal
      Team Slashdot may not like Windows very much; but when you have to get your hands dirty with Windows, having the sysinternals tools makes your life less unpleasant.

      Plus, Mark was the one who discovered and publicised the Sony rootkit, when all the professional AV guys were too incompetent or traitorous to say anything. That ought to give him enough karma to go unflamed on Slashdot once or twice.
  • I don't run Windows, you insensitive clod!
    • Re: (Score:2, Insightful)

      by jonadab (583620)
      This is interesting to me even though I don't run Windows on my own computer, because sometimes other people use Windows, and since I am an IT professional that means I occasionally encounter it. YMMV.
  • by Beached (52204) on Friday October 03, 2008 @01:14AM (#25242523) Homepage

    Finally a free multiple desktop program for x64 Windows XP.

    • I haven't run it on XP 64bit, but Virtual Dimension [sourceforge.net], despite the last version coming from 2005, runs well on my Vista 64bit version. (even I didn't expect that)
  • Anyone know where we can get the old versions. The pre-Microsoft versions?

    One person's 'upgrade' is another's 'hobbled'. Why did the size of so many Sysinternals utilities increase in size from 1-200K to over 1MB for no change in functionality?

    For more see posts at: http://www.portablefreeware.com/ [portablefreeware.com]

  • by Gazzonyx (982402) on Friday October 03, 2008 @01:26AM (#25242577)
    I used to used the powertoys multiple desktop thing, but it was always so kludgy.

    For instance, popups for an application on another desktop would show up on another desktop, even with application sharing off. I would get modal dialog boxes that would pop up, lose focus and fall under my current window. Then when I'd go to check on that application, I couldn't interact with it until I found which desktop an orphaned dialog box was hidden on (it wouldn't get a taskbar slot since it was the child of a process on another desktop). Thunderbird was one of the worst offenders when I'd have to re-enter my password.

    Also, firefox would some times 'shift' when I'd change windows too many times, and I found that the CPU bug would trip off easier. The deal breaker, for me, was that switching desktops would screw up Office 2000 applications (shifting the internal frames, some times leaving an app unresponsive, etc.), and at work I have to deal with an internal Access application.

    Nothing like starting up the editor on one desktop, documentation on another, firefox with google at the ready on another, and the application/database window on the fourth desktop. Access or the application would crash/move itself if I switched back and fourth too quickly too often, and I was constantly waiting on Firefox to restart after causing the CPU bug to trip and take so many cycles that I couldn't switch desktops to the one with the task manager open. The net gain was a complete loss in productivity, as compared to compiz where I find myself about twice as productive.

    At home on my 'doze box, I've got dual screens, but it would be nice to have dual screens with a functioning multiple desktop setup. Does anyone have any hints for this, or think Desktops-1.0 will improve upon the situation?

    If I could afford it (broke software development major - my rig is always a generation behind what is 'standard', and two behind bleeding edge), I'd probably just get a third screen and be done with it, but multiple desktops is my only viable solution until I have some cash that isn't earmarked for more important hardware.

    • Had nobody here seen Dexpot [dexpot.de]?
      • Re: (Score:2, Interesting)

        by AMindLost (967567)
        Yes, I've used Dexpot on my office, home and laptop PCs. Home and Office have dual monitors and Dexpot allows me to have multiple, dual-screen desktops with almost no problems at all. I have one application which will put it's progress bars on the current desktop instead of the one the application is on and there are a couple of graphical glitches here and there but on the whole I'd thoroughly recommend it.
      • Another possibilty: Virtual Dimension [sourceforge.net]. (works fine on my XP 32bit and Vista 64bit)
      • by Hatta (162192)

        I just gave this a shot. It's faster than virtuawin, which is good. But it still doesn't guarantee the order of windows on my taskbar. At least the window on top doesn't change like it can in VirtuaWin. But still, if I have half a dozen windows on two or more desktops, I'm going to be spending a lot of time looking for the one I want if they're always shuffled when I change windows.

    • See my comment http://tech.slashdot.org/comments.pl?sid=984089&cid=25242409 [slashdot.org]
      These are indeed "real" desktop switching with win32 isolated desktops, not some window hiding/unhiding like most if not all windows desktop managers do. You can't move windows around desktops as result, but it's not actually very major annoyance compared to sluggishness of all desktop switchers I tried.
      Funny thing that "real" desktop switcher app was even included in platform sdk but it never worked since w2k - some problems wit

  • I have and use all the Systernals stuff, especially Process Monitor.

    I just dont agree with him on the Ram Manager issue, but then, I dont have a superdome with 2GB of ram.

    • Highly unlikely. God doesn't use MS products, just look at the Bible, completely open source... every sect has it's own way of reading and writing the thing.
      • by KGIII (973947) *

        I dunno?

        If we're going to use the Bible than God created us. It has been said that humans are the ultimate open source. I cry "Bullshit." Every time I see that it makes me cringe. If we were open source why the hell are we still attempting to decrypt it and reverse engineer it after all these years? Where can we go to actually get the code???

      • by Lennie (16154)

        And here is de 'evidence': http://xkcd.com/224/ [xkcd.com]

        :-)

    • by ozphx (1061292)

      Ram Manager issue?

      Are you one of these people that thinks mallocing a whole bunch of RAM and then freeing it actually has some benefit?

      Well it doesnt.

      • Re: (Score:3, Insightful)

        by killmofasta (460565)

        Oh contraire mon frere.

        It makes the system heap smaller, and flushes out LRU crap from the OS. Something that it should have had in a feature all along. It works increibley well on a Terminal server. Excellent. Increases stability, speed, usability, capacity.

        Marks solution? Buy a laptop with 4GB of ram, and get your company give you a superdome to play with.

        Mark? Can I have your Superdome?

  • Just wow. (Score:5, Interesting)

    by jmorris42 (1458) * <`jmorris' `at' `beau.org'> on Friday October 03, 2008 @01:36AM (#25242625)

    I actually clicked through and read about he virtual desktops. Just wow. I haven't followed Windows closely since 98SE and NT4 and it is amazing how little has changed. They still haven't caught up to things us Linux folk have had since FVWM in 1996. Virtual desktops should not be rocket science folks, the fact Windows is still struggling with them is shocking. More cash on hand than the Pope in Rome, as close to unlimited development resources as any mortal entity and they can't do easy stuff. No wonder they worked years and finally (still) birthed the horror called Vista.

    They truly are kept alive by fear and ignorance. Ignorance in the mass consumer public that anything else even exists, and that 'all computers' are as unreliable as Windows and fear amongst those who DO know that their hard earned Windows Power User secret lore would be useless in a world without Windows.

    • They keep creating weird architectural constraints. A windows application at my site needs to spend an hour or so generating a report. Recently it stopped working and the cause turned out to be an IT policy mandating automatic screen lock after 10 minutes of inactivity. Integration between our application and Microsoft office seems to go through the UI and this isn't allowed to work when the screen is locked.
      • by jimicus (737525)

        They keep creating weird architectural constraints. A windows application at my site needs to spend an hour or so generating a report. Recently it stopped working and the cause turned out to be an IT policy mandating automatic screen lock after 10 minutes of inactivity. Integration between our application and Microsoft office seems to go through the UI and this isn't allowed to work when the screen is locked.

        That's just plain laziness on the part of the app developers - Office has a perfectly well documented API which you can follow and totally ignore the UI.

        Mind you, IME those developers are in very good company. It's remarkable how many companies have built a business around flogging some cheap & nasty VB monstrosity hacked up by the work experience kid over the course of a few afternoons.

    • Re: (Score:3, Insightful)

      by RAMMS+EIN (578166)

      If you look around, I think you will find that most people don't care about virtual desktops. And I don't mean just Windows users. Mac users generally don't care, and Linux users generally don't care, either. Perhaps, if more people had been crying to have the feature, Microsoft would have implemented it sooner. Because you are right: it isn't rocket science. Still, I think Microsoft made the right choice in playing catch up in other races, first: stability, support for Internet protocols and standard, secu

      • by QuantumG (50515) *

        You're completely wrong. It's a standard feature of Ubuntu and Vista, and everyone under 25 uses it.

        • by dkf (304284)

          You're completely wrong. It's a standard feature of Ubuntu and Vista, and everyone under 25 uses it.

          But that's because everyone over 25 (who cares) buys multiple monitors. Why use virtual desktops when you can afford to make your real desktop big enough to hold everything?

          • by mortonda (5175)

            You're completely wrong. It's a standard feature of Ubuntu and Vista, and everyone under 25 uses it.

            But that's because everyone over 25 (who cares) buys multiple monitors. Why use virtual desktops when you can afford to make your real desktop big enough to hold everything?

            Because 6-12 monitors is too much cost and takes up too much room on my desk?

            Seriously, I use 6 virtual desktops all the time, just on my laptop. When I'm on my workstation, I have two monitors and 6 virtual desktops. And yes, I do frequently use all of them. (obviously not running Windows)

            • by mortonda (5175)

              Whoops, I forgot to mention the virtual machines running in which I use a few virtual desktops too. That one's a little ugly though.

            • by interiot (50685)
              Multi-megapixel displays [kvmsansv.com] are the future. For now though, having several displays connected together with "software-based KVM" [youtube.com] allows you to 1) use multiple OSes at the same time, without virtualization issues, 2) allows for fault-tolerance, because most things are running on their own separate environment, and 3) modern window managers don't do very well with multi-monitor setups, but Synergy allows them to work in a more "native" environment, which allows for fewer glitches/side effects.
      • The Digital Age is about Niches & Long Tails. Some of us care about multi-desktops (no matter how poorly done.)

        Having 9 items on my taskbar always irritated me. This feels a little cleaner.

      • by Xian97 (714198)
        Spaces is one of the new OS X Leopard features that I use the most. This Desktop 1.0 looks essentially like a clone of it. I have VMWare Fusion with an XP VM running in one desktop (for the few programs like Visio that I don't have a Mac equivalent) and my OS X apps on another desktop. I love the ease of switching to another desktop instead of minimizing windows to get to the app that I want.
    • Re: (Score:3, Insightful)

      by Nightspirit (846159)

      Windows has always been about multi-monitor support rather than virtual desktops. However, I doubt most users care about or use either.

      • (Desperately avoids the $implications)

        I'll settle for the space issues. I hunkered down to get a new monitor, and upgraded from a 19" to a 28" monitor. It feels proportionally right for my desk, so I really cannot imagine any further monitor necessary for a long time.

      • by pla (258480)
        Windows has always been about multi-monitor support rather than virtual desktops. However, I doubt most users care about or use either.

        You joke, right?

        Once you've set up a two-headed machine, you will never go back. Even if it means you have to buy your own to use on your work machine. It helps that much.

        Perhaps if you only ever have one app open at a time, you wouldn't care. If you do any software development, any multimedia work, any online research where you might like having two browser window
        • Once you've set up a two-headed machine, you will never go back. Even if it means you have to buy your own to use on your work machine. It helps that much.

          Meh, not really. I had a two-headed machine. Two 19-inch LCD monitors. It was kind of neat, but I didn't actually see the use of it. I can only look at one thing at a time and I know how to alt-tab. I got rid of the other monitor and never asked for a second one again. And in case you're wondering, I am a coder.

    • Re: (Score:3, Informative)

      by SimHacker (180785)

      Virtual desktops have been around a lot longer than since 1996. Stan Switzer wrote a virtual desktop ("recursive window manager") called "winwin [google.com]" in PostScript for the NeWS [wikipedia.org] window system in 1989.

      At Sun in the early 90's, we wrote a combined X11/NeWS window manager that supported scrolling over a big virtual desktop space as well as separate rooms, and it seamlessly managed both X11 windows and NeWS windows, supporting customizable window frames with tabs and pie menus for window management commands. It c

    • I haven't followed Windows closely since 98SE and NT4

      No wonder they worked years and finally (still) birthed the horror called Vista

      You have a pretty strong opinion regarding something you're admittedly ignorant about.

    • http://goscreen.info/ [goscreen.info] is a good virtual desktop program. Light resources too even for 9x. However, it's not free. :(

  • Lame (Score:2, Interesting)

    by Farenji (1306493)

    From TFA:

    Desktops reliance on Windows desktop objects means that it cannot provide some of the functionality of other virtual desktop utilities, however. For example, Windows doesn't provide a way to move a window from one desktop object to another, and because a separate Explorer process must run on each desktop to provide a taskbar and start menu, most tray applications are only visible on the first desktop. Further, there is no way to delete a desktop object, so Desktops does not provide a way to close

    • by RAMMS+EIN (578166)

      <list of misfeatures of Desktops 1.0>

      Remember, folks. This is what "1.0" means in the world of proprietary software. Remember that, next time you're using apt version 0.6.46.4, detach 0.2.3, or QEMU 0.9.1.

    • by KGIII (973947) *

      They have tried before with their PowerToys. I have to wonder if they sometimes cripple things these days intentionally so as to avoid being sued for anti-competitive behavior. It would be STUPID of them to do but that's not saying much, they've done some really fricken' stupid stuff before.

      • by Lennie (16154)

        And they still do. :-)

        Yeah, yeah, -10 redundant.

        • by KGIII (973947) *

          I'm not sure... I'm going with a +5 "Truthiness" for you. Don't forget that I'm *often* mistaken for a Microsoft fan (even an MVP) but really I think I'm pretty open and clear about how I feel about their choices sometimes. UAC - good choice that missed that humans aren't that bright. WGA? Shit stupid. The first has the user in mind, the second has a profit in mind. I don't mind profit at all and even own Microsoft stock. As a Microsoft "supporter" (which I'm not, hell I even use Linux see my homepage if yo

      • They seriously do this, in their weird onionskin way of hiding sneaky stuff under the guise of stupid mixed with stupid stuff masked under PR noise.

        The half extractor for Zip and the half-backup aka System Restore are my favorite examples.

  • by myxiplx (906307) on Friday October 03, 2008 @05:20AM (#25243503)

    They may be updating the Sysinternals tools (after changing the EULA's on them all), but what about Protection Manager? That looked like a great product (and one we were planning to buy), but was conveniently buried the second Microsoft acquired Winternals & Sysinternals.

    Protection Manager was launched in March 2006, and removed from the market by Microsoft in November that same year. It was the first thing I looked for when Microsoft acquired Winternals and while I wasn't surprised to see it removed, I've been waiting ever since in the hope that it would be re-launched. That has never happened, and my belief now is that Microsoft deliberately buried it, thinking it would hurt Vista sales.

    Protection Manager was a program that gave system administrators a simple and effective way to whitelist the applications that could be run on their network. The idea was that you ran it for a few weeks to generate a baseline list of allowed applications, then turned on protection, after which non authorised programs would be stopped until approved by an administrator. It also allowed you to run individual applications with admin rights, making the management of legacy software far simpler.

    Most of the literature regarding the program has gone now, but this is a handy guide:
    http://www.inuit.se/?page=130 [inuit.se]

    A few choice quotes from MS:
    "the decision was made to withdrawal Winternals Recovery Manager, Defrag Manager and Protection Manager in their current form from the market effective November 17th 2006"

    Q. What is the future of Protection Manager?
    A. Winternals Protection Manager has been withdrawn from the product line. Many Protection Manager usage scenarios are addressed by the new User Account Control feature of Windows Vista."
    source: http://www.microsoft.com/systemcenter/wifaq.mspx [microsoft.com]

    Personally, I don't see that UAC offerse half the features Protection Manager did, and we have no desire to move over to Vista anyway. To me, it looks like Microsoft removed from the market a program that would have been genuinely useful to many of their customers, once again putting sales & marketing ahead of security and their customers.

  • With out the code, the worth of these tools drops dramatically.

    I have the code from the older versions, I'll just stick with that, thanks.

  • Anybody ever wonder if Microsoft puts things into these tools to make them hide things that they don't want you to inspect? I liked these tools better when it was an independent group of Windows Kernel hackers, rather than an official Microsoft thing. They are still very useful tools, but I can't help but wonder what they might be hiding.

    I think these tools also rely on undocumented internal stuff, so it is difficult for a 3rd-party to build clones of them. (Depending on which tool we are talking about)

Last yeer I kudn't spel Engineer. Now I are won.

Working...