sysinternals undelete

The parent process file handle is occupied by the process, and the process handle is occupied by the Process Handle. Parent process file handle used by quilt ProcessScenario Description:1.parent path a uses javasfopento open (create a file named file.exe. tmp)2. The parent process downloads and writes data for a long time.3. Use fclose to close the file handle after downloading and writing.4.rename file.exe.tmpas file.exeThe above is an ideal code execution process.Problem:In step 4, renaming a

cannot be repeated. what are the repeated situations? Oh, that's what I met. You can add a domain, but you cannot log on to the domain after adding a domain. Solution ========== Return domain. Use the local administrator to log on. Use a tool called newsid to generate a new random sid. Restart. Add domain. Login successful. This tool is no longer available for download by Microsoft. References ==================== Http://geekswithblogs.net/mhamilton/archive/2005/05/01/38825.aspx Http://blogs

;//GetSystemTime.cpp:Defines the entry point for the console application.#include"stdafx.h"#includeint_tmain (void) {SYSTEMTIME utc_time= {0 }; SYSTEMTIME Local_time= {0 }; GetSystemTime (utc_time); Getlocaltime (local_time); _tprintf (_t ("The UTC time is \ t:%02d:%02d:%02d.%0 3d\n"), Utc_time.whour, Utc_time.wminute, Utc_time.wsecond, utc_time.wmilliseconds); _tprintf (_t ("The local time is\t:%02d:%02d:%02d.%0 3d\n"), Local_time.whour, Local_time.wminute, Local_time.wsecond, local_time.wmilli

When a process is found to be consuming CPU high in Task Manager, export the process snapshot to C drive by following instructionsJstack-l process pid> c:/process PID. Stack To view the process PID method:Then we need to download the Microsoft-provided Process-explorer tool to see which thread is the CPU high: Https://docs.microsoft.com/zh-cn/sysinternals/downloads/process-explorerUnzip to open after downloadThen find the thread that consumes the CPU

PROCESS EXPLORER: http://www.xiazaiba.com/html/1473.htmlWindows system and application monitoring tools, developed by Sysinternals, are now incorporated into Microsoft's portfolio. Not only combines the capabilities of the Filemon (file monitor) and the Regmon (Registry Monitor) two tools, but also adds a number of important enhancements. Includes stability and performance improvements, powerful filtering options, modified process tree dialogs (Increa

Windows is typically installed in VirtualBox and then used in a seamless mode for certain software.The VirtualBox virtual hard disk will be larger, and the VirtualBox does not have its own cleanup tool, compared to VMware, VMware comes with a defrag tool.Here are the specific cleanup methods:1. If the virtual machine is using a system that is windows:① into the virtual machine, download sdelete,:http://technet.microsoft.com/en-us/sysinternals/bb897443

I will answer more questions about readers this month. I will discuss issues such as Windows Communication Foundation WEB services running under a common user account and the use of classified technology and dual key control to protect credit card data. Q: When I run a simple windows®communication Foundation service as a non-administrator, why can't I start? A: The first thing I want to say is, it's nice to hear you test your code under a normal user account! This is an important aspect of the

following software: Microsoft Visual Studio 2008 windows 7 Windows 7 SDK Windows Sysinternals Process Explorer Set up This experiment requires that the Windows 7 SDK be properly integrated with Visual Studio 2008. You can do this by following these steps: 1. Click the Start menu to go to All Programs | Microsoft Windows SDK v7.0 | Visual Studio Registration, and then click the Windows SDK Configuration Tool. On the Windows SDK Configuration To

First, check that the startup item in the Start menu has a related startup software setting, and if so, it needs to be deleted. Use the System Configuration function realization to start to run Msconfig carriage return. Proceed to the System Configuration dialog box and select the Startup tab. Do not need to boot up the item before the option to check out. Start running with registry function regedit carriage return Open the Registry Editor win

bytes to "EC 03 00 00", as shown in Figure 2. (4) Important: Don't forget to reboot the computer! (5) After the reboot, create a new account admin with the same name, and its SID should be exactly the same as before. If you do not believe, you can use GetSID or PsGetSid and other tools to test. 2. "Cracking" EFS The next method is very simple, with the new Admin account login system, random encryption of a file, and then log off, with the Administrator account login system, the original ret

concealment, the virus author even directly replaces some of the system's less important and default-enabled service-loading code, such as "Distributed Link tracking Client ", whose default startup command is" Svchost-k Netsvcs ", if a virus replaces the launch command for its own set of groupings" NETSVSC ", that is," Svchost-k NETSVSC ", under this heterodoxy plus social engineering offensive, Even users with the general experience of drug search is difficult to detect the problem in the firs

Cause: Sysprep should have been selected to regenerate the SID, but in the hard drive to the copy process, the disk reboot inadvertently make the mirror system boot, so that some of the client Sid the same. (Note: The error here should be caused by the same susclientid, so the following solution is to delete and reactivate the build Susclientid.) In fact, Sysprep modifies the computer SID, and in my case, the SID of 2 computers is indeed different, but Susclientid is the same. To view the comp

After downloading click Install, can choose Install the tool, we only choose WinDbg to be able. Select 32-bit or 64-bit programs to run after installation under the Debuggers folder After opening WinDbg, you need to set the symbol path, you can press the shortcut key ctrl+s. Paste in the following path to save. The system will automatically download the required symbol table when the dump parsing and other operationsSRVc:\symcachehttp://msdl.microsoft.com/download/symbol

DbgView is a free tool for grabbing log, capturing and outputting the output of the OutputDebugString () function, and outputting the Dbgprint log in Windows Driver for Windows driver It is very helpful to develop and debug.However, the tool has not been updated for a long time, the latest version is the V4.81 version, is the remote December 2012 release, the specific download link is:https://technet.microsoft.com/en-us/sysinternals/debugview.aspx?f=2

An extra Linux swap partition-general Linux technology-Linux technology and application information. For more information, see the following. Divide a hard disk into Several partitions and install two Windows and Linux systems. One day, use PQ Magic in Windows to check that the entire hard disk has only one partition and is yellow. Other operations are not allowed. Maybe there is a problem with the hard disk partition table, but I don't know how to solve it. In Linux, I found that there was only

attribute, any process can only modify files under the Directory, and does not allow creation or deletion of files. D No dump. During file system backup, the dump program ignores this file. C Compress. The system compresses the file transparently. When reading from this file, the returned data is extracted. when writing data to this file, the data is first compressed before being written to the disk. S Secure Delete. Let the system fill in the area of the file with 0 when deleting this file. U

, table. rows[i]["column name"]b, table. Rows[i][i]C, table[i]. Column names (column names are not quoted)7 "read out a specific lineDataTable table;Datarow[] selectrow=table. Select ("Column name = '" + holds a specific variable.) ToString () + "'");Select one of the rows: selectrow[index]Ii. Delete rows in a DataTable three methods: (DataTable.Rows.Remove (DataRow Dr), DataTable.Rows.RemoveAt (i), Datarow.delete ())Delete Rows in a DataTable to pay attention to index problems, there are genera

the system not to modify the last access time of this file.S: Sync. Once the application writes the file, the system immediately writes the modification result to the disk..A: Append Only. The system Only allows data to be appended to this file. no process is allowed to overwrite or intercept this file.Files. If the directory has this attribute, the system will only allow you to create and modify files under this directory, but not delete files.Except any files.I: Immutable. The system does not

]. Column names (column names are not quoted)7"read out a particular row of DataTable table; Datarow[] SelectRow=table. Select ("Column name = '"+ Store a specific variable. ToString () +"'"); Select one of the rows: selectrow[index]I. Datasets, DataTable, DataRow, DataColumnDelete rows in a DataTable to be aware of indexing problems, there are generally two methods: 1 when using for loops, note that the counter initial value is the table length, which is the self-reducing loop. DataTable.Rows.R

functions 1. login/logout/Account maintenance: Based on the Session and AA functions provided by the Web server or Web framework, login/logout/Account maintenance can be created and logged out based on users. 2. Query/View/Create/Delete/Undelete/Import/: add, Delete, modify, Query, and Import data based on DB/ORM and Pagination. 3. Front verification/Front control (JavaScript): Almost all Front-end verification uses JavaScript. You can consider using