Share this page!

Jeroen Wiert Pluimers @wiert@mastodon.social Profile picture
Twitter logo
Dec 21 4 tweets 3 min read
Wondering why procexp.exe sees more handles than handle.exe

Both run from the same elevated user.

Even running as LocalSystem, handle.exe does not see all handles that procexp.exe sees. ProcExp.exe sees 6 handles with System32\cmd.exe in their naHandle.exe sees no handles with System32\cmd.exe in their naProcExp.exe sees 5 handles with \BCD in their name.Handle.exe sees no handles with \BCD in their name.
Handle.exe does support the backslash while searching as for \cmd.exe it does see entries, but still far less than ProcExp.exe does

- handle.exe: learn.microsoft.com/en-us/sysinter…
- procexp.exe: learn.microsoft.com/en-us/sysinter…

@markrussinovich any idea why this happens? ProcExp.exe sees 14 handles matching \cmd.exeHandle.exe sees 4 handles matching \cmd.exe
Oh, `resmon.exe` shows the same entries as `handle.exe`. Resmon.exe finds just 4 handles for \cmd.exeResmon.exe finds no handles for \BCD
Forgot this one from `resmon.exe`: searching for `System32\cmd.exe` returns none. System32\cmd.exe returns no results in resmon.exe.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jeroen Wiert Pluimers @wiert@mastodon.social

Jeroen Wiert Pluimers @wiert@mastodon.social Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jpluimers

Jeroen Wiert Pluimers @wiert@mastodon.social Profile picture
Dec 20
Dang. Didn't know that `bootcfg` would add another boot entry instead of overwriting the current one.

Also: I added the top one as `C:\Windows`, so why does the boot manager not show that anywhere? Hello Windows boot manager not showing the actual boot drive
`msconfig` shows it properly.

Somehow this Dell system would not boot with the stock configuration of `\WINDOWS`, but `C:\Windows` worked fine. Not sure why. msconfig does show the boot location.
Without the `C:` bit, it would not boot and Automatic Repair not only failed to repair, it also did not persist the `StrTrail.txt` file (when going to the command prompt it was not to be found on any of the drive letters). Automatic Repair Automatic Repair couldn't repair your PC Pr
Read 4 tweets
Jeroen Wiert Pluimers @wiert@mastodon.social Profile picture
Dec 16
Hoi, @locuta dit soort zoekresultaten missen nu je jongste tweets ervan:

archive.ph/e6Tby

Resultaat is tot en met 9 december, maar je Tweet van vanmorgen ontbreekt.

Ik moest de archief-link sturen, want de zoek-link met URL erin posten mag niet meer.

Deze link mag wel. Hoi, @locuta dit soort zoek...
Oh, zie net dat dan toen een plaatje was omdat je de link niet meer kon sturen. Dan klopt het zoekresultaat inderdaad, maar ook: de zoeklink kun je dus ook niet meer sturen.

Kennelijk mag je het woord Mastodon nog wel gebruiken.

Read 4 tweets
Jeroen Wiert Pluimers @wiert@mastodon.social Profile picture
Dec 14
GVB Tram 1 rijdt vanavond niet vanwege voetbal.

reisinfo.gvb.nl/nl/omleidingen…
En tot die tijd rijdt tram 1 met vertraging: reisinfo.gvb.nl/nl/omleidingen…
En diverse andere bussen en trams ook niet

reisinfo.gvb.nl/nl/omleidingen…
reisinfo.gvb.nl/nl/omleidingen…
reisinfo.gvb.nl/nl/omleidingen…
reisinfo.gvb.nl/nl/omleidingen…
reisinfo.gvb.nl/nl/omleidingen…
https://t.co/d01qr72Oo0
Read 4 tweets
Jeroen Wiert Pluimers @wiert@mastodon.social Profile picture
Dec 11
Hi @MicrosoftHelps, I have a different problem.

When creating an account using Edge on Windows 10 (latest version of both; no plugins; Microsoft Defender in default settings), solving the puzzle loops back to

"Please solve the puzzle so we know you're not a robot." Message: "Please solve the puzzle so we know you're not
It does not matter if you solve the image or audio version.

After solving each puzzle a "create account" briefly appears, then a new puzzle is presented.

This means I cannot create an account for registering a Microsoft license.

How should I proceed creating a MS account? Briefly shown: "Create account"
I tried in an anonymous window and in Chrome (latest version, both normal and anonymous window). All give the same repeating result.
Read 8 tweets
Jeroen Wiert Pluimers @wiert@mastodon.social Profile picture
Dec 9
@NotMyself what happened to iamnotmyself.com/2011/02/13/ref… (it currently returns a 404- error)

I guess quite a few places still link to it and other blog posts, so it would be cool to know if it exists somewhere and if so notify people to update their links.
@NotMyself This returns a few examples: google.com/search?q=https…
@NotMyself I wish @Google hadn't killed the `link:` operator, otherwise google.com/search?q=link%… would have worked.
Read 4 tweets
Jeroen Wiert Pluimers @wiert@mastodon.social Profile picture
Dec 8
@CoryKnox Just saw them, thanks.

Are you sure the

Remove-Item $toolsDir/*.zip

won't trigger

$ErrorActionPreference = 'Stop'; # stop on all errors

in subsequent runs when no zip files exist any more?
@CoryKnox Dang: they made the rules more strict.

community.chocolatey.org/packages/glab/…
@CoryKnox I understand docs.chocolatey.org/en-us/communit…
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(