The Case of the Process Startup Delays

re: The Case of the Process Startup Delays

Tabernil — Thu, 31 Aug 2006 20:06:43 GMT

As usually great comments, but something's missing, don't know what :(

re: The Case of the Process Startup Delays

kizzer — Thu, 31 Aug 2006 21:11:32 GMT

Every time I've had these kind of delays, I just shut off Defender and they go away. Not quite as scientific, but there you go!

re: The Case of the Process Startup Delays

George Devore — Thu, 31 Aug 2006 22:07:46 GMT

Although I understood about 1% of that, it's
good to have you back!!! Microsoft has a 'new
foundation' with you two guys there!!!

re: The Case of the Process Startup Delays

SSL — Thu, 31 Aug 2006 22:08:57 GMT

OT but, the links to https images on this blog sucks, Opera and Firefox doesnt have the certificate

re: The Case of the Process Startup Delays

rich — Thu, 31 Aug 2006 22:17:07 GMT

When I encounter any strange problems like this, before doing any investigation, I do the following:

1) Remove any products from Symantec
2) Remove any anti virus or anti spyware products
3) Remove anything from Novell

I find I rarely get to step 3!

re: The Case of the Process Startup Delays

stefan — Thu, 31 Aug 2006 22:29:00 GMT

nice article to read :)

nice

Raphael — Thu, 31 Aug 2006 23:03:10 GMT

Another nice detective story.
Thanks Mark.

re: The Case of the Process Startup Delays

Marvin — Thu, 31 Aug 2006 23:45:58 GMT

Great article.
A small comment on the blog itself though.
Why are all the images .aspx pages (rather than .gif, .jpg etc.)? It prevents my RSS/Atom -> Outlook converter from getting them ;-(

' + title + ' - ' + basename(imgurl) + '(' + w + 'x' + h +')

' + title + ' - ' + basename(imgurl) + '(' + w + 'x' + h +') — Fri, 01 Sep 2006 00:03:07 GMT

PingBack from http://someguywitha.com/2006/08/31/resistance-is-futile/

The -kernelbreaking- work of a staggering genius… « Sharp Reflections

The -kernelbreaking- work of a staggering genius… « Sharp Reflections — Fri, 01 Sep 2006 00:19:34 GMT

PingBack from http://sharpreflections.wordpress.com/2006/08/31/the-kernelbreaking-work-of-a-staggering-genius/

re: The Case of the Process Startup Delays

UL-Tomten — Fri, 01 Sep 2006 00:43:03 GMT

What's that cmd.exe font?

re: The Case of the Process Startup Delays

Aaron — Fri, 01 Sep 2006 02:03:12 GMT

Mark, I am frequently humbled by your blog posts. I'm fairly good with Windows and I have a basic idea of what makes it work. However, my knowledge doesn't even compare to yours. Keep up the good work. MS is lucky to have you...whatever they are paying you, it isnt enough!

~Aaron~

Mark Russinovich's Blog and Tools go to Technet site

External News — Fri, 01 Sep 2006 03:35:01 GMT

Mark's Blog: I’ve been extremely busy here at Microsoft and so haven’t had time to blog until now, but

re: The Case of the Process Startup Delays

Mike — Fri, 01 Sep 2006 05:02:18 GMT

More great Windows sleuthing, Mark.

re: The Case of the Process Startup Delays

D. — Fri, 01 Sep 2006 05:38:44 GMT

I am not worthy!

re: The Case of the Process Startup Delays

Roger Persson — Fri, 01 Sep 2006 10:24:38 GMT

Interesting research Mark! I've always suspected that Windows Defender does a whole lot of extra procedure calls, but I have more problems with our CM software, that does similar actions.

I think this was one of the most technical blogs I've read so far - and by far the most easy to follow...so keep up the good work.

Will follow this blog with interest from here on!

The Case of the Annoying Popups on Mark's New Blog

Patrick Ogenstad — Fri, 01 Sep 2006 11:10:55 GMT

Thanks for the great post! It got me to do a bit of investigative work on my own. I've seen this on a few of other blogs on Technet too.

The first think I see when I view this page (from Firefox) is popup with the title "Website Certified by an Unknown Authority". Why would it involve SSL was my first thought, it turns out that all the pictures in the post are linked by https instead of http.

So how come these images are protected by ssl. I have two theories.

a) It's so people who are using Internet Explorer and are viewing the site https://blogs.technet.com/markrussinovich/ isn't bothered by the message "The page contains both secure and nonsecure items, do you want to display the nonsecure items?"

b) Mark was logged in to his blog authoring software through ssl and just copied the link to the image which in that state was an ssl link.

I'm favoring theory b, I don't think that many people are viewing the site through ssl.

But the mystery itself, why do I get this popup? The certificate for blogs.technet.com chains to a Root CA called "GTE CyberTrust Global Root".

I open up the certificates in Firefox and it does indeed have a trusted root certificate for GTE CyberTrust Global Root. Strange indeed, so the chaining process is failing for some reason. The AIA information seems to be in order too.

Before I fire up Wireshark to see what's happening I do a quick google search, and sure enough Larry beat me to it (http://blogs.msdn.com/larryosterman/archive/2004/06/04/148612.aspx) over two years ago. It turns out that Firefox doesn't follow the OID 1.3.6.1.5.5.7.48.2 when doing certificate chaining.

At the end of Larry's post he said "Now all someone has to do is to file bugs against Mozilla and OpenSSL to get them to fix their certificate validation logic" I guess nobody did, or they ignored it.

But I'm hoping Mark can verify if theory a or b was the correct one.

re: The Case of the Process Startup Delays

Drew — Fri, 01 Sep 2006 11:38:17 GMT

For looking up error codes, have you checked out DavidChr's err.exe? It's available on the intranet on that one server that I won't name publicly that has all the tools. It's also available on the internet downloadable from Microsoft, albeit probably in a slightly older version than the one posted internally. I use it about as frequently as I use SysInternals tools. That's *often*. My only gripe is that it doesn't include CLR exception codes yet.

re: The Case of the Process Startup Delays

Joker — Fri, 01 Sep 2006 12:09:51 GMT

I thought, they would be using Linux there at Microsoft ;-) So they use Windows themselves...

SCNR

re: The Case of the Process Startup Delays

Sean — Fri, 01 Sep 2006 13:41:15 GMT

Good point, well made, Jack!!!

The RMC delays on my PC are at best, annoying.

re: The Case of the Process Startup Delays

Liviu — Fri, 01 Sep 2006 15:26:45 GMT

But why does the hook need to pass the SID anyway?

re: The Case of the Process Startup Delays

Nikhil — Fri, 01 Sep 2006 16:48:12 GMT

Kudos, Mark with you to track down issues like this maybe Microsoft product quality can only go up :)
As far as the case of the certificate popup appearing in Firefox goes I saw Patricks comment and followed his trail to Larry's blog entry (http://blogs.msdn.com/larryosterman/archive/2004/06/04/148612.aspx). I went through the comments there and sure enough a bug was indeed filed in Bugzilla (https://bugzilla.mozilla.org/show_bug.cgi?id=245609). However, it seems there is some question regarding the RFC involved (http://www.ietf.org/rfc/rfc2459.txt) and its validity.

NetrLogonGetTrustRid and RPC

Marc Sherman — Fri, 01 Sep 2006 17:29:35 GMT

Mark, so NetrLogonGetTrustRid on the client side (PE in this case) performs RPC to a function of the *same* name in LSASS.exe? If so, is this just a convention used by NETLOGON when doing RPC? Or is this how RPC works in general? (eg. client side stub RPC's to real function of the same name on server side).

thanks,
Marc

re: The Case of the Process Startup Delays

Justin — Fri, 01 Sep 2006 18:04:55 GMT

Great work, any opinion on this bug as it pertains to the state of windows in general? What I mean is how do you feel about all this code injection surface area that you guys expose in autoruns?

It has been bugging me more and more how windows has so many places code can be placed to startup with the system which seems to have led to the spyware epidemic and now the anti-spyware causing thier own problems.

My point is it seems the solutions are poor bandaids (good autruns fighting bad autoruns causing more running process and recource usage over all), when this stuff should be baked into the design so that 1. There is a consistent well known place for any startup code to be placed (perhaps services and startup folder only). 2. If a program trys to install anything there the user is warned explicity. 3. If the user wants to remove the startup they only need look in 2 places(1 would be ideal) and simply disable or delete startup they don't like.

Now that definetly only helps part of the mainy issues involved in spyware, but its sorta like buffer overuns, autorunners are probably 90% of the problem, and windows defender is like trying to use some C library or code analyzer counter overruns when you should be making a new platform (.net) that inherintly doesnt have those issues.

Would nice to hear your perspective, as autoruns really brings it home when looking at all the obsucre places startup code can be placed and you guys made it.

re: The Case of the Process Startup Delays

Tom — Fri, 01 Sep 2006 18:07:41 GMT

Does anyone else think it's absolutely *insane* that launching Notepad should be this complex? Granted, when you pick it apart there may be a seemingly sane reason for each step, but when you step back and look at the big picture, the bottom line is that you can't simply launch Notepad without domains, RPCs and SIDs getting involved! It amazes me that by the time all this irrelevant overhead has taken place the system even remembers to actually launch Notepad at all.

This is a perfect example of Microsoft's tendency to hypercomplexify everything it creates, and one of the reasons I can't stand them or their products. Unfortunately, I fear this is what will happen to the beautifully straightforward and simply functional Sysinternals tools.

re: The Case of the Process Startup Delays

Ed — Fri, 01 Sep 2006 18:29:26 GMT

Why has the old blog vanished? At least move the posts here...

re: The Case of the Process Startup Delays

Maurice — Fri, 01 Sep 2006 19:21:06 GMT

Excellent article, truly informative. Thanks for the great tools and information. Your knowledge has helped on countless occasions.

Mark Russinovich is Blogging on TechNet

David Ziembicki on Infrastructure Architecture — Fri, 01 Sep 2006 20:27:18 GMT

Mark now has a blog at http://blogs.technet.com/markrussinovich/&nbsp;and starts out with a typically...

re: The Case of the Process Startup Delays

C0D3R — Fri, 01 Sep 2006 22:37:32 GMT

It can be a help to get notified when you are logged on with cached credentials. It's a reminder that something is different about this session when problems present with consistency, but intermittently.

HKLM\...\Winlogon
"ReportControllerMissing"=dword:00000001

HKCU\...\Winlogon
"ReportDC"=dword:00000001

See
http://support.microsoft.com/kb/242536/

re: The Case of the Process Startup Delays

Jon Wold — Fri, 01 Sep 2006 22:50:03 GMT

Mark said: "The initial stack trace only went up as far as the NegotiateTransferSyntax frame, but there were obviously other frames that the symbol engine couldn’t determine. The stack display went further when I had hit the breakpoint I set in OpenLpcPort"

On my windbg when the stack frames are all there for the walking (ie, nobody used EBP for their own scratchpad reg) then whacking the windbg stack backtrace More button will walk further w/o having to unwind the nested calls first. Of course this was 64-bit Windows with which I'm far less familiar (what is that, rbp for amd64 / em64t ? or something completely unintelligible for Itanium ...).

re: The Case of the Process Startup Delays

Brian Murphy-Booth — Fri, 01 Sep 2006 23:35:01 GMT

Just wanted add -

The only reason you didn't see MpShHook.dll on the first callstack (before the breakpoint is set) is because WinDBG only shows the first 20 "frames" by default. If you click the "more" button shown in the upper right of your screen shot you'll see more frames and would see the MpShHook. Breakpoints and registers sounds like more fun though! :-P

Power to the debugger!!

re: The Case of the Process Startup Delays

markrussinovich — Sat, 02 Sep 2006 01:04:26 GMT

Ah, thanks. I never realized that was what the "more" button was for. I haven't done much debugging where the stack was more than 20 frames deep or I needed to look up a stack that far.

re: The Case of the Process Startup Delays

Sebastian — Sat, 02 Sep 2006 01:22:11 GMT

I had the same delay problems, but i don't have the windows defender installed. I removed the domain integration and everything runs fine now.

re: The Case of the Process Startup Delays

Adam Leinss — Sat, 02 Sep 2006 18:37:37 GMT

Good article, but I'm afraid that domain issues when the laptop is not connected are far too common with Windows. We have a few sales guys that come in the office complaining about slow login times. And indeed, login times can take 2 to 3 minutes when not on the domain. Tried many suggestions on the Internet, but I just ended up having them hibernate the laptop to get around the slow login time.

I can even get it to the point where all the event logs are clean and pristine and the login time is still really long. Mind you this only happens on a handful of laptops, not all of them.

re: The Case of the Process Startup Delays

Claus Valca — Sat, 02 Sep 2006 19:50:45 GMT

Mark,

I love your articles! I'm learning so much! It's nice to see you posting again.

I ran into a similar issue with XP Home locking up on my Dad's pc as soon as he hit his desktop.

Using lessons (and your tools) I tracked the issue down to the wuauclt.exe process overloading his CPU.

I've got the troubleshooting experience blogged over at <a href="http://grandstreamdreams.blogspot.com/2006/09/thawing-xp-system.html">Thawing an XP System</a>

Any chance you could take a look into this issue down the road? Or maybe you've run into it already. I'm not on the elite level of process thread breakdown like you!

Cheers!
--Claus

re: The Case of the Process Startup Delays

David Richter — Sun, 03 Sep 2006 02:04:51 GMT

I have learned from your web site zalot. A process context switch involves extracting that address requested from the Kernel Environment protection block and dumping it into the cr3 register of the cpu. The 1024 system file directories that form the mazin system file director has to page from the physcial and the linear. Address space laid out and a thread created. Hoevever, with explorer, the extra attention from the cpu, and subsytem environment only slow that loader that has read the Ds:DX header file so the app, or whater the process ( and relational dll) must have the DLL export the functions that the executable imported. Because of OLE 2, macro and stdin recordings, further user input may divert kernel code. Perhaps the symbolic files that represent the process for pdb info could load into the WinDbg. Changes in functionlity may also involve those cpu instensive sniffers, newtork traversal tools. Or it had an updated hotfix and the function signature differs and therefore does not respond to the API calling it. The, perhaps USER API calls the User32.dll, but is rerouted and packaged as an LPC and routed to the csrss.exe for processing ( before the overhead issue).

re: The Case of the Process Startup Delays

Jeff Gerard — Sun, 03 Sep 2006 08:07:02 GMT

I too have noticed this issue when not connected to the domain. I am not using Defender here either and this is on XP Pro 32-bit.

I have never actually tried to pinpoint the problem because there are just too many things running related to A/V, VPN, etc, but as a general rule, at least in my situation, a reboot and login with cached credentials typically fixes it up for me.

This seems to happen more often when I'm logged into the domain at work, then hibernate, then power on and connect to my home network (from hibernate state).

Nice article though..easy to follow and understand. I firmly believe Microsoft will only benefit by having your skills supporting them behind the scenes.

re: The Case of the Process Startup Delays

Gopi K — Sun, 03 Sep 2006 12:56:13 GMT

Nice article... but the problem is far to common. I don't think there is currently a reliable way to determine DC connectivity for netlogon (or any of the components involved) to behave any differently.

I hope there is a non-intrusive fix to this. thoughts?

re: The Case of the Process Startup Delays

g-n-d.net — Sun, 03 Sep 2006 21:40:00 GMT

Thank you Mark for this article, and any other you share with us too. Regards from Poland.

g-n-d.net

stuart @ amanzi » Blog Archive » Some new feeds for FeedDemon

stuart @ amanzi » Blog Archive » Some new feeds for FeedDemon — Mon, 04 Sep 2006 12:23:01 GMT

PingBack from http://stuart.amanzi.co.nz/2006/09/04/some-new-feeds-for-feeddemon/

re: The Case of the Process Startup Delays

nobody — Mon, 04 Sep 2006 22:29:00 GMT

Why does Windows Defender hook into ShellExecute to monitor starting processes, rather than CreateProcess?

re: The Case of the Process Startup Delays

ddod — Wed, 06 Sep 2006 01:30:21 GMT

Intersting, your RSS link worked fine in Outlook 2007, that is until you moved your blog to Microsft servers. When I try to add your new RSS feed outlook complains that it is invalid.

Otherwise, as always you insights are useful and instructive.

re: The Case of the Process Startup Delays

mpd — Wed, 06 Sep 2006 23:30:57 GMT

@ nobody

"Why does Windows Defender hook into ShellExecute to monitor starting processes, rather than CreateProcess?"

My guess is because ShellExecute opens files whether they're executables, documents, or folders. Defender sees more by hooking ShellExecute than CreateProcess.

re: The Case of the Process Startup Delays

Matt — Thu, 07 Sep 2006 02:41:20 GMT

I have seen this same process start delay on the Tablet PC edition of windows. killing windows defender resolves the performance problem for me.

re: The Case of the Process Startup Delays

umm — Mon, 11 Sep 2006 01:27:51 GMT

i see the same thing on my laptop too
XP PRo 32, NOD32 and SpySweeper loaded.

when not on the DOMAIN, i need to delete any unconnected resources too.
I use batch files for that

RSS?

John — Mon, 11 Sep 2006 18:40:21 GMT

Anyone got any idea why the RSS for this page isn't recognised by Bloglines. I can't get it to subscribe to this blog.

re: The Case of the Process Startup Delays

Dalton Williams — Tue, 12 Sep 2006 21:48:26 GMT

Great post!!! The CEO of my company has called me at least once a week for his slow start up for two years! He does not run Defender though.

Any chances of you running with this further and finding other causes in XP?

What about a patch to fix theis at some point?

Thanks,
Dalton Williams
EVP & CIO WestStar Bank

re: The Case of the Process Startup Delays

Zach — Tue, 12 Sep 2006 22:15:23 GMT

Just thought it was puzzeling that Micrsoft would let you join your personal laptop to their internal network, or maybe they don't know. Nice post! I think I'll be reading your BLOG more often.

Take care,
Zach

Soci blog » Blog Archive » Szeretn??k ??n ??gy debugolni, mint ez a Russinovich gyerek

Sun, 17 Sep 2006 14:25:50 GMT

PingBack from http://soci.hu/blog/index.php/2006/09/17/szeretnek-en-igy-debugolni-mint-ez-a-russinovich-gyerek/

re: The Case of the Process Startup Delays

Vipzen — Mon, 18 Sep 2006 03:27:30 GMT

another great post Mark!
hugs from Brazil

re: The Case of the Process Startup Delays

Muad_Dib — Mon, 18 Sep 2006 09:41:41 GMT

Great job, but :
- I use XP Pro 32 bits
- I'm not connected to any domain (standalone laptop)
- I don't use Defender
and I frequently experience such long and boring delays when I start processes.

So, where is the problem ?

a new challenge for Mark

Ilia Barski — Mon, 18 Sep 2006 17:36:01 GMT

There is a very interesting task that only Mark could implement: to undercover a delays nature by Windows booting. I am afraid it would need a new early activating tool to bring a light splash on the boot scene

re: The Case of the Process Startup Delays

slemaire — Tue, 19 Sep 2006 16:33:15 GMT

The problem exists since a very long time, prior Windows Defender. I experienced it with Win NT 4 and Cygwin utilities few years ago. Some programs were performing pointless inits, which were causing long delay when disconnected from the domain.

re: The Case of the Process Startup Delays

Alexander Suhovey — Wed, 20 Sep 2006 11:31:47 GMT

Hmm, I wonder if everyone is comfortable with Mark revealing internal MS's domain SID...

re: The Case of the Process Startup Delays

Alexander Suhovey — Wed, 20 Sep 2006 13:08:36 GMT

Drew, are you referring to Microsoft Exchange Server Error Code Look-up?
http://www.microsoft.com/downloads/details.aspx?familyid=be596899-7bb8-4208-b7fc-09e02a13696c&displaylang=en

If yes, it's v06.05.7226 (5/24/2004) so it's probably an old version. Could you by chance ask somebody to update this download with latest version?

re: The Case of the Process Startup Delays

Berry — Thu, 21 Sep 2006 15:22:46 GMT

I usually DON'T JOIN any CORPORATE Domain.
I'll just login only to change password...

And everything runs fine

re: The Case of the Process Startup Delays

JoNathon — Thu, 21 Sep 2006 22:40:29 GMT

The workaround I have our laptop users use is, do not plug in your laptop / turn on wireless, until you see the login screen when not at work (connected to the domain).

Ещё об оптимизации приложений

Проверенный чёрт — Thu, 28 Sep 2006 13:28:52 GMT

Я тут ранее упоминал про идентификацию проблем и оптимизацию загрузки Word'а http://ivbeg.livejournal.com/30511.html

re: The Case of the Process Startup Delays

ASB — Tue, 17 Oct 2006 13:01:37 GMT

Good work, Mark, and great explanation.

This accounts for one of the issues I have had recently. However, as quite a few folks have noted here, there are issues that occur in 32-bit XP and 2003, (more so in XP), without the use of Defender, regardless of domain connectivity/status.

Looks like I'm going to have to do the work and uncover them, because they are annoying...

re: The Case of the Process Startup Delays

goz — Tue, 31 Oct 2006 01:33:45 GMT

we need and appreciate people like you

re: The Case of the Process Startup Delays

Anonyass — Wed, 15 Nov 2006 06:21:39 GMT

It's no wonder we've got more cycles then ever before and we're still waiting for our computers. Blooooaaaaat. What ever happened to K.I.S.S.? Don't forget this all started to run a text editor! Geewiz.

re: The Case of the Process Startup Delays

Kevin Wright — Thu, 16 Nov 2006 17:56:55 GMT

I have a Thinkpad laptop with Windows 2000. When I am connected to my employer's network, then standby and go home, when I start working again I notice a long (30-60 second) delay for applications to start.

Recently I discovered that if I unmap all network drives when I am at home, then my applications start almost immediately.

Not sure if this is related to your problem.

Entelliblog » Blog Archive » General Microsoft and MCS. SharePoint and MOSS 2007.

Sat, 18 Nov 2006 05:29:21 GMT

PingBack from http://www.entelliblog.com/?p=4966

The Case of the Delayed Windows Vista File Open Dialogs

Mark's Blog — Mon, 27 Nov 2006 20:38:54 GMT

I was in Barcelona a couple of weeks ago speaking at Microsoft’s TechEd/ITForum conference, where I delivered

Entelliblog » Blog Archive » Terminal Addict

Entelliblog » Blog Archive » Terminal Addict — Wed, 20 Dec 2006 10:17:50 GMT

PingBack from http://www.entelliblog.com/?p=7268

Windows Vista打开对话框延时问题的排错实例

盆盆的博客 — Sun, 21 Jan 2007 08:41:38 GMT

原文作者 Mark Russinovich 翻译作者盆盆 [ITECN站长] ITECN博客 http://blogs.itecn.net/blogs/ 盆盆导读本文由 Mark Russinovich

Entelliblog » Blog Archive » Christoph R egg

Entelliblog » Blog Archive » Christoph R egg — Sun, 11 Feb 2007 03:06:17 GMT

PingBack from http://www.entelliblog.com/?p=10537

re: The Case of the Process Startup Delays

Rob Shearman — Wed, 14 Feb 2007 21:50:41 GMT

FYI, the reason this only affects Windows 2003 and not Windows XP is to do with the RPC_SECURITY_QOS_V3 structure introduced with Windows 2003 that adds a Sid field: http://msdn2.microsoft.com/en-us/library/aa378649.aspx

re: The Case of the Process Startup Delays

Thu, 15 Feb 2007 11:34:48 GMT

If you fancy doing some more digging, I find that whenever compiling with Visual Studio 2003 it causes windows in other unrelated apps to just lock up - e.g. Outlook, Explorer, IE won't repaint properly and appear to be hung. Sometimes, briefly, Explorer windows get the Visual Studio title. Deeply odd! The CPU isn't maxed out by any means. Is there some sort of 'global UI mutex' that MS products use in some way that Visual Studio used badly?

Entelliblog » Blog Archive » Thousands of free tutorials, articles, source code, components

Sun, 04 Mar 2007 03:52:49 GMT

PingBack from http://www.entelliblog.com/?p=11992

re: The Case of the Process Startup Delays

Spencer Ferguson — Sat, 31 Mar 2007 07:11:33 GMT

Way to go, Mark! This was a great read.

re: The Case of the Process Startup Delays

Funbit — Tue, 24 Apr 2007 22:41:51 GMT

Thanks for the great article! Too bad they appear very rarely though..

re: The Case of the Process Startup Delays

Phil Norris — Wed, 16 May 2007 00:21:16 GMT

It's extremely interesting, educational & impressive for me (without programming background) to read how Mark gets to the bottom of the inner workings and shortcomings of Windows. I think Mark explains some complex points very effectively (even I understand a lot of it). A beginners guide to the basics, if there are any basics!, of the Windows kernel would be great from Marks perspective.

I hope working at Microsoft won't stop Mark from discussing the bugs in these OS's to the general public. Great articles, very dedicated.

re: The Case of the Process Startup Delays

JM_White — Mon, 23 Jul 2007 12:43:16 GMT

Broken Link for autorun

Link in blog aritcle:

http://www.sysinternals.com/utilities/autoruns.html

Correct Link for autorun utility (as of 7.23.2007):

http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx

btw Thanks for all the Great SysInternals Utilities - I have Process Explorer set to startup all the time. I just wish there was a GUI shell that provide a mouse drive way to run all the PsTools cmd line utilities. Piping to text files all the time is a bit tedious..

re: The Case of the Process Startup Delays

French reader — Fri, 06 Jun 2008 11:11:12 GMT

Hi Mark!

I tried to reproduce your debugging steps on my own laptop, but I stumbled on a problem early on.

You said that you started by attaching Windbg to PROCESS EXPLORER and then you launched Notepad with PROCESS EXPLORER's Run dialog.

If I attach Windbg to PROCESS EXPLORER, the PE window is frozen and I have no access to its file/run dialog.

On the other hand if I attach Windbg to WINDOWS EXPLORER, PE window is not frozen and I can open notepad from its file/run dialog.

Also the PID number (3460) which appears in you first Windbg's Calls window picture makes me think that Windbg was attached to WINDOWS EXPLORER rather than to PROCESS EXPLORER.

Could you please confirm which process Windbg was attached to in your first debugging step?

Thanks

re: The Case of the Process Startup Delays

Harish — Sun, 23 Nov 2008 16:07:50 GMT

Hi,

I faced the same delays in Windows XP. It takes 5-6 seconds to open any app from run dialog.

Does this explanation fits there too?

Thanks