EventCreate and "ERROR: Source parameter is used to identify custom applications/scripts only"

EventCreate.exe is a command line utility that comes with Windows that lets you write events into the Windows event log and to create custom event sources.  For example, this command line creates an Information event in the Application log, associated with the source “MyStuff”: EventCreate /L APPLICATION /SO MyStuff /ID 1 /T INFORMATION /D “Text…

1

Redefining what "Never doing that again" means… Troubleshooting with the Windows Sysinternals Tools, Second Edition

When people asked me what it was like writing a book, I’d invariably answer, “It was a once in a lifetime experience.  I hope.”  When they asked, “Are you going to write another one?” my answer was always, “No.”  (Actually, my answer was more emphatic than that, but this professional blog site’s policies don’t permit me…

8

VirtMemTest: a utility to exercise memory and other operations

I wrote the first versions of VirtMemTest while working on the Windows Sysinternals Administrator’s Reference.  The utility made it easy for me to perform a variety of memory operations and to observe how different Sysinternals utilities reacted to them.  I eventually added CPU-stress capabilities, hung UI simulation, and crash-on-exit, particularly for exercising ProcDump.  I have…

3

Sysinternals – and Pass the Hash – at TechEd next week.

There are five talks highlighting the Sysinternals utilities at TechEd North America next week in New Orleans.  They all happen to be on Thursday, June 6.  Click the session titles for more information.  The videos should be on Channel 9 within 24 hours of the talks. Hardcore Debugging Andrew RichardsJune 6, 2013 from 10:15AM to…

1