NTSD

How can the topic turn off a process that is not worthwhile? «Previous Topic | Next Topic» HKFIYON

Published in: 2004-11-17 23:58 Reply Posting: 10 Points: 0 Registration: 2004-10-31 How can I turn off a process that cannot be related to task manager? I found a process in my machine for some time. As long as it is turned on, I can't use the task manager, but everyone help!

--- The farthest distance in the world is not the distance between life and death is not a party, but I am standing in front of you, but I don't know if I love you.

ZZZEVAZZZZZ

Published in: 2004-11-18 09:53 Reply Posting: 208 Points: 0 Registration: 2002-05-13 Killing Process is easy, just find a tool. For example, ICESWORD. The key is to find the startup method of this process, otherwise the next restart it is coming again. By the way, you will teach everyone. In fact, it can kill most processes with Windows: C: /> NTSD-C Q -P PID only System, Smss.exe and CSRSS.exe cannot kill. The first two is pure core, and finally the Win32 subsystem, the NTSD itself needs it.

--- pH4NT0M security teamhttp: //ph4nt0m.org/

Ircadmin

Published in: 2004-11-18 10:33 Reply Posting: 6 Points: 0 Registration: 2004-09-25 Khan. I don't know if there is NTSD ... AlLeesno

Published in: 2004-11-18 10:52 Delete Editing Reply Posting: 467 Points: 0 Registration: 2003-06-06. . . How to get an eVA? NTSD is not bad.

--- 0123456789

Allyesno

Published in: 2004-11-18 10:54 Delete Editing Repand Posting: 467 Points: 0 Registration: 2003-06-06NTSDNTSD A practice also provides software developers. Only the system developers use this command. For more information, see the help files attached in NTSD.

WinXP is really noble, I didn't find usage: ntsd [-?] [-2] [-d] [-g] [-g] [-myob] [-line] [-n] [-o] [-s] [-v] [-w] [-r BreakerRlevel] [-T Printerrorlevel] [-HD] [-PD] [-PE] [-pt #] [-PV] [-x | -x {e | d | N | i} ] [- | -p pid | -z name | command-line | -z crashdmpfile] [-zp crashpagefile] [-premote transport] [-robp] [-adllname] [-c " Command "] [-i imagepath] [-y symbolspath] [-clines #] [-srcpath sourcepath] [-Wake ] [-wake ] [-remote transport: server =

Name, Portid] [-Server Transport: Portid] [-SES] [-sfce] [-sicv] [-snul] [-NOIO] [-failinc] [-NOSHELL] Where: -? Displays this help text command-line Is The Command To Run Under The Debugger - Is The Same As -g -g -o --p -1 -d -pd -adllName Sets The default extension dllname sets the following debugger command -clines Number of Lines of Output History retrieved by a remote client -failinc causes incomplete symbol and module loads to fail -d sends all debugger output to via kernel debugger DbgPrint -d can not be used with debugger remoting -d can only be used when the kernel debugger is enabled -g ignores initial breakpoint in debuggee -G ignores final breakpoint at process termination -hd specifies that the debug heap should not be used for created processes. This only works on Windows Whistler. -o debugs all processes launched by debuggee -p pid specifies the decimal process Id to attach to -pd specifies that the debugger should automatically detach -pe specifies that any attach should be to an existing debug port -pn name specifies the name of the process to attach to -pt # specifies the interrupt timeout -pv specifies that any attach should be noninvasive -r specifies the (0-3) error level to break on (SeeSetErrorLevel) -robp allows breakpoints to be set in read-only memory -t specifies the (0-3) error level to display (SeeSetErrorLevel) - W specifies to debug 16 bit Applications in a Separate VDM -X Sets Second-Chance Break on av eXceptions -x {e | d | n | i}

sets the break status for the specified event -2 creates a separate console window for debuggee -i ImagePath specifies the location of the executables that generated the fault (see _NT_EXECUTABLE_IMAGE_PATH) -lines requests that line number information be used if present -myob ignores version mismatches in DBGHELP.DLL -n enables verbose output from symbol handler -noio disables all I / O for dedicated remoting servers -noshell disables the .shell (!!) command -QR queries for remote servers -s disables lazy symbol loading -ses enables strict symbol loading -sfce fails critical errors encountered during file searching -sicv ignores the CV record when symbol loading -snul disables automatic symbol loading for unqualified names -srcpath specifies the source search path -v enables verbose output from Debugger -wake Wakes Up a sleeping debugger and exits -y specifies the symbol search path (see _NT_SYMBOL_PATH) -z specifies the name of a crash dump file to debug -zp specifies the name of a page.dmp file to use with a crash dump - remote lets you connect to a debugger session started with -server must be the first argument if present transport: tcp | npipe | ssl | spipe | 1394 | com name: machine name on which the debug server was created portid: id of the port the Debugger Server Was Created ON for TCP Use: Port = for npipe us: Pipe = <

Name of Pipe> for 1394 Use: channel = for Com use: port = , baud = , channel = for ssl and spipe see the documentation example: ... -remote npipe: server = yourmachine, pipe = foobar -server creates a debugger session other people can connect to must be the first argument if present transport: tcp | npipe | ssl | spipe | 1394 | com portid: id of the port remote users CAN connection to for tcp us: port = for npipe us: pipe = for 1394 use: channel = for Com use: port = , baud = , Channel = for ssl and spipe see the documentation example: ... -server npipe: Pipe = foobar -premote transport specifies the process server to connect to transport arguments are given as with remotingEnvironment Variables: _NT_SYMBOL_PATH = [Drive:] [Path] Specify symbol image path _NT_ALT_SYMBOL_PATH = [Drive:]. [Path] Specify an alternate symbol image path _NT_DEBUGGER_EXTENSION_PATH = [Drive:]. [ path] Specify a path which should be searched first for extensions dlls _NT_EXECUTABLE_IMAGE_PATH = [Drive:] [path] Specify executable image path _NT_SOURCE_PATH = [Drive:.] [path] Specify source file path _NT_DEBUG_LOG_FILE_OPEN =.

filename If specified, all output will be written to this file from offset 0. _NT_DEBUG_LOG_FILE_APPEND = filename If specified, all output will be APPENDed to this file _NT_DEBUG_HISTORY_SIZE = size Specifies the size of a server's output history in kilobytesControl Keys:. Quit Debugger Break Into Target Force A Break Into Debuggee (Same As Ctrl-C) Debug Current Debugger Print Version InformationNTSD: EXITING - PRESS ENTER ------ 0123456789