Updated lsproc
I've updated lsproc with some small changes. For one, I made a small change to the detection portion of the script.
The other change I made was to output the creation time of the process rather than the FLink/BLink values. In doing so, I ran across some interesting output. Take a look:
Proc 156 176 winlogon.exe 0x01045d60 Sun Jun 5 00:32:44 2005
Proc 156 176 winlogon.exe 0x01048140 Sat Jun 4 23:36:31 2005
Proc 144 164 winlogon.exe 0x0104ca00 Fri Jun 3 01:25:54 2005
Proc 156 180 csrss.exe 0x01286480 Sun Jun 5 00:32:43 2005
Proc 144 168 csrss.exe 0x01297b40 Fri Jun 3 01:25:53 2005
Proc 8 156 smss.exe 0x012b62c0 Sun Jun 5 00:32:40 2005
Looking at the output, most of the processes seem to have been started on Sun, Jun 5...and yet there are a couple of processes that were started well before then. Definitely something to look into.
As with the other tools, the Perl source and a standalone executable for Windows are available in the archive.
The other change I made was to output the creation time of the process rather than the FLink/BLink values. In doing so, I ran across some interesting output. Take a look:
Proc 156 176 winlogon.exe 0x01045d60 Sun Jun 5 00:32:44 2005
Proc 156 176 winlogon.exe 0x01048140 Sat Jun 4 23:36:31 2005
Proc 144 164 winlogon.exe 0x0104ca00 Fri Jun 3 01:25:54 2005
Proc 156 180 csrss.exe 0x01286480 Sun Jun 5 00:32:43 2005
Proc 144 168 csrss.exe 0x01297b40 Fri Jun 3 01:25:53 2005
Proc 8 156 smss.exe 0x012b62c0 Sun Jun 5 00:32:40 2005
Looking at the output, most of the processes seem to have been started on Sun, Jun 5...and yet there are a couple of processes that were started well before then. Definitely something to look into.
As with the other tools, the Perl source and a standalone executable for Windows are available in the archive.