Monthly Archives: September 2013

Dropping connections to a SQL database

Posted on by

When you are trying to restore a SQL Server database, you might run into the problem of exclusive access, because there are open connections.  You can use this bit of SQL to remove those connections

Use Master
Go

Declare @dbname sysname

Set @dbname = 'name of database you want to drop connections from'

Declare @spid int
Select @spid = min(spid) from master.dbo.sysprocesses
where dbid = db_id(@dbname)
While @spid Is Not Null
Begin
Execute ('Kill ' + @spid)
Select @spid = min(spid) from master.dbo.sysprocesses
where dbid = db_id(@dbname) and spid > @spid
End

 

 

 

Windows 8.1 Everything is blurry and sized too large

Posted on by

I made the mistake of installing Windows 8.1 with the hope that it would fix some of the things I hate about Win8.  Foolish on my part.

Just about everything looked like shit after installation.  Things were sized wrong, text was blurry etc.

After mucking around for a few hours I finally found a fix.  Go to Control Panel->Appearance and Personalization->Display and select “Let me choose one scaling level for all my displays”.

image

Then, on the next screen, select Smaller – 100%

image

One more reboot and things (at least for me) looked back to normal. 

Manliest of blogs

Posted on by

URLai.com will take any blog an analyze the posts to try to figure out info about the writer. 

According to them, I have the 2nd most manly blog of the week!  To 1/2 of 1% overall!  Hell yes!  I’m coming for you webmonkey.com!  Football!  Cars!  Guns!  Meat produts!  Tools and wood working!  Cigars and fighting!
 

image

Getting to the bottom of SVCHost.exe CPU utilization

Posted on by

It’s a common situation.  One of the many SVCHost.exe instances is pegging your CPU.  Here is how you can figure out what service is the culprit.

First, add the Process ID (PID) to the task manager:

image

This will give you a ID that you can match up with this next part.

Open a command prompt and run:

tasklist /svc /fi “imagename eq svchost.exe”

image

This will give you a starting point. Match up the PID of the offending instance of SVCHost with the list of services.   If it isn’t clear what the actual service is from the short name listed under Services, you can find the full names at this registry key:

HKLM\System\CurrentControlSet\Control\Services

From here, you can run Services.msc from a command prompt to get the services management form.  If there are multiple services you need to check, just go through process of elimination by stopping services. 

Filtering with Wireshark and parsing logs with Log Parse Lizard

Posted on by

Recently one of my clients had one of their servers attacked.  The intrusion detection caught it, and I believe a lot of the malicious stuff they were trying were correctly filtered out by asp.net as dangerous requests, but in order to understand more about what was/is going on, I worked with 2 tools to help look at the situation a little deeper.

First, I wanted to look at the live requests coming to the server and see the payloads they contained.  To do this, I installed WireShark on the server, and started to capture traffic.

Wireshark as 2 types of filters: capture filters and display filters.  From the capture side of things, you can really cut down on the noise if you filter out the stuff you don’t care about.  So I used a capture filter of tcp port 80 or tcp port 443

image 

Then, while the capture is running you can type in a display filter so that you can tell if you are getting the specific type of request you are interested in during the current trace.  In this case, I was only interested in http POSTs, so I could use this filter http.request.method == “POST”

image

This way you can let the trace run until you see records start to come through that match both filters.

The other thing I wanted to do was to look at log files to see how the traffic to the site changed over time.  To do this I installed MS Log Parser and the Log Parser Lizard.  With these two tools it allows for a nice UI and SQL queries against the data.  As you can see below, the requests/attacks started at 5:52.

image