Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Ran into another issue today where I needed to set and IFEO for the particular instance of SVCHOST.exe running terminal service. Here is the easiest way of doing so:
1) Make a copy of SVCHOST.exe on the server, name it Mysvchost.exe and leave it in %Systemroot%\system32\
2) Open regedit and go to HKLM\System\CurrentControlSet\Services\TermService (this could be whatever service you're trying to isolate)
3) Edit "ImagePath", "%SystemRoot%\system32\svchost.exe -k termsvcs" and change svchost.exe to "Mysvchost.exe"
4) Then I set the IFEO for Mysvchost.exe with NTSD -d which send the output tot he kernel debugger.
5) Reboot
6) In Business
Simple and effective...