Welcome!

By registering with us, you'll be able to discuss, share and exchange private messages with other members of our community.

SignUp Now!

Increase in I/O on Hidden TCC Processes

cgunhouse

cgunhouse

Dec
231
2
When I run the following:

activate "My TCC Process" hide
Where is a detach TCC Process called "My TCC Process", the I/O jumps up to about 16.2 KB and stays there.

2016-03-15_13-47-41.png

If I do:

activate "My TCC Process" restore
It drops back to zero.
 
I can't reproduce it. I only see the beginning and the end.
Code: 
v:\> activate "TCC test" hide & delay 30 & activate "TCC test" restore

upload_2016-3-16_10-47-0.png
 
Thread.png

I narrowed it down to the following thread, if I suspend this thread the I/O goes away.
The Stack for this thread is:

Stack.png

and module is:
ModuleThread.png


One other thing that is strange is when I attach Process Monitor (not Process Explorer) to the PID or TID, I get nothing.

I see this on both my Windows 7 and Windows 10 systems.
 
What happens if you use "tcc.exe /iisp" when you start the TCC which will be hidden? That's no inifile, no tcstart file, and no plugins. You can test them independently with "/ii", "/is", and "/ip".
 
Do you use something called "Fallout"? When I google "SfmDxSetSwapChainStats" nearly all hits refer to "Fallout". TCC does not import that function from user32.dll. Perhaps another process is injecting code, or setting an "in-context" hook. Can you see the DLLs loaded by TCC ... anything suspicious there?
 
Fallout is a game, and on my Windows 10 system, SfmDxSetSwapChainStats isn't there.

Tried TCC /iisp and no difference.

Thread 9128.png


I was trying to think of what was common between machine but maybe no one else here uses.

Maybe Process Lasso, https://bitsum.com/?inproduct, it could mess with process, but I tried disabling it no difference too.
 
Here is what is loaded for one of the TCC doing I/O:

Image:
Modules.png


Mapped files:

Mapped Files.png

I'm not sure what is causing it.

I have something similar with UltraEdit, the licensing module does something similar. Maybe trying to call home but the firewall prevents it and so it keeps trying.
 
I only found "Fallout" because Google had changed my "SfmDxSetSwapChainStats" to "SfmDxGetSwapChainStats".

The only DLL or EXE in my System32 directory that uses "SfmDxSetSwapChainStats" is DWMCORE.DLL (DWM = DesktopWindowManager) which is, no doubt, injected into every app that interacts with the desktop.

I'm out of ideas.
 
You must log in or register to reply here.

Similar threads

J
How to increase font size in file explorer
Replies
4
Views
189
Charles Dye
Charles Dye
Alpengreis
TCMD.INI: The "super hidden" problem ...
Replies
6
Views
3K
Alpengreis
Alpengreis
R
Debugsession must not turn hidden objects on.
Replies
11
Views
3K
Alpengreis
Alpengreis
vefatica
Tabbed toolbar hidden ... not remembered!
Replies
11
Views
2K
rconn
rconn
I
Hidden files on USB Drive
Replies
4
Views
2K
IONx64
I
C
Screens of different size and hidden console
Replies
8
Views
2K
Christian Albaret
C
A
How to? Can't change directory ("cd") into system hidden files
Replies
13
Views
11K
aliteralmind
A
R
WAD issue with filename completion with system and hidden files
Replies
8
Views
2K
Rodolfo
R
D
WAD New envars for @LINES are not hidden
Replies
8
Views
2K
Steve Fabian
S
rps
Documentation Help file revision - Copying hidden DESCRIPT.ION files
Replies
19
Views
4K
Just Another Joe
J
D
Take Command Prevents Seeing Hidden Files
Replies
2
Views
2K
Dnison Penndragon
D
vefatica
Hidden console doesn't close
2
Replies
34
Views
6K
rconn
rconn
R
Delete command sets directory attributes to hidden & system
2
Replies
46
Views
10K
Ulrich
U
D
copy /w deletes hidden files and excluded files
Replies
13
Views
4K
David Marcus
D
J
hidden directory copy bug
Replies
1
Views
3K
rconn
rconn
S
OPTION dialog for transient or hidden sessions
Replies
1
Views
3K
vefatica
vefatica
F
How do I make TCC use pwsh.exe instead of powershell.exe?
Replies
5
Views
244
Chasman
C
Flemming
CMdebugger, TCC v 29
Replies
2
Views
183
Joe Caverly
Joe Caverly
D
TCC finicky with external keystroke apps?
Replies
2
Views
198
David_Wolfe
D
C
pshell command crashes TCC process entirely
Replies
2
Views
209
ClioCJS
C
C
WAD could i get a TCC dev (Rexx?) to comment on this github thread for windows terminal about which method TCC uses to clear the screen?
Replies
8
Views
399
vefatica
vefatica
rconn
  • Locked
News Take Command / TCC / CMDebug / TCC-RT 30.0.22 released
Replies
0
Views
165
rconn
rconn
H
Right click in explorer offers to open with Take Command or TCC
Replies
3
Views
243
ohenryx
O
rconn
  • Locked
News Take Command / TCC / CMDebug / TCC-RT 30.0.21 Released
Replies
0
Views
169
rconn
rconn
rconn
  • Locked
News Take Command / T C / CMDebug / TCC-RT v30.0.19 Released
Replies
0
Views
150
rconn
rconn
C
TCC window completely disappearing(!!!), sometimes(?) crashing, if Windows Terminal is running (or maybe even, if it's simply *been* run)
Replies
9
Views
304
ClioCJS
C
J
TCC 30 issues
Replies
9
Views
347
vefatica
vefatica
Dick Johnson
TCC 30 virus
Replies
2
Views
212
ohenryx
O
rconn
  • Locked
News Take Command / TCC / CMDebug / TCC-RT Version 30 Released
Replies
0
Views
210
rconn
rconn
D
BTM file closes TCC
Replies
7
Views
471
rconn
rconn
cgunhouse
DEPUPE Crashes and Takes Out The Current TCC Session With It
Replies
8
Views
440
cgunhouse
cgunhouse
aedthuio
TCC Bug??
Replies
6
Views
364
vefatica
vefatica
K
How to? TCC 29 slow switching between tab windows.
Replies
15
Views
582
K1EA
K
vefatica
Wrapped text - mouse\mark\copy\paste in a TCC console?
Replies
0
Views
223
vefatica
vefatica
Charles Dye
Quote mangling in TCC
Replies
1
Views
349
vefatica
vefatica
Joe Caverly
Sharing CLIP1 to CLIP9 with another TCC
Replies
4
Views
374
vefatica
vefatica
rconn
  • Locked
News Take Command / TCC / CMDebug / TCC-RT 29.0.17 Uploaded
Replies
0
Views
320
rconn
rconn
R
TCC 29 has its own keyboard buffer?
Replies
2
Views
294
vefatica
vefatica
J
Bug dotnet watch run in TakeCommand with a tcc or cmd prompt
Replies
17
Views
624
vefatica
vefatica
fishman@panix.com
Fixed Can't install TC/TCC 29
Replies
2
Views
403
[email protected]
fishman@panix.com
M
TCC 29: German special characters öäüÖÄÜß are not shown at all
Replies
19
Views
857
K_Meinhard
K_Meinhard
S
TCC debugger throws message on end of attrib
Replies
27
Views
911
sg08234
S
vefatica
Something in my INI file is slowing TCC down
Replies
9
Views
532
Alpengreis
Alpengreis
A
TCC is now starting inside Windows 11 PowerShell
Replies
5
Views
592
ohenryx
O
D
Disable line wrap in TCC window?
Replies
14
Views
956
David_Wolfe
D
O
TCC does not pass focus to applications launched by TCC from Windows Terminal
Replies
25
Views
1K
ohenryx
O
D
Wacky console messages being dumped into TCC
Replies
1
Views
441
Charles Dye
Charles Dye
Joe Caverly
RECORDER - TCC: (Sys) A resource required for this operation is disabled.
Replies
1
Views
463
Joe Caverly
Joe Caverly
D
tcc.exe /c whatever/... triggers debug messages
Replies
2
Views
516
Daniel Dittmar
D
S
TCC: C:\TC28\TCSTART.btm Take Command is not loaded
Replies
5
Views
950
rconn
rconn
Back
Top