Increase in I/O on Hidden TCC Processes

cgunhouse

cgunhouse

Dec 2, 2008
226
2
Canada
When I run the following:

activate "My TCC Process" hide
Where is a detach TCC Process called "My TCC Process", the I/O jumps up to about 16.2 KB and stays there.

2016-03-15_13-47-41.png

If I do:

activate "My TCC Process" restore
It drops back to zero.
 
vefatica

vefatica

May 20, 2008
11,926
124
Syracuse, NY, USA
I can't reproduce it. I only see the beginning and the end.
Code: 
v:\> activate "TCC test" hide & delay 30 & activate "TCC test" restore

upload_2016-3-16_10-47-0.png
 
cgunhouse

cgunhouse

Dec 2, 2008
226
2
Canada
Thread.png

I narrowed it down to the following thread, if I suspend this thread the I/O goes away.
The Stack for this thread is:

Stack.png

and module is:
ModuleThread.png


One other thing that is strange is when I attach Process Monitor (not Process Explorer) to the PID or TID, I get nothing.

I see this on both my Windows 7 and Windows 10 systems.
 
vefatica

vefatica

May 20, 2008
11,926
124
Syracuse, NY, USA
What happens if you use "tcc.exe /iisp" when you start the TCC which will be hidden? That's no inifile, no tcstart file, and no plugins. You can test them independently with "/ii", "/is", and "/ip".
 
vefatica

vefatica

May 20, 2008
11,926
124
Syracuse, NY, USA
Do you use something called "Fallout"? When I google "SfmDxSetSwapChainStats" nearly all hits refer to "Fallout". TCC does not import that function from user32.dll. Perhaps another process is injecting code, or setting an "in-context" hook. Can you see the DLLs loaded by TCC ... anything suspicious there?
 
cgunhouse

cgunhouse

Dec 2, 2008
226
2
Canada
Fallout is a game, and on my Windows 10 system, SfmDxSetSwapChainStats isn't there.

Tried TCC /iisp and no difference.

Thread 9128.png


I was trying to think of what was common between machine but maybe no one else here uses.

Maybe Process Lasso, https://bitsum.com/?inproduct, it could mess with process, but I tried disabling it no difference too.
 
cgunhouse

cgunhouse

Dec 2, 2008
226
2
Canada
Here is what is loaded for one of the TCC doing I/O:

Image:
Modules.png


Mapped files:

Mapped Files.png

I'm not sure what is causing it.

I have something similar with UltraEdit, the licensing module does something similar. Maybe trying to call home but the firewall prevents it and so it keeps trying.
 
vefatica

vefatica

May 20, 2008
11,926
124
Syracuse, NY, USA
I only found "Fallout" because Google had changed my "SfmDxSetSwapChainStats" to "SfmDxGetSwapChainStats".

The only DLL or EXE in my System32 directory that uses "SfmDxSetSwapChainStats" is DWMCORE.DLL (DWM = DesktopWindowManager) which is, no doubt, injected into every app that interacts with the desktop.

I'm out of ideas.
 
You must log in or register to reply here.

Similar threads

Alpengreis
TCMD.INI: The "super hidden" problem ...
Replies
6
Views
2K
Support
Alpengreis
Alpengreis
R
Debugsession must not turn hidden objects on.
Replies
11
Views
2K
Support
Alpengreis
Alpengreis
vefatica
Tabbed toolbar hidden ... not remembered!
Replies
11
Views
2K
Support
rconn
rconn
I
Hidden files on USB Drive
Replies
4
Views
2K
Support
IONx64
I
C
Screens of different size and hidden console
Replies
8
Views
2K
Support
Christian Albaret
C
A
How to? Can't change directory ("cd") into system hidden files
Replies
13
Views
10K
Support
aliteralmind
A
R
WAD issue with filename completion with system and hidden files
Replies
8
Views
2K
Support
Rodolfo
R
D
WAD New envars for @LINES are not hidden
Replies
8
Views
2K
Support
Steve Fabian
S
rps
Documentation Help file revision - Copying hidden DESCRIPT.ION files
Replies
19
Views
3K
Support
Just Another Joe
J
D
Take Command Prevents Seeing Hidden Files
Replies
2
Views
1K
Support
Dnison Penndragon
D
vefatica
Hidden console doesn't close
Replies
34
Views
5K
Support
rconn
rconn
R
Delete command sets directory attributes to hidden & system
Replies
46
Views
9K
Support
Ulrich
U
D
copy /w deletes hidden files and excluded files
Replies
13
Views
4K
Support
David Marcus
D
J
hidden directory copy bug
Replies
1
Views
2K
Support
rconn
rconn
S
OPTION dialog for transient or hidden sessions
Replies
1
Views
2K
Support
vefatica
vefatica
D
Disable line wrap in TCC window?
Replies
14
Views
392
Support
David_Wolfe
D
O
TCC does not pass focus to applications launched by TCC from Windows Terminal
Replies
25
Views
681
Support
ohenryx
O
D
Wacky console messages being dumped into TCC
Replies
1
Views
184
Support
Charles Dye
Charles Dye
Joe Caverly
RECORDER - TCC: (Sys) A resource required for this operation is disabled.
Replies
1
Views
186
Support
Joe Caverly
Joe Caverly
D
tcc.exe /c whatever/... triggers debug messages
Replies
2
Views
270
Support
Daniel Dittmar
D
S
TCC: C:\TC28\TCSTART.btm Take Command is not loaded
Replies
5
Views
583
Support
rconn
rconn
A
Can you set an image file 'tag' with TCC/4NT?
Replies
2
Views
306
Support
vefatica
vefatica
P
PSHELL not working in TCC 26
Replies
11
Views
536
Support
AnrDaemon
A
vefatica
SCRIPT makes TCC disappear.
Replies
16
Views
438
Support
Joe Caverly
Joe Caverly
MickeyF
TCC suddenly crashing (not TCC's fault)
Replies
2
Views
298
Support
MickeyF
MickeyF
Z
CMDDebug - TCC unknown command
Replies
2
Views
261
Support
Joe Caverly
Joe Caverly
rconn
  • Locked
News Take Command / TCC / CMDebug / TCC-RT 28.02.17
Replies
0
Views
277
Support
rconn
rconn
vefatica
TCC startup: /IP not honored after /K
Replies
1
Views
278
Support
Charles Dye
Charles Dye
MickeyF
TCC crashing when copying multiple files (now resolved)
Replies
6
Views
589
Support
Alpengreis
Alpengreis
C
COMSPEC constantly reset to TCC.EXE
Replies
6
Views
487
Support
vefatica
vefatica
rconn
  • Locked
News Take Command / TCC / CMDebug / TCC-RT v28 Released
Replies
0
Views
403
Support
rconn
rconn
C
How to? starting TCC/TCMD v25
Replies
2
Views
376
Support
AnrDaemon
A
CWBillow
TCC and TCMD in Powershell
Replies
6
Views
670
Support
AnrDaemon
A
rconn
  • Locked
News Take Command / TCC / CMDebug / TCC-RT 27.01.24 uploaded
Replies
0
Views
374
Support
rconn
rconn
rconn
  • Locked
News Take Command / TCC / CMDebug / TCC-RT 27.01.23 uploaded
Replies
0
Views
690
Support
rconn
rconn
Alpengreis
Fixed Crash after copy dialog with big TCC.exception.log
Replies
5
Views
579
Support
Alpengreis
Alpengreis
rconn
  • Locked
News Take Command / TCC / CMDebug / TCC-RT v27.01 Build 22 Uploaded
Replies
0
Views
411
Support
rconn
rconn
L
FTYPE in TCC, less quirky than in cmd.exe
Replies
3
Views
657
Support
AnrDaemon
A
V
Set path permanently from within TCC?
Replies
3
Views
554
Support
vintzend
V
DrusTheAxe
Runaway TCC.exception.log filling drive
Replies
5
Views
1K
Support
AnrDaemon
A
rconn
  • Locked
News Take Command / TCC / CMDebug / TCC-RT 27.0.21 uploaded
Replies
0
Views
634
Support
rconn
rconn
Joe Caverly
tcc.exception.log
Replies
3
Views
572
Support
DrusTheAxe
DrusTheAxe
rconn
  • Locked
News Take Command / TCC / CMDebug / TCC-RT 27.0.20 uploaded
Replies
0
Views
400
Support
rconn
rconn
rconn
  • Locked
News Take Command / TCC / CMDebug / TCC-RT 27.0.19
Replies
0
Views
395
Support
rconn
rconn
FreezerBurnt
Help making a CMD and TCC compatible batch file
Replies
7
Views
693
Support
FreezerBurnt
FreezerBurnt
vefatica
SCRIPT ... TCC disappears
Replies
2
Views
467
Support
vefatica
vefatica
rconn
  • Locked
News Take Command / TCC / CMDebug / TCC-RT v27.0.18
Replies
0
Views
443
Support
rconn
rconn
Jesse Heines
Access Denied errors in TCC 27
Replies
9
Views
1K
Support
Jesse Heines
Jesse Heines
fpefpe
How to? tcc inifile (%_ininame)
Replies
3
Views
458
Support
fpefpe
fpefpe
M
How to? Black TCC Prompt
Replies
2
Views
621
Support
rconn
rconn
Top Bottom