Synopses & Reviews
Get in-depth guidance—and inside insights—for using the Windows Sysinternals tools available from Microsoft TechNet. Guided by Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis, you’ll drill into the features and functions of dozens of free file, disk, process, security, and Windows management tools. And you’ll learn how to apply the book’s best practices to help resolve your own technical issues the way the experts do.
Diagnose. Troubleshoot. Optimize.
- Analyze CPU spikes, memory leaks, and other system problems
- Get a comprehensive view of file, disk, registry, process/thread, and network activity
- Diagnose and troubleshoot issues with Active Directory
- Easily scan, disable, and remove autostart applications and components
- Monitor application debug output
- Generate trigger-based memory dumps for application troubleshooting
- Audit and analyze file digital signatures, permissions, and other security information
- Execute Sysinternals management tools on one or more remote computers
- Master Process Explorer, Process Monitor, and Autoruns
Synopsis
Get an edge on Windows diagnostics and support—direct from the Sysinternals experts at Microsoft. The Windows Sysinternals tools, available for download from Microsoft TechNet, are designed to help you manage, troubleshoot, and diagnose Windows clients and servers. This Administrator’s Reference provides essential, scenario-based guidance and inside insights to help maximize your work with these tools.
- Get timesaving solutions, workarounds, and troubleshooting tips from Windows internals expert Marc Russinovich and senior MCS consultant Aaron Margosis
- Drill into the features and functions of Sysinternals utilities and references, gleaning practical, hands-on insights for resolving real-world issues
- Learn to work more effectively with utilities for managing, troubleshooting, and optimizing files, disks, processes, security features, networking, maintenance, and other essential operations
About the Author
Mark Russinovich is a Technical Fellow on the Windows Azure team at Microsoft. He is coauthor of the classic Windows Internals book and cofounder of the Sysinternals website. He is a contributing editor for Microsoft TechNet and Windows IT Pro magazine, and speaks at several industry events.
Aaron Margosis is a principal consultant with Microsoft Consulting Services (MCS), the author of the popular MakeMeAdmin and PrivBar tools, and a passionate evangelist for the use of “least privilege” on Windows.
Table of Contents
; Foreword; Introduction; Tools the Book Covers; The History of Sysinternals; Who Should Read This Book; Organization of This Book; Conventions and Features in This Book; System Requirements; Acknowledgments; Errata & Book Support; We Want to Hear from You; Stay in Touch; Getting Started; Chapter 1: Getting Started with the Sysinternals Utilities; 1.1 Overview of the Utilities; 1.2 The Windows Sysinternals Web Site; 1.3 Sysinternals License Information; Chapter 2: Windows Core Concepts; 2.1 Administrative Rights; 2.2 Processes, Threads, and Jobs; 2.3 User Mode and Kernel Mode; 2.4 Handles; 2.5 Call Stacks and Symbols; 2.6 Sessions, Window Stations, Desktops, and Window Messages; Usage Guide; Chapter 3: Process Explorer; 3.1 Procexp Overview; 3.2 Main Window; 3.3 DLLs and Handles; 3.4 Process Details; 3.5 Thread Details; 3.6 Verifying Image Signatures; 3.7 System Information; 3.8 Display Options; 3.9 Procexp as a Task Manager Replacement; 3.10 Miscellaneous Features; 3.11 Keyboard Shortcut Reference; Chapter 4: Process Monitor; 4.1 Getting Started with Procmon; 4.2 Events; 4.3 Filtering and Highlighting; 4.4 Process Tree; 4.5 Saving and Opening Procmon Traces; 4.6 Logging Boot, Post-Logoff, and Shutdown Activity; 4.7 Long-Running Traces and Controlling Log Sizes; 4.8 Importing and Exporting Configuration Settings; 4.9 Automating Procmon: Command-Line Options; 4.10 Analysis Tools; 4.11 Injecting Debug Output into Procmon Traces; 4.12 Toolbar Reference; Chapter 5: Autoruns; 5.1 Autoruns Fundamentals; 5.2 Autostart Categories; 5.3 Saving and Comparing Results; 5.4 AutorunsC; 5.5 Autoruns and Malware; Chapter 6: PsTools; 6.1 Common Features; 6.2 PsExec; 6.3 PsFile; 6.4 PsGetSid; 6.5 PsInfo; 6.6 PsKill; 6.7 PsList; 6.8 PsLoggedOn; 6.9 PsLogList; 6.10 PsPasswd; 6.11 PsService; 6.12 PsShutdown; 6.13 PsSuspend; 6.14 PsTools Command-Line Syntax; 6.15 PsTools System Requirements; Chapter 7: Process and Diagnostic Utilities; 7.1 VMMap; 7.2 ProcDump; 7.3 DebugView; 7.4 LiveKd; 7.5 ListDLLs; 7.6 Handle; Chapter 8: Security Utilities; 8.1 SigCheck; 8.2 AccessChk; 8.3 AccessEnum; 8.4 ShareEnum; 8.5 ShellRunAs; 8.6 Autologon; 8.7 LogonSessions; 8.8 SDelete; Chapter 9: Active Directory Utilities; 9.1 AdExplorer; 9.2 AdInsight; 9.3 AdRestore; Chapter 10: Desktop Utilities; 10.1 BgInfo; 10.2 Desktops; 10.3 ZoomIt; Chapter 11: File Utilities; 11.1 Strings; 11.2 Streams; 11.3 NTFS Link Utilities; 11.4 DU (Disk Usage); 11.5 Post-Reboot File Operation Utilities; Chapter 12: Disk Utilities; 12.1 Disk2Vhd; 12.2 Diskmon; 12.3 Sync; 12.4 DiskView; 12.5 Contig; 12.6 PageDefrag; 12.7 DiskExt; 12.8 LDMDump; 12.9 VolumeID; Chapter 13: Network and Communication Utilities; 13.1 TCPView; 13.2 Whois; 13.3 Portmon; Chapter 14: System Information Utilities; 14.1 RAMMap; 14.2 CoreInfo; 14.3 ProcFeatures; 14.4 WinObj; 14.5 LoadOrder; 14.6 PipeList; 14.7 ClockRes; Chapter 15: Miscellaneous Utilities; 15.1 RegJump; 15.2 Hex2Dec; 15.3 RegDelNull; 15.4 Bluescreen Screen Saver; 15.5 Ctrl2Cap; TroubleshootingThe Case of the Unexplained...”; Chapter 16: Error Messages; 16.1 The Case of the Locked Folder; 16.2 The Case of the Failed AV Update; 16.3 The Case of the Failed Lotus Notes Backups; 16.4 The Case of the Failed Play-To; 16.5 The Case of the Crashing Proksi Utility; 16.6 The Case of the Installation Failure; 16.7 The Case of the Missing Folder Association; 16.8 The Case of the Temporary Registry Profiles; Chapter 17: Hangs and Sluggish Performance; 17.1 The Case of the IExplore-Pegged CPU; 17.2 The Case of the Excessive ReadyBoost; 17.3 The Case of the Slow Keynote Demo; 17.4 The Case of the Slow Project File Opens; 17.5 The Compound Case of the Outlook Hangs; Chapter 18: Malware; 18.1 The Case of the Sysinternals-Blocking Malware; 18.2 The Case of the Process-Killing Malware; 18.3 The Case of the Fake System Component; 18.4 The Case of the Mysterious ASEP; About the Authors;