Troubleshooting with the Windows Sysinternals Tools, 2nd Edition

About

Features

• Process Explorer, Process Monitor, and 70 other powerful (and free!) utilities
• Applicable to all technical roles on Windows, including hobbyists, developers, and researchers
• Includes an expanded “Case of the Unexplained," detailed coverage of new tools and updated features in existing tools, and a “Procmon and ProcDump, Better Together” feature demonstrating new capabilities that the tools now enable in each other

Description

Optimize Windows system reliability and performance with Sysinternals

IT pros and power users consider the free Windows Sysinternals tools indispensable for diagnosing, troubleshooting, and deeply understanding the Windows platform. In this extensively updated guide, Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis help you use these powerful tools to optimize any Windows system’s reliability, efficiency, performance, and security. The authors first explain Sysinternals’ capabilities and help you get started fast. Next, they offer in-depth coverage of each major tool, from Process Explorer and Process Monitor to Sysinternals’ security and file utilities. Then, building on this knowledge, they show the tools being used to solve real-world cases involving error messages, hangs, sluggishness, malware infections, and much more.

Windows Sysinternals creator Mark Russinovich and Aaron Margosis show you how to:

• Use Process Explorer to display detailed process and system information
• Use Process Monitor to capture low-level system events, and quickly filter the output to narrow down root causes
• List, categorize, and manage software that starts when you start or sign in to your computer, or when you run Microsoft Office or Internet Explorer
• Verify digital signatures of files, of running programs, and of the modules loaded in those programs
• Use Autoruns, Process Explorer, Sigcheck, and Process Monitor features that can identify and clean malware infestations
• Inspect permissions on files, keys, services, shares, and other objects
• Use Sysmon to monitor security-relevant events across your network
• Generate memory dumps when a process meets specified criteria
• Execute processes remotely, and close files that were opened remotely
• Manage Active Directory objects and trace LDAP API calls
• Capture detailed data about processors, memory, and clocks
• Troubleshoot unbootable devices, file-in-use errors, unexplained communication, and many other problems
• Understand Windows core concepts that aren’t well-documented elsewhere

Sample Content

Sample Pages

Download the sample pages (includes Chapter 4 and the Index.)

Table of Contents

• Part I Getting started
• Chapter 1 Getting started with the Sysinternals utilities
• Chapter 2 Windows core concepts
• Chapter 3 Process Explorer
• Chapter 4 Autoruns
• Part II Usage guide
• Chapter 5 Process Monitor
• Chapter 6 ProcDump
• Chapter 7 PsTools
• Chapter 8 Process and diagnostic utilities
• Chapter 9 Security utilities
• Chapter 10 Active Directory utilities
• Chapter 11 Desktop utilities
• Chapter 12 File utilities
• Chapter 13 Disk utilities
• Chapter 14 Network and communication utilities
• Chapter 15 System information utilities
• Chapter 16 Miscellaneous utilities
• Part III Troubleshooting—“The Case of the
• Chapter 17 Error messages
• Chapter 18 Crashes
• Chapter 19 Hangs and sluggish performance
• Chapter 20 Malware
• Chapter 21 Understanding system behavior
• Chapter 22 Developer troubleshooting

Updates

Submit Errata