Having worked in the software support industry for many years, and now even as a software developer, I’ve lost count of the number of times that Mark Russinovich’s Sysinternals tools have helped me solve seemingly impossible problems. From simple application crashes, to complex file security issues – there has always been a tool in the Sysinternals suite that has at least pointed me in the right direction to solving the problem.
Each tool in the suite has a specific purpose with a plethora of features. My favourites in the suite are:
Process Explorer
Process Explorer is a fantastic tool for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
I find Process Explorer extremely useful for tracking down hung processes that are causing excessive CPU usage and malicious process (Malware/Adware). It will even let you drill down in to specific threads of a process that is causing problems.
A few clicks in Process Explorer can sometimes solve the most annoying problems in a simple way.
Autoruns
Another great tool for getting rid of pesky malicious applications that run on start-up. Also excellent at discovering process of applications that may not have uninstalled correctly.
Autoruns has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them.
Process Monitor
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
For those more complex issues that deal with things like file/registry permissions, or missing assembly files (and many, many other file or registry related problems).
This tool is definitely the most useful in the suite for investigating unexplainable behaviour.
If you’ve never heard of Sysinternals (Process Explorer, Autoruns, Process Monitor), I highly suggest you take a look at the Sysinternals Technet page.
For an in-depth overview on how you can use these tools to assist you in investigating and troubleshooting unexplainable behaviour with Windows or third party software running on Windows, I would recommend watching the video after the break of one of Mark’s TechEd sessions.
Come hear Mark Russinovich, the master of Windows troubleshooting, walk you through step-by-step how he has solved seemingly unsolvable system and application problems on Windows. With all new real case studies, Mark shows how to apply the Microsoft Debugging Tools and his own Sysinternals tools, including Process Explorer and Process Monitor, to solve system crashes, process hangs, security vulnerabilities, DLL conflicts, permissions problems, registry misconfiguration, network hangs, and file system issues. These tools are used on a daily basis by Microsoft Product Support and have been used effectively to solve a wide variety of desktop and server issues, so being familiar with their operation and application will assist you in dealing with different problems on Windows.
Howdy I am so delighted I found your blog The Case of the Unexplained, 2010: Troubleshooting with Mark …, I really found you by accident, while I was researching on Aol for something else, Nonetheless I am here now and would just like to say kudos for a tremendous post and a all round interesting blog (I also love the theme/design), I dont have time to read through it all at the moment but I have saved it and also added in your RSS feeds, so when I have time I will be back to read a lot more, Please do keep up the fantastic work.
Great – I should certainly pronounce, impressed with your web site. I had no trouble navigating through all the tabs as well as related information ended up being truly simple to do to access. I recently found what I hoped for before you know it at all. Reasonably unusual. Is likely to appreciate it for those who add forums or something, web site theme . a tones way for your customer to communicate. Excellent task..