Thread: Microsoft Sysinternals Tools - Process explorer, regmon, tcpipview, etc
View Single Post
Old 09-04-2008, 01:56 PM   #1 (permalink)
Vertabreaker
SOT N3rd Mod +1
 
Vertabreaker's Avatar
 
Join Date: Aug 2007
Location: The phone booth across the street
Posts: 10,358
Vertabreaker is on a distinguished road
Microsoft Sysinternals Tools - Process explorer, regmon, tcpipview, etc


Quote:
The MS Sysinternals crew has created a number of really useful tools, like the previously mentioned Desktops, TCPView, and Process Explorer. In May, Microsoft put all the downloads together in one place, at live.sysinternals.com.

Fresh off the three-day weekend, they decided to simplify the download process even further by creating a single 8mb file containing their popular troubleshooting utilities.

No, the file doesn't contain the oh-so-fun BSOD screensaver (coming soon to your friend's trojan-infested Windows PC), but it does pack an incredible number of useful tools. Here's a sampling of what's in the file:


AdExplorer: allows viewing, editing, and backup of Active Directory databases

BGInfo: embeds info system like IP, CPU, ram, disk space on the desktop

Contig: single-file defragmenter

PageDefrag: defragments pagining, event log, hibernation, and registry files

RegMon: monitors the Windows registry for changes

RootkitRevealer: helps locate kernel and user-mode rootkits

Sync: Unix-style tool to flush system data to disk

Tons of other apps are included, and it's well worth any admin's time to take a few moments to download.
From the few of them I've read up on, they seem like they could be put to good use. My only question would be what kind of resources will they eat up. I'm gonna download and play with them tonight and see if they're any good. I'll sticky this if they're worth it. Most of them are good from 2000 and up, a few are good from Win98 and up.(including Windows server 2008)

Link to downloads on Microsoft's site:

Sysinternals Suite

You can download them individually or all at once.

Here's an example of Process Explorer and the description:




Quote:
Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
Vertabreaker is offline   Reply With Quote