SysInternals Suite

[jcgriff2]

The absolute #1 = SysInternals Suite by Mark Russinovich and Bryce Cogswell - available free from Microsoft TechNet.

~70 stand-alone EXEs - no installation required.

SysInternals Suite - zip file - http://technet.microsoft.com/en-us/sysinternals/bb842062

Live SysInternals - http://live.sysinternals.com/

No home should be without them!

My favorites -
- AutoRuns
- Load Order
- Process Explorer
- Process Monitor

The last two can be configured with Windbg symbol files using local cache or the MSDL SYM site -

[FONT=Lucida Console][PLAIN]SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
[/PLAIN][/FONT]

Regards. . .

John

 

[Corrine]

Updates were posted today for AccessChk v 5.03, Autoruns & Autorunsc v 11.22, ProcMon v 3.0, PsList v 1.3.

 

[Korvan]

Very good post i am going to look into this :)

 

[Fred Garvin]

The Sysinternal tools are excellent stuff and I don't think I've used half of them. Best of all, you can run them off a flash drive. No installation needed.

Fantastic idea for a sub forum, BTW!

 

[Dave76]

Great tools, must have for your rescue USB stick.

 

[zigzag3143]

I have been using bits of these since before Mark was at MS. Absolute life savers.

 

[Vir Gnarus]

Don't forget Mark's excellent reference book on it, the Sysinternals Administrator's Reference!

 

[zigzag3143]

That and Windows Internals 5th are book ends.

 

[jcgriff2]

6th Ed out now -

Windows Internals, Part 1: Covering Windows Server 2008 R2 and Windows 7
by Mark E. Russinovich

I haven't gotten through much of it yet, but it has held my interest.

http://www.amazon.com/s?ie=UTF8&rh=i:aps,k:windows internals 6th edition&page=1

 

[zigzag3143]

Its not a difficult read but there is a lot to absorb. Have it in pdf as well. Seems easier to flip between reading and WinDbg than reading the softcover.

I wonder how much is different between 5 and 6?

 

[usasma]

I've just started reading the 6th Edition. It's significantly different from the 5th Edition, but nowhere near the difference between the 4th and 5th Editions (XP to Vista).

I'm a bit disappointed with it tho', they refer to the other, unpublished chapters and you can't go and look things up there.

 

[Wrench97]

Just got it today, are the chapters referred to from this edition or from previous editions?

 

[zigzag3143]

Well I guess its off to Amazon for the 6th ED. Worth the price and support.

 

[usasma]

Part 1 contains up to Chapter 7 - but the contents shows through Chapter 14.
When I saw the reference to Crash Dump Analysis (Chapter 14) I immediately flipped to the back of the book looking for it.
Imagine my disappointment when I remembered that I only owned "Part 1"!

 

[Vir Gnarus]

Yah, usasma, that seems to be problematic when you can't even access the 2nd half yet!

The reason 4th edition was so radically different to the 5th is because Vista internals are completely altered compared to XP. An entirely new OS structure is going to give good cause for a vastly changed book to reference it. Windows 7 does have its own set of changes, but they're more like improvements or fixes to structural blunders they made in Vista and is therefore not much different as a result.

I've contemplated on getting it, but I believe I can hold off til part 2 pops up, since part 2 covers very important items in OS structure (like the I/O system). However, I don't believe any of it has anything that hasn't changed from what's covered in 5th Edition. The changes Windows 7 made from Vista are primarily on thread scheduling and object handling, which are covered in Part 1 of 6th edition of the book.

 

[Corrine]

https://twitter.com/#!/markrussinovich/status/201336821395886082

@markrussinovich: Heads up: Sysinternals updates coming Monday for Autoruns, Strings, and LiveKd.

 

[jcgriff2]

Nothing out yet.... soon I hope!

http://live.sysinternals.com/

 

[Corrine]

Its still early in Redmond. :)

 

[jcgriff2]

I forgot aboout that!

 

[Wrench97]

What is Dbgview.exe used for?