Having worked in the software support industry for many years, and now even as a software developer, I’ve lost count of the number of times that Mark Russinovich’s Sysinternals tools have helped me solve seemingly impossible problems. From simple application crashes, to complex file security issues – there has always been a tool in the Sysinternals suite that has at least pointed me in the right direction to solving the problem.

Each tool in the suite has a specific purpose with a plethora of features. My favourites in the suite are:

Process Explorer

Process ExplorerProcess Explorer is a fantastic tool for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

I find Process Explorer extremely useful for tracking down hung processes that are causing excessive CPU usage and malicious process (Malware/Adware). It will even let you drill down in to specific threads of a process that is causing problems.

A few clicks in Process Explorer can sometimes solve the most annoying problems in a simple way.

Autoruns

AutorunsAnother great tool for getting rid of pesky malicious applications that run on start-up. Also excellent at discovering process of applications that may not have uninstalled correctly.

Autoruns has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them.

Process Monitor

Process MonitorProcess Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.

For those more complex issues that deal with things like file/registry permissions, or missing assembly files (and many, many other file or registry related problems).

This tool is definitely the most useful in the suite for investigating unexplainable behaviour.

If you’ve never heard of Sysinternals (Process Explorer, Autoruns, Process Monitor), I highly suggest you take a look at the Sysinternals Technet page.

For an in-depth overview on how you can use these tools to assist you in investigating and troubleshooting unexplainable behaviour with Windows or third party software running on Windows, I would recommend watching the video after the break of one of Mark’s TechEd sessions.

Read More »