Troubleshooting with the Windows Sysinternals Tools
An update to Windows Sysinternals Administrator’s Reference
By Mark Russinovich and Aaron Margosis
Troubleshooting with the Windows Sysinternals Tools is the official book
on the Sysinternals tools, written by tool author and Sysinternals
cofounder Mark Russinovich, and Windows expert Aaron Margosis. The book
covers all 65+ tools in detail, with full chapters on the major tools
like Process Explorer, Process Monitor, and Autoruns. In addition to
tips and tricks in the tool chapters, it includes 45 "Case of the
Unexplained…" examples of the tools used by users to solve real-world
problems. Buy the book today and take your Windows troubleshooting and
systems management skills to the next level.
Ordering the Book
You can purchase the book from these online retailers:
- Microsoft Press Store
- Amazon
- Barnes & Noble
- Independent booksellers – Shop local
You can also read it online through O'REILLY Media.
Description of the Book
IT pros and power users consider the free Windows Sysinternals tools indispensable for diagnosing, troubleshooting, and deeply understanding the Windows platform. In this extensively updated guide, Sysinternals creator Mark Russinovich and expert Windows consultant Aaron Margosis help you use these powerful tools to optimize any Windows system’s reliability, efficiency, performance, and security. The authors first explain Sysinternals’ capabilities and help you get started fast. Next, they offer in-depth coverage of each major tool, from Process Explorer and Process Monitor to Sysinternals’ security and file utilities. Then, building on this knowledge, they show the tools being used to solve real-world cases involving error messages, hangs, sluggishness, malware infections, and much more.
Windows Sysinternals creator Mark Russinovich and Aaron Margosis show you how to:
- Use Process Explorer to display detailed process and system information
- Use Process Monitor to capture low-level system events, and quickly filter the output to narrow down root causes
- List, categorize, and manage software that runs when you start or sign in to your computer, or when you run Microsoft Office or Internet Explorer
- Verify digital signatures of files, of running programs, and of the modules loaded in those programs
- Use Autoruns, Process Explorer, Sigcheck, and Process Monitor features that can identify and clean malware infestations
- Inspect permissions on files, keys, services, shares, and other objects
- Use Sysmon to monitor security-relevant events across your network
- Generate memory dumps when a process meets specified criteria
- Execute processes remotely, and close files that were opened remotely
- Manage Active Directory objects and trace LDAP API calls
- Capture detailed data about processors, memory, and clocks
- Troubleshoot unbootable devices, file-in-use errors, unexplained communication, and many other problems
- Understand Windows core concepts that aren’t well-documented elsewhere
Sample Chapter
You can read samples from the book at this link on Amazon.com.
Table of Contents
- Part I: Getting started
- Chapter 1 Getting started with the Sysinternals utilities
- Chapter 2 Windows core concepts
- Part II: Usage guide
- Chapter 3 Process Explorer
- Chapter 4 Autoruns
- Chapter 5 Process Monitor
- Chapter 6 ProcDump
- Chapter 7 PsTools
- Chapter 8 Process and diagnostic utilities
- Chapter 9 Security utilities
- Chapter 10 Active Directory utilities
- Chapter 11 Desktop utilities
- Chapter 12 File utilities
- Chapter 13 Disk utilities
- Chapter 14 Network and communication utilities
- Chapter 15 System information utilities
- Chapter 16 Miscellaneous utilities
- Part III: Troubleshooting — "The Case of the Unexplained..."
- Chapter 17 Error messages
- Chapter 18 Crashes
- Chapter 19 Hangs and sluggish performance
- Chapter 20 Malware
- Chapter 21 Understanding system behavior
- Chapter 22 Developer troubleshooting
Errata
See the Errata & Updates tab on the Microsoft Press web site