Troubleshooting with the Windows Sysinternals Tools

An update to Windows Sysinternals Administrator’s Reference
By Mark Russinovich and Aaron Margosis
Troubleshooting with the Windows Sysinternals Tools is the official book on the Sysinternals tools, written by tool author and Sysinternals cofounder Mark Russinovich, and Windows expert Aaron Margosis. The book covers all 65+ tools in detail, with full chapters on the major tools like Process Explorer, Process Monitor, and Autoruns. In addition to tips and tricks in the tool chapters, it includes 45 "Case of the Unexplained…" examples of the tools used by users to solve real-world problems. Buy the book today and take your Windows troubleshooting and systems management skills to the next level.

Ordering the Book

You can purchase the book from these online retailers:

You can also read it online through O'REILLY Media.

Description of the Book

IT pros and power users consider the free Windows Sysinternals tools indispensable for diagnosing, troubleshooting, and deeply understanding the Windows platform. In this extensively updated guide, Sysinternals creator Mark Russinovich and expert Windows consultant Aaron Margosis help you use these powerful tools to optimize any Windows system’s reliability, efficiency, performance, and security. The authors first explain Sysinternals’ capabilities and help you get started fast. Next, they offer in-depth coverage of each major tool, from Process Explorer and Process Monitor to Sysinternals’ security and file utilities. Then, building on this knowledge, they show the tools being used to solve real-world cases involving error messages, hangs, sluggishness, malware infections, and much more.

Windows Sysinternals creator Mark Russinovich and Aaron Margosis show you how to:

  • Use Process Explorer to display detailed process and system information
  • Use Process Monitor to capture low-level system events, and quickly filter the output to narrow down root causes
  • List, categorize, and manage software that runs when you start or sign in to your computer, or when you run Microsoft Office or Internet Explorer
  • Verify digital signatures of files, of running programs, and of the modules loaded in those programs
  • Use Autoruns, Process Explorer, Sigcheck, and Process Monitor features that can identify and clean malware infestations
  • Inspect permissions on files, keys, services, shares, and other objects
  • Use Sysmon to monitor security-relevant events across your network
  • Generate memory dumps when a process meets specified criteria
  • Execute processes remotely, and close files that were opened remotely
  • Manage Active Directory objects and trace LDAP API calls
  • Capture detailed data about processors, memory, and clocks
  • Troubleshoot unbootable devices, file-in-use errors, unexplained communication, and many other problems
  • Understand Windows core concepts that aren’t well-documented elsewhere

Sample Chapter

You can read samples from the book at this link on

Table of Contents

  • Part I: Getting started
    • Chapter 1 Getting started with the Sysinternals utilities
    • Chapter 2 Windows core concepts
  • Part II: Usage guide
    • Chapter 3 Process Explorer
    • Chapter 4 Autoruns
    • Chapter 5 Process Monitor
    • Chapter 6 ProcDump
    • Chapter 7 PsTools
    • Chapter 8 Process and diagnostic utilities
    • Chapter 9 Security utilities
    • Chapter 10  Active Directory utilities
    • Chapter 11  Desktop utilities
    • Chapter 12  File utilities
    • Chapter 13  Disk utilities
    • Chapter 14  Network and communication utilities
    • Chapter 15  System information utilities
    • Chapter 16  Miscellaneous utilities
  • Part III: Troubleshooting — "The Case of the Unexplained..."
    • Chapter 17  Error messages
    • Chapter 18  Crashes
    • Chapter 19  Hangs and sluggish performance
    • Chapter 20  Malware
    • Chapter 21  Understanding system behavior
    • Chapter 22  Developer troubleshooting


See the Errata & Updates tab on the Microsoft Press web site