Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Hidden Treasures of Sysinternals

Posted by kdawson on from the right-tools-for-the-job dept.

Barence writes "PC Pro contributing editor Jon Honeyball has written a nice feature on the latest treasures to be found on the Windows Sysinternals website. Among them are a tool for creating virtual hard disks from physical drives, a hard disk read-write monitoring tool, and a utility for putting ISO images onto flash drives. They're free, but they're effective."

11 of 356 comments (clear)

  1. Duh by afidel · · Score: 5, Insightful

    There's a reason MS bought the company and hired Mark, he consistently puts out the most useful tools for in the trenches Windows diagnostics. Heck MS's PSS would routinely have you use his tools even before the purchase because nothing they put out internally was nearly as useful.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
    1. Re:Duh by bertok · · Score: 5, Funny

      There's a reason MS bought the company and hired Mark, he consistently puts out the most useful tools for in the trenches Windows diagnostics. Heck MS's PSS would routinely have you use his tools even before the purchase because nothing they put out internally was nearly as useful.

      And the very first thing they did, within mere days of the acquisition, is they took his ultra-efficient, elegant little tools and put a 200KB EULA popup into every one of them.

      A GUI popup.

      Even into the command line tools.

      I threw up in my mouth a little when I saw that.

    2. Re:Duh by Anonymous Coward · · Score: 5, Informative

      Might be a pain, but you can always use the /accepteula command-line switch...

  2. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion

  3. First? by I_have_a_life · · Score: 5, Informative

    Process Explorer is what Windows should ship with instead of task manager.

    Process Monitor is so kick ass... I can't even put it in words.

  4. It's Sysinternals, slashdotters by Anonymous Coward · · Score: 5, Funny

    Not to be confused with the Sisinternals porn website.

  5. free BUT effective by Anonymous Coward · · Score: 5, Funny

    > They're free, but they're effective.

    What an unusual combination of attributes!

  6. Nothing hidden about them... by syousef · · Score: 5, Informative

    They're excellent for a wide range of things. Filemon (now superceded but still available) is an excellent tool for working out what files a piece of software is opening (eg. if you're trying to find config files). Regmon does something similar for the registry. Process explorer is stellar for getting more detail on a process than task manager will ever give (like where the image is running from and what DLLs it's using). Sysinternals filled a gap in diagnostic software. In a Windows environment they're as basic to me as netstat or ping. (speaking of which check out sysinternals tcpview). Especially good for tracing a user mode process right through. There are a lot of other utils to unlock the power of your Windows environment too.

    Two sysinternals that weren't mentioned worth knowing about:

    streams - view or remove hidden file streams attached to a file not normally seen in explorer. Especially good for removing that pesky "downloaded files are bad" warning when something is marked as being from the Internet zone.

    junction - One of a handful of tools that allows you to create junctions (simliar to but not the same as hard directory links) in Windows XP.

    The other non-sys-internals thing that every power user should know about is windbg and the debugging symbols. Indespesible for tracking down the culprit if you get blue screens due to device drivers (though obviously non-developers are not going to be able to do much about fixing the fault apart from downloading a different version or removing the device driver)

    --
    These posts express my own personal views, not those of my employer
  7. For speedy access by Spad · · Score: 5, Informative

    Don't forget live.sysinternals.com for instant access to any of the tools.

  8. Wonderful tools by Sycraft-fu · · Score: 5, Interesting

    These have been available for a long time, used to just be from a site called Sysinternals run by Russonivich before Microsoft hired him. This guy is, literally, the person who wrote the book on Windows. Windows Internals is the current name, used to be called Inside Windows 2000. A wonderful technical document of the internal workings of Windows.

    At any rate, Russonivich produces extremely useful tools. Not the sort of thing you want in the hands of inexperienced users, as many of them can break your system, but extremely powerful. I use them all the time in the course of my job, especially when there's manual malware removal that needs to be done. So far, malware is unaware of the ability to suspend a process, which Process Explorer will do. So you suspend the malware, its watcher process doesn't know to restart it. You then use autoruns to remove the startup entries. At that point you can reboot, it won't start, and you can clean up the residuals.

  9. Re:Be careful using the P2V tool. by klocwerk · · Score: 5, Informative

    It says so in the readme file, and it's a feature not a bug to keep you from hosing your system because you didn't read the readme...

    When you first fire up the new VHD it replaces the disk ID with a new one so that it's unique. This causes much trouble if the computer has two of the same disk ID at the same time when it goes to change one, as you might imagine.

    --

    "You worthless post!"
    -Shakespeare, 2 Gentlemen of Verona, 1. 1. 147