Thursday, October 27, 2011


If you're in IT working with Windows and haven't heard of Sysinternals, you may want to check to see if you've been living under a rock.

Sysinternals started as the community or free arm of Winternals, the money making portion of the company. Microsoft purchased Winternals back in 2006 for its IP and brain-trust. Mark Russinovich has been the most active of the original staff, appearing at numerous conferences, blogging and evangelising the Microsoft operating systems.

The Sysinternals site has numerous, extremely useful troubleshooting and informational utilities; so much so I could devote this blog to their tools for the next year or three. Since access to the site is free, as are the downloads, help files and instructions, I'll just highlight a few things here...

Autoruns - Displays list of applications, drivers loaded and much more, that start at boot time. Includes locations of registry and file locations. Great for hunting malware.
Process Explorer - Displays all running processes and subprocesses, plus open handles, threads, paths, a veritable cornucopia of information. Task manager wishes it was this great.
Process Monitor - Allows you to monitor file system, registry, process, thread and DLL activity in real-time.
TCPView - Get detailed listings of all TCP and UDP endpoints on your system, including source and destination.

The Learning Resources are also impressive, with great videos and articles .

And as I mentioned, this is all free.

