What do you think?
Rate this book
Troubleshooting with the Windows Sysinternals Tools
Optimize Windows system reliability and performance with Sysinternals
IT pros and power users consider the free Windows Sysinternals tools indispensable for diagnosing, troubleshooting, and deeply understanding the Windows platform. In this extensively updated guide, Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis help you use these powerful tools to optimize any Windows system’s reliability, efficiency, performance, and security. The authors first explain Sysinternals’ capabilities and help you get started fast. Next, they offer in-depth coverage of each major tool, from Process Explorer and Process Monitor to Sysinternals’ security and file utilities. Then, building on this knowledge, they show the tools being used to solve real-world cases involving error messages, hangs, sluggishness, malware infections, and much more.
Windows Sysinternals creator Mark Russinovich and Aaron Margosis show you how
Use Process Explorer to display detailed process and system information Use Process Monitor to capture low-level system events, and quickly filter the output to narrow down root causes List, categorize, and manage software that starts when you start or sign in to your computer, or when you run Microsoft Office or Internet Explorer Verify digital signatures of files, of running programs, and of the modules loaded in those programs Use Autoruns, Process Explorer, Sigcheck, and Process Monitor features that can identify and clean malware infestations Inspect permissions on files, keys, services, shares, and other objects Use Sysmon to monitor security-relevant events across your network Generate memory dumps when a process meets specified criteria Execute processes remotely, and close files that were opened remotely Manage Active Directory objects and trace LDAP API calls Capture detailed data about processors, memory, and clocks Troubleshoot unbootable devices, file-in-use errors, unexplained communication, and many other problems Understand Windows core concepts that aren’t well-documented elsewhere
IT pros and power users consider the free Windows Sysinternals tools indispensable for diagnosing, troubleshooting, and deeply understanding the Windows platform. In this extensively updated guide, Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis help you use these powerful tools to optimize any Windows system’s reliability, efficiency, performance, and security. The authors first explain Sysinternals’ capabilities and help you get started fast. Next, they offer in-depth coverage of each major tool, from Process Explorer and Process Monitor to Sysinternals’ security and file utilities. Then, building on this knowledge, they show the tools being used to solve real-world cases involving error messages, hangs, sluggishness, malware infections, and much more.
Windows Sysinternals creator Mark Russinovich and Aaron Margosis show you how
Use Process Explorer to display detailed process and system information Use Process Monitor to capture low-level system events, and quickly filter the output to narrow down root causes List, categorize, and manage software that starts when you start or sign in to your computer, or when you run Microsoft Office or Internet Explorer Verify digital signatures of files, of running programs, and of the modules loaded in those programs Use Autoruns, Process Explorer, Sigcheck, and Process Monitor features that can identify and clean malware infestations Inspect permissions on files, keys, services, shares, and other objects Use Sysmon to monitor security-relevant events across your network Generate memory dumps when a process meets specified criteria Execute processes remotely, and close files that were opened remotely Manage Active Directory objects and trace LDAP API calls Capture detailed data about processors, memory, and clocks Troubleshoot unbootable devices, file-in-use errors, unexplained communication, and many other problems Understand Windows core concepts that aren’t well-documented elsewhere
690 pages, Kindle Edition
Published October 10, 2016
99 people are currently reading
69 people want to read
About the author
Mark E. Russinovich
47 books365 followersMark Russinovich is a Technical Fellow in Windows Azure, Microsoft's cloud operating system group. Russinovich is a widely recognized expert in Windows operating system internals as well as operating system architecture and design.
Russinovich joined Microsoft when Microsoft acquired Winternals software, the company he cofounded in 1996 and where he worked as Chief Software Architect. He is also cofounder of Sysinternals.com, where he wrote and published dozens of popular Windows administration and diagnostic utilities including Autoruns, Process Explorer and Tcpview.
Russinovich coauthored "Windows Internals" and "The Sysinternals Administrator's Reference," both from Microsoft Press, authored the cyberthriller Zero Day, is a Contributing Editor for TechNet Magazine and Senior Contributing Editor for Windows IT Pro Magazine, and has written many articles on Windows internals. He has been a featured speaker at major industry conferences around the world, including Microsoft's TechEd, IT Forum, and Professional Developer's Conference, as well as Windows Connections, Windev, and TechMentor, and has taught Windows internals, troubleshooting and file system and device driver development to companies worldwide, including Microsoft, the CIA and the FBI. Russinovich earned his Ph.D. in computer engineering from Carnegie Mellon University.
Russinovich joined Microsoft when Microsoft acquired Winternals software, the company he cofounded in 1996 and where he worked as Chief Software Architect. He is also cofounder of Sysinternals.com, where he wrote and published dozens of popular Windows administration and diagnostic utilities including Autoruns, Process Explorer and Tcpview.
Russinovich coauthored "Windows Internals" and "The Sysinternals Administrator's Reference," both from Microsoft Press, authored the cyberthriller Zero Day, is a Contributing Editor for TechNet Magazine and Senior Contributing Editor for Windows IT Pro Magazine, and has written many articles on Windows internals. He has been a featured speaker at major industry conferences around the world, including Microsoft's TechEd, IT Forum, and Professional Developer's Conference, as well as Windows Connections, Windev, and TechMentor, and has taught Windows internals, troubleshooting and file system and device driver development to companies worldwide, including Microsoft, the CIA and the FBI. Russinovich earned his Ph.D. in computer engineering from Carnegie Mellon University.
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 3 of 3 reviews
October 15, 2020
I LOVE using the the tools in the Sysinternals Suite. I've learned awesome tricks from Microsoft Gods!!
October 25, 2020
If you deal with troubleshooting windows clients or servers, you need to read this book.
March 18, 2021
A useful, but verbose introduction to the Sysinternals suite. The walkthrough of a Stuxnet infection from the perspective of an analyst using the suite was part of a smooth finish.
Displaying 1 - 3 of 3 reviews