Sysinternals
Mark Russinovich and Bryce Cogswell make some of the best utilities available for Windows. They ran their site for years on their own, offering their utilities for free, before Microsoft bought them. Their site is now hosted by Microsoft and the stuff is still free.
I have had to support Windows in the Enterprise environment since 1993. If you ever have had to deal with getting vendor applications to live along side your own applications, on top of an ever evolving OS, than you most likely have run into some difficult problems, with everyone pointing their finger at the other guy. These tools help you to see what is actually going on no matter what people are saying.
In the later part of the 90′s I discovered some of these tools. I couldn’t believe how useful they were, how well done they were, and that they were free. I am always using FileMon (a utility that monitors file activity) and RegMon (a utility that monitors registry activity). Every now and then I go a few weeks without having to use on these tools, but it is rare occurance.
I like how it’s possible to filter by process. This allows you to ignore some very chatty programs like Symantec Anti-virus, BigFix, etc. You can select what process to exclude or include. In filemon you can restrict what drives are monitored.
I have helped people solve what seem to be complicated problems using these utilities. Regmon can be used to detect things like incorrect or missing registry entries. FileMon can be used to figure out where programs are looking for files and the status of that activity.
I first used FileMon to fix a problem with a 3rd party application that displayed a simple dialog with no title and only the text “not found”.
What wasn’t found?
Contacting the vendor got no where. You could uninstall and reinstall the application but it wouldn’t work. The problem was that the system drive was D: and the application was installed in “D:\Program Files”, but it was specifically looking in “C:\Program Files”, which didn’t exist. It wasn’t obvious that was going on and the vendor didn’t realize they had a hard coded file reference. Running FileMon for 30 seconds, while the application was started, showed exactly what was going on. The file was put on the C: drive and the application started up fine. The vendor then fixed the application.
I still like to use FileMon when that is all I’m doing, but SysInternals has come out with a better utility. It is called Process Monitor and it combines Filemon and Regmon.
It is worth your time to go to the SysInternals site, download everything they have, and then learn to use them. You will save yourself tons of time in the long run.
I will be writing up more real life examples of using SysInternals Utilities to solve problems. and linking to them from this page.
Links:
Main Sysinternals Site
FileMon
RegMon
Process Monitor
Process Explorer
PsTools
