The Hidden Treasures of Sysinternals

Barence writes "PC Pro contributing editor Jon Honeyball has written a nice feature on the latest treasures to be found on the Windows Sysinternals website. Among them are a tool for creating virtual hard disks from physical drives, a hard disk read-write monitoring tool, and a utility for putting ISO images onto flash drives. They're free, but they're effective."

pstools best by far

[Anonymous Coward]

psexec has saved my ass SO many times it's not even funny. psexec \\almostcrashedserver cmd.exe

First?

[I_have_a_life]

Process Explorer is what Windows should ship with instead of task manager.

Process Monitor is so kick ass... I can't even put it in words.

Putting ISO's onto a usb stick and making bootable

[gblackwo]

This is very useful- I was one of the people who stuck the Windows 7 MSDNAA downloaded iso onto a flash drive in order to install it to my desktop and laptop.

The more difficult part for normal users is not extracting the iso to the drive but making the drive bootable- which unless you have a utility (Like the one in the article)- requires some command line work. This would make the process way quicker.

Be careful using the P2V tool.

[mbourgon]

Tried using it on my box as a backup tool for a clean install of Win7. AVOID IF YOU ARE GOING TO USE THE SAME PHYSICAL DRIVE. Windows 7 couldn't mount or boot it. Known issue, and extremely aggravating.

disk2vhd

[micromuncher]

This was a god send to me, after VMWare Converter could not/would not convert a machine of mine, even after registry and driver cleaning, it just failed near the end without a meaningful error message in the log.

I used disk2vhd, booted up the image in VirtualBox, and bingo - working image.

Nothing hidden about them...

[syousef]

They're excellent for a wide range of things. Filemon (now superceded but still available) is an excellent tool for working out what files a piece of software is opening (eg. if you're trying to find config files). Regmon does something similar for the registry. Process explorer is stellar for getting more detail on a process than task manager will ever give (like where the image is running from and what DLLs it's using). Sysinternals filled a gap in diagnostic software. In a Windows environment they're as basic to me as netstat or ping. (speaking of which check out sysinternals tcpview). Especially good for tracing a user mode process right through. There are a lot of other utils to unlock the power of your Windows environment too.

Two sysinternals that weren't mentioned worth knowing about:

streams - view or remove hidden file streams attached to a file not normally seen in explorer. Especially good for removing that pesky "downloaded files are bad" warning when something is marked as being from the Internet zone.

junction - One of a handful of tools that allows you to create junctions (simliar to but not the same as hard directory links) in Windows XP.

The other non-sys-internals thing that every power user should know about is windbg and the debugging symbols. Indespesible for tracking down the culprit if you get blue screens due to device drivers (though obviously non-developers are not going to be able to do much about fixing the fault apart from downloading a different version or removing the device driver)

Re:Duh

[afidel]

Nope, it was reborn as the MS diagnostic and recovery toolset. link [computersplace.com]

For speedy access

[Spad]

Don't forget live.sysinternals.com [sysinternals.com] for instant access to any of the tools.

Re:Best Buy

[Anonymous Coward]

ironically... mark sued geeksquad for using these and his other tools!

Re:Is time for multidesktop for windows?

[strength_of_10_men]

The guy behind sysinternals tried to, and was almost a success, but nope.

Is the failure you're talking about this [microsoft.com]?

What are the shortcomings of Sysinternals' Desktops?

I haven't tried other solutions but I occasionally use this and it works fairly well.

Re:THIS is why I love Windows!

[hduff]

There is nothing like these tools for any other platform on the market. Mark Russinovich is THE MAN!

You mean other than UNIX and Linux systems? I don't see any comparable functionality that is not already available on those systems. It's great that the MS environment gets some useful diagnostic funtionality too; sad they haven't always had it.

Re:It's all stuff that ships with Linux

[heffrey]

Anyone who is capable of using these tools is capable of finding them. Personally, on all machines that I use I copy a folder containing around 200 useful utilities (e.g. grep, ls, cat, cp, bzip2, cpuz, console, depends, ps*, diff, gawk, gzip, less, strings, rapidee, sleep, tar, touch, whoami, whois, zip) and then add it to the path. But, I don't think my mum's going to be using psexec anytime soon.

Re:Performance Monitor

[eeeuh]

Maybe you could give atop http://www.atoptool.nl/ [atoptool.nl] a try?
It shows (per process) disk-IO and nicely integrates cpu/disk/network/io statistics, it can also store statistics for later playback.

When trying to trace which file is getting a lot of IO you might want to take al look at the filedescriptors in /proc//fd in conjunction with lsof/strace. I Don't know of a nicely integrated tool for that unfortunately.

Re:Whatabout Virtualbox?

[MikeDaSpike]

It's possible. Create a hardware profile in the vista partition. In that profile change the hard disk controllers to generic ones. Now you can boot your vista partition without any bluescreens. For how to boot it in VB read section 9 of the VBox manual. http://www.virtualbox.org/manual/UserManual.html#rawdisk [virtualbox.org]

Re:Be careful using the P2V tool.

[klocwerk]

It says so in the readme file, and it's a feature not a bug to keep you from hosing your system because you didn't read the readme...

When you first fire up the new VHD it replaces the disk ID with a new one so that it's unique. This causes much trouble if the computer has two of the same disk ID at the same time when it goes to change one, as you might imagine.

Re:pstools best by far

[afidel]

Uh, it hasn't been third party for a long time.

Re:Duh

[Anonymous Coward]

Might be a pain, but you can always use the /accepteula command-line switch...

Re:Newsid

[jtdennis]

NewSID does work with Vista, but it was retired last year. Russinovich looked into the common belief of why everyone thought we needed to change the SID and determined that it wasn't necessary. His full post is here [technet.com]

Re:First?

[Idbar]

I start using it, because you were able to run a search of the files used by processes. Particularly, when you're trying to move or delete a file and Windows complains that "something is using the file". Since then, it's a must have on any Windows machine I use.

Re:It's all stuff that ships with Linux

[that this is not und]

The Interix package (now called 'Services for Unix' and crippled after Microsoft bought the publisher) runs on the Native API. It's a complete POSIX subsystem that runs alongside the Win32 subsystem, independently.

If you have real Interix, and not the gimped Microsoft product, you have an entire POSIX subsystem. It isn't like cygwin which is just a kludge that runs out of a Win32 dll file.

Back in about 1999 when Softway Systems (the creators of Interix) were looking for direction from their market on which way to go, they sent out a questionnaire to customers asking if they should open-source publish the Interix toolchain. Less than a year later they were bought and absorbed into Microsoft.

Re:It's Sysinternals, slashdotters

[Ksevio]

So that everyone else doesn't have to check, there isn't actually a porn website called "Sisinternals"...yet.

Re:Duh

[0ld_d0g]

bah.. ofcource. The damn tags screwed me over. http://pastebin.com/m622979a6 [pastebin.com]

Does anyone else thing its sad that a technical site has bugs preventing people from pasting code in comments?