Try these most powerful windows tools – Sysinternals Suite
Sysinternals utilities are set of tools by which you can gain insight of windows OS as well as use them to troubleshoot Bug check & Performance and many other issues. These utilities are provided by Microsoft and can be download from Microsoft TechNet. Almost every system administrator must be aware of these utilities, as with the help of these utilities you can do every administrator task on the system. As these tools are bundled together and portable so you don’t need to install them, you can use these utilities from any downloaded location and use. (Some Utilities needs to be run from Command Prompt) Sysinternals suite provides way beyond the functionality of native Windows tools and provides some fairly advanced capabilities.
Here are the top sysinternals utilities that are really helpful…
Procmon: Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon. By this utility we could know what files are being written to by which process, and where things are stored in the registry, and which files are accessing them.
Process Explorer: ProcExp is same as task manager but its more advanced version of task manager, it displays the loaded or opened handles and DLLs info for the running processes. The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work. Screenshots given below:
ProcDump: One of the most important utility to monitor the CPU spikes and generating the memory dump at the time of the spike to know the exact issue behind high CPU spikes. This utility can be only used with command prompt with multiple switches, such as –c, -cl, -a, -h.
Remember this is the only utility to troubleshoot high CPU spikes issues. Refer ProcDump link for Switch usage.
RamMap: This utility shows the detailed memory usage and distribution of memory to kernel and device drivers. The detailed view of this tool is shown as below and it will show memory usage statistics as:
- Use Counts:usage summary by type and paging list
- Processes:process working set sizes
- Priority Summary:prioritized standby list sizes
- Physical Pages:per-page use for all physical memory
- Physical Ranges:physical memory addresses
- File Summary:file data in RAM by file
- File Details:individual physical pages by file
Use RamMap to get knowledge of how windows memory management, kernel memory, types, application memory usage, and memory allocation.
TCPView is the part of networking utilities which monitors the real time TCP and UDP traffic with Local and Remote IP addresses. When you start TCPView it will enumerate all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions.
Tcpvcon usage is similar to that of the built-in Windows netstat utility:
Usage: tcpvcon [-a] Show all endpoints (default is to show established TCP connections).
[-c] Print output as CSV
[-n] [process name or PID] Don’t resolve addresses
BGInfo : This tool is used to see windows OS configuration statistics as a desktop wallpaper. It automatically displays relevant information about a Windows computer on the desktop’s background, such as the computer name, IP address, service pack version, and more. However we can edit the settings to show as well. If we need to run this tool automatically after every boot, we can place the tool exe file in the Startup folder.
NotmyFault: This is most important tool which can used to crash, hang and can cause windows memory leaks. It’s useful for learning how to identify and diagnose device driver and hardware problems, and it also used to force Windows OS to crash to bluescreen incase, system is misbehaving. Below are the options that to get if you need to use this tool: