Troubleshooting with the Windows Sysinternals Tools
2nd Edition
Published on 10. October 2016
648 pages
978-0-13-398651-8 (ISBN)
Description
Optimize Windows system reliability and performance with Sysinternals
IT pros and power users consider the free Windows Sysinternals tools indispensable for diagnosing, troubleshooting, and deeply understanding the Windows platform. In this extensively updated guide, Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis help you use these powerful tools to optimize any Windows system's reliability, efficiency, performance, and security. The authors first explain Sysinternals' capabilities and help you get started fast. Next, they offer in-depth coverage of each major tool, from Process Explorer and Process Monitor to Sysinternals' security and file utilities. Then, building on this knowledge, they show the tools being used to solve real-world cases involving error messages, hangs, sluggishness, malware infections, and much more.
Windows Sysinternals creator Mark Russinovich and Aaron Margosis show you how to:
Use Process Explorer to display detailed process and system information
Use Process Monitor to capture low-level system events, and quickly filter the output to narrow down root causes
List, categorize, and manage software that starts when you start or sign in to your computer, or when you run Microsoft Office or Internet Explorer
Verify digital signatures of files, of running programs, and of the modules loaded in those programs
Use Autoruns, Process Explorer, Sigcheck, and Process Monitor features that can identify and clean malware infestations
Inspect permissions on files, keys, services, shares, and other objects
Use Sysmon to monitor security-relevant events across your network
Generate memory dumps when a process meets specified criteria
Execute processes remotely, and close files that were opened remotely
Manage Active Directory objects and trace LDAP API calls
Capture detailed data about processors, memory, and clocks
Troubleshoot unbootable devices, file-in-use errors, unexplained communication, and many other problems
Understand Windows core concepts that aren't well-documented elsewhere
IT pros and power users consider the free Windows Sysinternals tools indispensable for diagnosing, troubleshooting, and deeply understanding the Windows platform. In this extensively updated guide, Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis help you use these powerful tools to optimize any Windows system's reliability, efficiency, performance, and security. The authors first explain Sysinternals' capabilities and help you get started fast. Next, they offer in-depth coverage of each major tool, from Process Explorer and Process Monitor to Sysinternals' security and file utilities. Then, building on this knowledge, they show the tools being used to solve real-world cases involving error messages, hangs, sluggishness, malware infections, and much more.
Windows Sysinternals creator Mark Russinovich and Aaron Margosis show you how to:
Use Process Explorer to display detailed process and system information
Use Process Monitor to capture low-level system events, and quickly filter the output to narrow down root causes
List, categorize, and manage software that starts when you start or sign in to your computer, or when you run Microsoft Office or Internet Explorer
Verify digital signatures of files, of running programs, and of the modules loaded in those programs
Use Autoruns, Process Explorer, Sigcheck, and Process Monitor features that can identify and clean malware infestations
Inspect permissions on files, keys, services, shares, and other objects
Use Sysmon to monitor security-relevant events across your network
Generate memory dumps when a process meets specified criteria
Execute processes remotely, and close files that were opened remotely
Manage Active Directory objects and trace LDAP API calls
Capture detailed data about processors, memory, and clocks
Troubleshoot unbootable devices, file-in-use errors, unexplained communication, and many other problems
Understand Windows core concepts that aren't well-documented elsewhere
All prices
More details
Edition
2nd edition
Language
English
Place of publication
Boston
United States
Publishing group
Pearson Education (US)
Target group
Professional and scholarly
File size
63,72 MB
ISBN-13
978-0-13-398651-8 (9780133986518)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Other editions
Additional editions
Mark Russinovich | Mark E. Russinovich | Aaron Margosis
Troubleshooting with the Windows Sysinternals Tools
Book
11/2016
2nd Edition
Microsoft Press
€48.99
Shipment within 10-20 days
Persons
Mark Russinovich is Chief Technology Officer of Microsoft Azure, where he oversees the technical strategy and architecture of Microsoft's cloud computing platform. He is a widely recognized expert in distributed systems, operating system internals, and cybersecurity. He is the author of the Jeff Aiken cyberthriller novels, Zero Day, Trojan Horse, and Rogue Code, and co-author of the Microsoft Press Windows Internals books. Russinovich joined Microsoft in 2006 when Microsoft acquired Winternals Software, the company he cofounded in 1996, as well as Sysinternals, where he authors and publishes dozens of popular Windows administration and diagnostic utilities. He is a featured speaker at major industry conferences, including Microsoft Ignite, Microsoft //build, RSA Conference, and more.
Aaron Margosis is a Principal Consultant with Microsoft's Global Cybersecurity Practice, where he has worked with security-conscious customers since 1999. Aaron specializes in Windows security, least-privilege, application compatibility, and the configuration of locked-down environments. He is a top speaker at Microsoft conferences, and created many of the tools commonly used by organizations implementing high-security environments, including LUA Buglight, Policy Analyzer, IE Zone Analyzer, LGPO.exe (Local Group Policy Object utility), and MakeMeAdmin, which can be downloaded through his blog (https://blogs.msdn.microsoft.com/aaron_margosis) or through two team blogs for which he is a primary author (https://blogs.technet.microsoft.com/fdcc and https://blogs.technet.microsoft.com/SecGuide).
Aaron Margosis is a Principal Consultant with Microsoft's Global Cybersecurity Practice, where he has worked with security-conscious customers since 1999. Aaron specializes in Windows security, least-privilege, application compatibility, and the configuration of locked-down environments. He is a top speaker at Microsoft conferences, and created many of the tools commonly used by organizations implementing high-security environments, including LUA Buglight, Policy Analyzer, IE Zone Analyzer, LGPO.exe (Local Group Policy Object utility), and MakeMeAdmin, which can be downloaded through his blog (https://blogs.msdn.microsoft.com/aaron_margosis) or through two team blogs for which he is a primary author (https://blogs.technet.microsoft.com/fdcc and https://blogs.technet.microsoft.com/SecGuide).
Content
Part I Getting started
Chapter 1 Getting started with the Sysinternals utilities
Chapter 2 Windows core concepts
Chapter 3 Process Explorer
Chapter 4 Autoruns
Part II Usage guide
Chapter 5 Process Monitor
Chapter 6 ProcDump
Chapter 7 PsTools
Chapter 8 Process and diagnostic utilities
Chapter 9 Security utilities
Chapter 10 Active Directory utilities
Chapter 11 Desktop utilities
Chapter 12 File utilities
Chapter 13 Disk utilities
Chapter 14 Network and communication utilities
Chapter 15 System information utilities
Chapter 16 Miscellaneous utilities
Part III Troubleshooting-"The Case of the
Chapter 17 Error messages
Chapter 18 Crashes
Chapter 19 Hangs and sluggish performance
Chapter 20 Malware
Chapter 21 Understanding system behavior
Chapter 22 Developer troubleshooting
Chapter 1 Getting started with the Sysinternals utilities
Chapter 2 Windows core concepts
Chapter 3 Process Explorer
Chapter 4 Autoruns
Part II Usage guide
Chapter 5 Process Monitor
Chapter 6 ProcDump
Chapter 7 PsTools
Chapter 8 Process and diagnostic utilities
Chapter 9 Security utilities
Chapter 10 Active Directory utilities
Chapter 11 Desktop utilities
Chapter 12 File utilities
Chapter 13 Disk utilities
Chapter 14 Network and communication utilities
Chapter 15 System information utilities
Chapter 16 Miscellaneous utilities
Part III Troubleshooting-"The Case of the
Chapter 17 Error messages
Chapter 18 Crashes
Chapter 19 Hangs and sluggish performance
Chapter 20 Malware
Chapter 21 Understanding system behavior
Chapter 22 Developer troubleshooting
