Windows Sysinternals Administrator's Reference

Windows Sysinternals Administrator's Reference

Mark E. Russinovich

Language: English

Pages: 496

ISBN: 073565672X

Format: PDF / Kindle (mobi) / ePub

Windows Sysinternals Administrator's Reference

Mark E. Russinovich

Language: English

Pages: 496

ISBN: 073565672X

Format: PDF / Kindle (mobi) / ePub


Get in-depth guidance—and inside insights—for using the Windows Sysinternals tools available from Microsoft TechNet. Guided by Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis, you’ll drill into the features and functions of dozens of free file, disk, process, security, and Windows management tools. And you’ll learn how to apply the book’s best practices to help resolve your own technical issues the way the experts do.

Diagnose. Troubleshoot. Optimize.

  • Analyze CPU spikes, memory leaks, and other system problems
  • Get a comprehensive view of file, disk, registry, process/thread, and network activity
  • Diagnose and troubleshoot issues with Active Directory
  • Easily scan, disable, and remove autostart applications and components
  • Monitor application debug output
  • Generate trigger-based memory dumps for application troubleshooting
  • Audit and analyze file digital signatures, permissions, and other security information
  • Execute Sysinternals management tools on one or more remote computers
  • Master Process Explorer, Process Monitor, and Autoruns

Using WordPress as a Library Content Management System (Library Technology Reports)

Sociophysics: A Physicist's Modeling of Psycho-political Phenomena

The Gutenberg Elegies: The Fate of Reading in an Electronic Age

Glass Houses: Privacy, Secrecy, and Cyber Insecurity in a Transparent World

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

displays n/a otherwise. This option can be useful in batch files, and it’s best used when specifying a single target file. Command-line options, of course, can be combined. For example, the following command searches the system32 folder hierarchy for unsigned executable files, displaying hashes and detailed version information for those files: sigcheck -u -s -e -a -h c:\windows\system32 Output Format SigCheck normally displays its output as a formatted list, as shown in Figure 8-1. To

and to hide Microsoft and Windows entries. With only third-party and unsigned entries displayed, he quickly found the culprit: an unsigned DLL with a random-looking name registered as a Winlogon notification package that loads a DLL into the Winlogon process. (See Figure 18-3.) He deleted the entry in Autoruns, but found that it was back when he rescanned. Figure 18-3. Autoruns identifying malware registered as a Winlogon notification package. At this point, he went back to Microsoft

PsTools suite) administrative rights for, PsLogList command-line options, PsLogList, PsPasswd continuous mode, PsLogList PsPasswd, PsTools, PsTools, PsLogList, PsLogList, PsPasswd (see also PsTools suite) alternate credentials for, PsTools, PsLogList command-line syntax, PsPasswd PsService, PsTools, PsPasswd, PsPasswd, PsPasswd, PsService, Query, Config, Depend, Find, Find, Find, Find, Find, Find, Find, PsPasswd (see also PsTools suite) administrative rights for, PsPasswd

for processes running under the same account even at a higher integrity level. By default, Procexp reports exact numbers for byte counts. If you enable the Format I/O Bytes Columns option on the View menu, Procexp reports approximations as KB, MB, or GB as appropriate. Note that the attributes’ display names in the column headers have “I/O” prepended. For example, if you enable the “Read Bytes” column on this tab, its column header will show “I/O Read Bytes”. I/O operations. There are four

I/O priority, memory priority, and ideal processor. Clicking the Permissions button displays the security descriptor for the thread—that is, who can perform which actions on the thread. Although this interface allows you to modify permissions on the thread, actually making changes is not advised and will usually lead to unpredictable results. For the System Idle Process, the list box enumerates processors rather than threads. The processor number is shown instead of the Thread ID, and the CPU

Download sample

Download