Tools for Windows

First of all, there are a few sites on the Internet where you can get information about Windows internals and tools for observing Windows.

An excellent site for information and tools is Sysinternals. This site contains a large selection of tools, source code, and information about Windows NT/2000 internals. The principal author of all of this stuff, Mark Russinovich, is one of the coauthors of the book Inside Windows, the best book on how the Windows NT/2000 operating systems work internally.

Another site containing free, high quality tools is www.smidgeonsoft.com.

A site containing a few free tools and a lot of information is www.wheaty.net. The author of this web site is well known for writing articles and columns about Windows internals for various magazines.

Microsoft has a couple of sites where there are documentation and tools about their operating systems. Their main site is MSDN (Microsoft Developers Network). This is a huge site that contains, among other things, the MSDN Library which is most of Microsoft's documentation for their products.

Another Microsoft site is the online edition of the Windows 2000 Resource Kit. Every Microsoft operating system has a Resource Kit book and they are Microsoft's technical documentation for each of their operating systems. Part of the online Resource Kit site is a page where you can download some of the tools that come on the Resource Kit CD-ROM (most of the tools that come with the Resource Kit are meant for systems administration, but there are some tools useful for observing operating system internals).

Tools for Processes and Threads Chapter 6: Processes and Threads This online chapter from the book Inside Windows is an good reference on processes and threads and the tools used for observing them. Platform SDK: Processes and Threads This is Microsoft's online MSDN documentation about the process and thread functions in the Win32 API. Task Manager (taskmgr.exe) This program comes with Windows NT/2000. Start it by typing the key chord Ctrl-Shift-Esc. Process Viewer (pview.exe or pviewer.exe) This program comes with Visual C++ 6.0. It also comes with Windows 2000 as part of the "Windows 2000 Support Tools" (but the Support Tools are not installed by the Windows 2000 installer). Find it in the Visual C++ 6.0 program group, or install the Support Tools from the Windows 2000 CD-ROM, the Support\Tools\ directory. Process Viewer is also part of the Platform SDK. Performance Monitor (perfmon.exe or perfmon4.exe) The Performance Monitor has two versions. Performance Monitor (perfmon.exe) comes with Windows 2000. Performance Monitor 4 (perfmon4.exe) comes with the Windows 2000 Resource Kit. Performance Monitor 4 is the version that originally came Windows NT 4.0. The program perfmon4.exe has one important feature that perfmon.exe lacks, perfmon4.exe can gather statistics at a rate as fast as 1000 times a second (the fastest rate for perfmon.exe is 1 time per second). QuickSlice (qslice.exe) This program comes with the Windows 2000 Resource Kit. Tlist.exe This command line tool is part of the Windows 2000 Support Tools. Use the command tlist /t to get a tree view of the parent child relationship between processes. Use the command tlist /? to get some help. Process Explorer This program is available from www.sysinternals.com. You need to run this program as the system administrator. In Windows 2000, hold down the shift key and right click on this program's icon and then choose the "Run as..." menu item. API Monitor (apimon.exe) This program comes with the Windows 2000 Resource Kit. API Monitor: rohitab.com This is another API monitoring program. It seems to be easier to use than than Microsoft's version. Process and Thread Status (pstat.exe) This command line tool comes with the Windows 2000 Resource Kit and it also comes with VC++ 6.0 (it is not in the VC++ 6.0 program group but it is stored in the same directory as pview.exe). Process List by User (pulist.exe) This command line tool comes with the Windows 2000 Resource Kit. Pmon.exe This command line tool is part of the Windows 2000 Support Tools. Time-Ordered Processes (top.exe) This command line tool comes with the Windows 2000 Resource Kit (but it is not available over the Internet). Open Handles (oh.exe) This command line tool comes with the Windows 2000 Resource Kit. PsTools This collection of programs is available from www.sysinternals.com. Pmon This program is available from www.sysinternals.com. Frob This program is available from www.sysinternals.com. Tools for Virtual Memory Platform SDK: Memory Management This is Microsoft's online MSDN documentation about the virtual memory management functions in the Win32 API. Managing Virtual Memory in Win32 This is an MSDN article about the virtual memory management functions. dumpbin.exe editbin.exe These two command line tools come with Visual C++. They are in the vc98\bin\ subdirectory of the MS Visual Studio directory. PE Dump (pedump.exe) This program does pretty much what dumpbin.exe does, but this program is documented in an article from MSDN Magazine by the program's author. A version of this program comes with the LCC-Win32 compiler. PEBrowse Another program similar to dumpbin.exe, but this program does far more and this is a Windows GUI based program, instead of a console based command line program, so it is easier to use. Dependency Walker (depends.exe) There are several versions of this program. An old version comes with VC++ 6.0. A newer version comes with the Windows 2000 Support Tools. The current version can be downloaded from the tool's author by using the above link. The older version is easier to use. The newer versions give a lot more information. Process Walker (pwalk.exe) This program has a misleading name. It is a very nice virtual memory mapper program (i.e., it walks a process's virtual memory space, hence its name). This program is one of the Platform SDK sample programs. That means it is distributed in source code form and you have to compile it using VC++ (here is some information about compiling the SDK sample programs).You can find the program on a Visual Studio (or VC++) installer CD-ROM. On my CD-ROM it was in the directory D:\MSDN_VCB\SAMPLES\VC98\SDK\SDKTOOLS\WINNT\WALKER If you have trouble finding it, just do a search of your Visual Studio CD-ROM and search for "pwalk". Page Fault Monitor (pfmon.exe) Virtual Address Dump (vadump.exe) LeakyApp.exe ClearMem.exe These four command line tools come with the Windows 2000 Resource Kit. memsnap.exe This command line tool comes with the Windows 2000 Support Tools. Tools for Files Filemon Diskmon NTFSInfo These programs are available from www.sysinternals.com.