| |
There are a number of tools (i.e., programs) available that let you examine Windows internal behavior with respect to processes, threads, virtual memory, files, networking, and various devices. Unfortunately, there is no one source for all of these tool. Some come with Windows, some with Visual Studio, some with the Windows Resource Kits, some with various SDKs, and others are downloaded from the Internet. This page tries to be a guide to some of these tools, where to get them, and a bit about how to use them.
First of all, there are a few sites on the Internet where you can get information about Windows internals and tools for observing Windows.
An excellent site for information and tools is Sysinternals. This site contains a large selection of tools, source code, and information about Windows 2000/XP internals. The principal author of all of this stuff, Mark Russinovich, is one of the coauthors of the book Windows Internals, the best book on how the Windows NT/2000/XP operating systems work internally.
Another site containing free, high quality tools is www.smidgeonsoft.com.
A site containing a few free tools and a lot of information is www.wheaty.net. The author of this web site is well known for writing articles and columns about Windows internals for various magazines.
Microsoft has a couple of sites where there are documentation and tools about their operating systems. Their main site is MSDN (Microsoft Developers Network). This is a huge site that contains, among other things, the MSDN Library which is most of Microsoft's documentation for their products.
Microsoft provides two large collections of tools, the "Support Tools" and the "Resource Kit Tools". Most of the tools in these collections are meant for systems administration but there are some tools useful for observing operating system internals. An installer for each of these collections can be downloaded from Microsoft's web servers.
Windows XP Service Pack 2 Support Tools
Windows Server 2003 Resource Kit Tools
An installer for the Support Tools also comes on the Windows XP installation CD-ROM (look in the \Support\Tools folder on the Windows XP installation disc). And Microsoft also allows you to download certain individual tools from the "Windows 2000 Resource Kit" at this page.
|
- Tools for Processes and Threads
-
- Chapter 6: Processes and Threads
- This online chapter from the book Inside Windows is a good reference on processes and threads and the tools used for observing them.
- Platform SDK: Processes and Threads
- This is Microsoft's online MSDN documentation about the process and thread functions in the Win32 API.
- Task Manager (taskmgr.exe)
- This program comes with Windows. Start it by typing the key chord Ctrl-Shift-Esc. It gives you basic information about all running processes.
- Process Viewer 5.2.15.1 (PrcView.exe)
- This easy to use program is similar to Task Manager but gives you far more information about all the running processes.
- Process Explorer
- A very powerful "Task Manager" type program. This program and Process Viewer (just above) compliment each other very well. Get both of them.
- QuickSlice (qslice.exe)
- This program comes with the Windows 2000 Resource Kit. This program has the nice feature of giving a good visual representation of the "user time" vs. "kernel time" of a process and its threads.
- Performance Monitor (perfmon.exe, perfmon.msc, or perfmon4.exe)
- The Performance Monitor has two versions. Performance Monitor (perfmon.exe) comes with Windows 2000/XP and runs as a Microsoft Management Console Snap-in. Performance Monitor 4 (perfmon4.exe) comes with the Windows 2000 Resource Kit. Performance Monitor 4 is the version that originally came Windows NT 4.0. The program perfmon4.exe has one feature that perfmon.exe lacks, perfmon4.exe can gather statistics at a rate as fast as 1000 times a second (the fastest rate for perfmon.exe is 1 time per second).
- Process Viewer (pviewer.exe)
- This program comes with the Windows Support Tools.
- Process Explode (pview.exe)
- This interesting program comes with the Platform SDK (at least it did a couple of years ago; I haven't checked the recent PSDK's).
- API Monitor (apimon.exe)
- This program comes with the Resource Kit.
- API Monitor: rohitab.com
- This is another API monitoring program. It seems to be easier to use than Microsoft's version.
- Process and Thread Status (pstat.exe)
- This command line tool comes with the Windows 2000 Resource Kit or the Windows XP Support Tools and it also comes with VC++ 6.0 (it is not in the VC++ 6.0 program group but it is stored in the same directory as pview.exe).
- Timethis (timethis.exe)
- Process List by User (pulist.exe)
- Time-Ordered Processes (top.exe)
- These command line tools come with the Windows 2000 Resource Kit.
- Pmon.exe
- This command line tool is part of the both the Support Tools and the Resource Kit Tools.
- Tools for Virtual Memory
-
- Platform SDK: Memory Management
- This is Microsoft's online MSDN documentation about the virtual memory management functions in the Win32 API.
- Managing Virtual Memory in Win32
- This is an MSDN article about the virtual memory management functions.
- dumpbin.exe
- editbin.exe
- These two command line tools come with Visual C++. They are in the
vc98\bin\ subdirectory of the MS Visual Studio directory.
- PE Dump (pedump.exe)
- This program does pretty much what dumpbin.exe does, but this program is documented in an article from MSDN Magazine by the program's author. A version of this program comes with the LCC-Win32 compiler.
- PEBrowse
- Another program similar to dumpbin.exe, but this program does far more and this is a Windows GUI based program, instead of a console based command line program, so it is easier to use.
- Dependency Walker (depends.exe)
- There are several versions of this program. An old version comes with VC++ 6.0. A newer version comes with the Windows 2000 Support Tools. The current version can be downloaded from the tool's author by using the above link. The older version is easier to use. The newer versions give a lot more information.
- Process Walker (pwalk.exe)
- This program has a misleading name. It is a very nice virtual memory mapper program (i.e., it walks a process's virtual memory space, hence its name). This program is one of the Platform SDK sample programs. That means it is distributed in source code form and you have to compile it using VC++ (here is some information about compiling the SDK sample programs).You can find the program on a Visual Studio (or VC++) installer CD-ROM. On my CD-ROM it was in the directory
D:\MSDN_VCB\SAMPLES\VC98\SDK\SDKTOOLS\WINNT\WALKER
If you have trouble finding it, just do a search of your Visual Studio CD-ROM and search for "pwalk".
- Page Fault Monitor (pfmon.exe)
- Virtual Address Dump (vadump.exe)
- ClearMem.exe
- LeakyApp.exe
- These four command line tools come with the Resource Kit.
- memsnap.exe
- This command line tool comes with the Support Tools.
- Tools for Files and I/O
-
- Filemon
- Diskmon
- Regmon
- TDIMon
- TCPView
- These amazing programs, available from www.sysinternals.com, let you watch all file, disk, registry, and networking activity in real time. They must be run as administrator (hold down the shift key and right click on the program's icon and then choose the "Run as..." menu item).
- DiskView
- Contig
- NTFSInfo
- Three more utilities from www.sysinternals.com that you can use to learn about the Windows file system.
|
|
|
|
