| |
There are a number of tools (i.e., programs) available that let you examine Windows internal behavior with respect to processes, threads, virtual memory, files, networking, and various devices. Unfortunately, there is no one source for all of these tool. Some come with Windows, some with Visual Studio, some with the Windows Resource Kits, some with various SDKs, and others are downloaded from the Internet. This page tries to be a guide to some of these tools, where to get them, and a bit about how to use them.
First of all, there are a few sites on the Internet where you can get information about Windows internals and tools for observing Windows.
An excellent site for information and tools is Sysinternals. This site contains a large selection of tools and information about Windows NT/2000/XP/Vista internals. The principal author of all of this stuff, Mark Russinovich, is one of the coauthors of the book Windows Internals, the best book on how the Windows NT/2000/XP/Vista operating systems work internally.
Another site containing free, high quality tools is www.smidgeonsoft.com.
A site containing a few free tools and a lot of information is www.wheaty.net. The author of this web site is well known for writing articles and columns about Windows internals for various magazines.
Microsoft has a couple of sites where there are documentation and tools about their operating systems. Their main site is MSDN (Microsoft Developers Network). This is a huge site that contains, among other things, the MSDN Library which is most of Microsoft's documentation for their products. In particular, one part of the MSDN Library is the Win32 API documentation. This is where we will look up the C functions that our programs use to interface with the Windows operating system.
Microsoft provides two large collections of tools, the "Support Tools" and the "Resource Kit Tools". Most of the tools in these collections are meant for systems administration but there are some tools useful for observing operating system internals. An installer for each of these collections can be downloaded from Microsoft's web servers.
Windows XP Service Pack 2 Support Tools
Windows Server 2003 Resource Kit Tools
And Microsoft also allows you to download certain individual tools from the Windows 2000 Resource Kit.
|
- Tools for Processes and Threads
-
- Platform SDK: Processes and Threads
- This is Microsoft's online MSDN documentation about the process and thread functions in the Win32 API.
- Task Manager (taskmgr.exe)
- This program comes with Windows. Start it by typing the key chord Ctrl-Shift-Esc. It gives you basic information about all running processes.
- Process Viewer 5.2.15.1 (PrcView.exe)
- This easy to use program is similar to Task Manager but gives you far more information about all the running processes.
- Process Explorer
- A very powerful "Task Manager" type program. This program and Process Viewer (just above) compliment each other very well. Get both of them.
- QuickSlice (qslice.exe)
- This program comes with the Windows 2000 Resource Kit. This program has the nice feature of giving a good visual representation of the "user time" vs. "kernel time" of a process and its threads.
- Performance Monitor (perfmon.exe, perfmon.msc, or perfmon4.exe)
- The Performance Monitor has two versions. Performance Monitor (perfmon.exe) comes with Windows 2000/XP and runs as a Microsoft Management Console Snap-in. Performance Monitor 4 (perfmon4.exe) comes with the Windows 2000 Resource Kit. Performance Monitor 4 is the version that originally came Windows NT 4.0. The program perfmon4.exe has one feature that perfmon.exe lacks, perfmon4.exe can gather statistics at a rate as fast as 1000 times a second (the fastest rate for perfmon.exe is 1 time per second).
- API Monitor (apimon.exe)
- This program comes with the Resource Kit.
- API Monitor: rohitab.com
- This is another API monitoring program. It seems to be easier to use than Microsoft's version.
- Process and Thread Status (pstat.exe)
- Process List by User (pulist.exe)
- Timethis (timethis.exe)
- These command line tools are part of the Windows 2000 Resource Kit.
- Process Resource Monitor (pmon.exe)
- Process Viewer (pviewer.exe)
- These command line tools are part of the Windows Server 2003 Resource Kit Tools and/or the Windows XP Service Pack 2 Support Tools.
- Process Explode (pview.exe)
- This interesting program comes with the Platform SDK (at least it did a couple of years ago; I haven't checked the recent PSDK's).
- Tools for Virtual Memory
-
- Platform SDK: Memory Management
- This is Microsoft's online MSDN documentation about the virtual memory management functions in the Win32 API.
- Managing Virtual Memory in Win32
- This is an MSDN article about the virtual memory management functions.
- dumpbin.exe
- editbin.exe
- These two command line tools come with Visual C++ 6. They are in the
vc98\bin\ subdirectory of the MS Visual Studio directory.
- PE Dump (pedump.exe)
- This program does pretty much what dumpbin.exe does, but this program is documented in two articles (part 1 and part 2) from MSDN Magazine by the program's author. A version of this program comes with the LCC-Win32 compiler.
- PEBrowse
- Another program similar to dumpbin.exe, but this program does far more and this is a Windows GUI based program, instead of a console based command line program, so it is easier to use.
- Dependency Walker (depends.exe)
- There are several versions of this program. An old version comes with VC++ 6.0. A newer version comes with the Windows 2000 Support Tools. The current version can be downloaded from the tool's author by using the above link. The older version is easier to use. The newer versions give a lot more information.
- Process Walker (pwalk.exe)
- This program has a misleading name. It is a very nice virtual memory mapper program (i.e., it walks a process's virtual memory space, hence its name). This program is one of the Platform SDK sample programs. That means it is distributed in source code form and you have to compile it using VC++ (here is some information about compiling the SDK sample programs).You can find the program on a Visual Studio 6 (or VC++ 6) installer CD-ROM. On my CD-ROM it was in the directory
D:\MSDN_VCB\SAMPLES\VC98\SDK\SDKTOOLS\WINNT\WALKER
If you have trouble finding it, just do a search of a Visual Studio 6 CD-ROM and search for "pwalk".
- Page Fault Monitor (pfmon.exe)
- Virtual Address Dump (vadump.exe)
- Memory Profiling Tool (memsnap.exe)
- Clear Memory (clearmem.exe)
- Memory Consumers Tool (consume.exe)
- Leaky Application (LeakyApp.exe)
- These five command line tools are part of the Windows Server 2003 Resource Kit Tools and/or the Windows XP Service Pack 2 Support Tools.
- Tools for Files and I/O
-
- Process Monitor
- Filemon
- Regmon
- Diskmon
- TDIMon
- TCPView
- These amazing programs, available from www.sysinternals.com, let you watch all file, disk, registry, and networking activity in real time. They must be run as administrator (hold down the shift key and right click on the program's icon and then choose the "Run as..." menu item).
- Contig
- DiskView
- NTFSInfo
- Three more utilities from www.sysinternals.com that you can use to learn about the Windows file system.
|
|
|
|
