1111  sysinternals tools

TechNet Home > Sysinternals Home > Utilities Index
DebugView is an application that lets you monitor debug output on your local system, or any computer on the network that you can reach via TCP/IP. It is capable of displaying both kernel-mode and Win32 debug output, so you don\’t need a debugger to catch the debug output your applications or device drivers generate, nor do you need to modify your applications or drivers to use non-standard debug output APIs.

DebugView works on Windows 95, 98, Me, 2000, XP, Windows Server 2003, Windows for x64 processors and Windows Vista.

DebugView Capture
Under Windows 95, 98, and Me DebugView will capture output from the following sources:
• Win32 OutputDebugString
• Win16 OutputDebugString
• Kernel-mode Out_Debug_String
• Kernel-mode _Debug_Printf_Service
Under Windows NT, 2000, XP, Server 2003 and Vista DebugView will capture:
• Win32 OutputDebugString
• Kernel-mode DbgPrint
• All kernel-mode variants of DbgPrint implemented in Windows XP and Server 2003
DebugView also extracts kernel-mode debug output generated before a crash from Window NT/2000/XP crash dump files if DebugView was capturing at the time of the crash.

DiskMon is an application that logs and displays all hard disk activity on a Windows system. You can also minimize DiskMon to your system tray where it acts as a disk light, presenting a green icon when there is disk-read activity and a red icon when there is disk-write activity.

DiskMon works on NT 4.0 and higher.

Windows 2000 and Higher Implementation
On Windows 2000 and higher Diskmon uses kernel event tracing. Event tracing is documented in the Microsoft Platform SDK and the SDK contains source code to TraceDmp, on which Diskmon is based.

Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you\’ll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you\’ll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

Process Explorer works on Windows 9x/Me, Windows NT 4.0, Windows 2000, Windows XP, Server 2003, and 64-bit versions of Windows for x64 processors, and Windows Vista.

Portmon is a utility that monitors and displays all serial and parallel port activity on a system. It has advanced filtering and search capabilities that make it a powerful tool for exploring the way Windows works, seeing how applications use ports, or tracking down problems in system or application configurations.

Portmon works on NT 4.0, Win2K, XP and Server 2003, Windows 95 and Windows 98.

Note: Filemon and Regmon have been replaced by Process Monitor on versions of Windows starting with Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista. Filemon and Regmon remain for legacy operating system support, including Windows 9x.

Regmon is a Registry monitoring utility that will show you which applications are accessing your Registry, which keys they are accessing, and the Registry data that they are reading and writing – all in real-time. This advanced utility takes you one step beyond what static Registry tools can do, to let you see and understand exactly how programs use the Registry. With static tools you might be able to see what Registry values and keys changed. With Regmon you\’ll see how the values and keys changed..

Regmon works on Windows NT/2000/XP/2003, Windows 95/98/Me and Windows 64-bit for x64.

Note: Filemon and Regmon have been replaced by Process Monitor on versions of Windows starting with Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista. Filemon and Regmon remain for legacy operating system support, including Windows 9x.

FileMon monitors and displays file system activity on a system in real-time. Its advanced capabilities make it a powerful tool for exploring the way Windows works, seeing how applications use the files and DLLs, or tracking down problems in system or application file configurations. Filemon\’s timestamping feature will show you precisely when every open, read, write or delete, happens, and its status column tells you the outcome. FileMon is so easy to use that you\’ll be an expert within minutes. It begins monitoring when you start it, and its output window can be saved to a file for off-line viewing. It has full search capability, and if you find that you\’re getting information overload, simply set up one or more filters.

FileMon works on NT 4.0, Windows 2000, Windows XP, Windows XP and Windows Server 2003 64-bit Edition, Windows 2003 Server, Windows 95, Windows 98 and Windows ME.

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 SP1 and Windows Vista.

Process Monitor\’s user interface and options are similar to those of Filemon and Regmon, but it was written from the ground up and includes numerous significant enhancements, such as:

• Monitoring of process and thread startup and exit, including exit status codes
 
• Monitoring of image (DLL and kernel-mode device driver) loads
 
• More data captured for operation input and output parameters
 
• Non-destructive filters allow you to set filters without losing data
 
• Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation
 
• Reliable capture of process details, including image path, command line, user and session ID
 
• Configurable and moveable columns for any event property
 
• Filters can be set for any data field, including fields not configured as columns
 
• Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data
 
• Process tree tool shows relationship of all processes referenced in a trace
 
• Native log format preserves all data for loading in a different Process Monitor instance
 
• Process tooltip for easy viewing of process image information
 
• Detail tooltip allows convenient access to formatted data that doesn\’t fit in the columna
 

The best way to become familiar with Process Monitor\’s features is to read through the help file and then visit each of its menu items and options on a live system.

历史博文

标签:,
四月 15, 2007 at 10:41 上午 by yippee 1,021 次
Category: English
Tags: ,