Sysinternals – A Multi-toolkit suite for Windows
Sysinternals website provides utilities, tools, and technical resources to monitor, diagnose, troubleshoot and manage Windows systems and applications. It is a live service that allows execution of its tools directly from the web without manually searching and downloading them, but just entering the path into Windows explorer. Several freeware tools to administer computers running on Microsoft Windows Operating system are featured in this article.
Sysinternals supplies a variety of free utilities to the users for handling several tasks and applications. Some of the categories of utilities featured in Sysinternals suite include file and disk utilities, system information utilities, process and security utilities, and networking utilities along with ‘utilities index’ for evoking them. A few prominently used utilities are ‘Process Explorer, ‘RAMmap’, ‘LiveKd ver5.0’, ’VMMap’ and ’PsService’, besides, ‘Rootkit Revealer’ , a detection utility. ‘Page Defrag’ and ‘Config’. Sysinternals offer more than a 65 odd utilities for its satisfied users.
The utilities are amazing in providing assistance to the user. ‘Process Explorer’, for instance, has enhanced network and disk monitoring functionality, system information dialog with multi-tab improved feature and extra aspect of memory statistics. It includes a new column that displays aggregate CPU usage for numerous processes. The versatility of the utility envelop advanced and accurate DLL scanning capability, process tree tooltips integrated to command lines, and ability to support about 64 CPU systems.
‘RAMmap’ is one of the latest diagnostic utilities added to Sysinternals suite. It is a more sophisticated version similar to the memory tab of Windows Resource monitor. Windows memory management, analysis of memory usage application, RAM allocation procedures and physical memory allocation algorithms are addressed in this utility.
‘LiveKD v5.0’ is a live kernel debugging tool added to Sysinternals in the last few months. It can execute the debugger commands which work on crash dump files by searching deep into the system with ‘viewing thread command’. It has capabilities to debug and generate kernel dump files of virtual machines right from the original parent partition without resorting to booting of the destination target virtual machine while in debugging mode.
Developers, support engineers, and administrators now are extensively relying on ‘VMMap’ from Sysinternals to dig deep into the memory allocation and usage for a particular process in the system. It is a virtual and physical memory analysis tool capable of producing graphic representation of the usage of memory. It can present the summary information and illustration of the process memory map, in addition to allowing the user to compare the previous two refresh snapshots to notice the implemented changes.
PsService displays the configuration, status and dependency of a service. It allows the user to log on to remote system with a separate account and start, run, pause, resume, stop and restart them. Its search capability is unique in identifying dynamic instances of service in the user’s network. Search feature can be used to locate the systems functioning on DHCP servers. Manual entry of ‘resume index’ is not required here to get a total list of service information. Display of configured services on the local system is the default behavior of PS Service. The success of Sysinternals is largely because it anticipate the requirements of the users. and provides and updates the utilities to handle their individual system management issues.
