EDN Admin
Well-known member
In this 2 part episode of Defrag Tools , Andrew and I walk you through Sysinternals Process Monitor . Process Monitor allows you to view the File, Registy, Network, Process and Profiling details of the processes running on the computer. The logging allows you to go from a holistic view all the way down to the function in the stack that initiated an event. Process Monitor can be used to troubleshoot nearly all types of issues. As coined by http://www.solsem.com/ David Solomon - "When in doubt, run Process Monitor". http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor Part 1 (last week) covers the tool itself.
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-4-Process-Monitor Part 2 (this week) goes though a wide variety of examples showing how different techniques are required for different investigations. Resources:
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx Sysinternals Process Monitor Timeline:
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-4-Process-Monitor#time=00m00s [00:00] - Last week...
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-4-Process-Monitor#time=01m08s [01:08] - Finding the Registry keys of the Explorer Folder Options dialog
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-4-Process-Monitor#time=08m30s [08:30] - Using Summary reports to see the current filters resource usage
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-4-Process-Monitor#time=15m09s [15:09] - Capturing a ProcMon log of system boot
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-4-Process-Monitor#time=19m25s [19:25] - Analyzing the boot log
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-4-Process-Monitor#time=27m32s [27:32] - The Startup/Shutdown chapter of the http://technet.microsoft.com/en-us/sysinternals/bb963901.aspx Windows Internals book [ http://www.amazon.com/Microsoft-Windows-Internals-4th-Edition/dp/B002DMJTXM 4th edition , http://www.amazon.com/Windows%C2%AE-Internals-Including-Windows-Developer/dp/0735625301 5th edition , http://www.amazon.com/Windows-Internals-Part-Covering-Server/dp/0735648735 6th edition Part 2 ]. Note, its Chapter 13, not Chapter 4, as mentioned on the show. Chapter 13 is in Part 2 of the 6th edition.
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-4-Process-Monitor#time=28m17s [28:17] - Next time...Autoruns More Examples:
http://channel9.msdn.com/search?term=Case+of+the+Unexplained Case of the Unexplained... by http://blogs.technet.com/b/markrussinovich/ Mark Russinovich
http://channel9.msdn.com/search?term=sysinternals+gems Sysinternals Gems by http://blogs.msdn.com/b/aaron_margosis/ Aaron Margosis <img src="http://m.webtrends.com/dcs1wotjh10000w0irc493s0e_6x1g/njs.gif?dcssip=channel9.msdn.com&dcsuri=http://channel9.msdn.com/Feeds/RSS&WT.dl=0&WT.entryid=Entry:RSSView:b218d31043c34138b5e4a0ae0017705d
View the full article
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-4-Process-Monitor Part 2 (this week) goes though a wide variety of examples showing how different techniques are required for different investigations. Resources:
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx Sysinternals Process Monitor Timeline:
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-4-Process-Monitor#time=00m00s [00:00] - Last week...
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-4-Process-Monitor#time=01m08s [01:08] - Finding the Registry keys of the Explorer Folder Options dialog
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-4-Process-Monitor#time=08m30s [08:30] - Using Summary reports to see the current filters resource usage
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-4-Process-Monitor#time=15m09s [15:09] - Capturing a ProcMon log of system boot
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-4-Process-Monitor#time=19m25s [19:25] - Analyzing the boot log
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-4-Process-Monitor#time=27m32s [27:32] - The Startup/Shutdown chapter of the http://technet.microsoft.com/en-us/sysinternals/bb963901.aspx Windows Internals book [ http://www.amazon.com/Microsoft-Windows-Internals-4th-Edition/dp/B002DMJTXM 4th edition , http://www.amazon.com/Windows%C2%AE-Internals-Including-Windows-Developer/dp/0735625301 5th edition , http://www.amazon.com/Windows-Internals-Part-Covering-Server/dp/0735648735 6th edition Part 2 ]. Note, its Chapter 13, not Chapter 4, as mentioned on the show. Chapter 13 is in Part 2 of the 6th edition.
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-4-Process-Monitor#time=28m17s [28:17] - Next time...Autoruns More Examples:
http://channel9.msdn.com/search?term=Case+of+the+Unexplained Case of the Unexplained... by http://blogs.technet.com/b/markrussinovich/ Mark Russinovich
http://channel9.msdn.com/search?term=sysinternals+gems Sysinternals Gems by http://blogs.msdn.com/b/aaron_margosis/ Aaron Margosis <img src="http://m.webtrends.com/dcs1wotjh10000w0irc493s0e_6x1g/njs.gif?dcssip=channel9.msdn.com&dcsuri=http://channel9.msdn.com/Feeds/RSS&WT.dl=0&WT.entryid=Entry:RSSView:b218d31043c34138b5e4a0ae0017705d
View the full article