Optimize Windows system reliability and performance with Sysinternals IT pros and power users consider the free Windows Sysinternals tools indispensable for diagnosing, troubleshooting, and deeply understanding the Windows platform. In this extensively updated guide, Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis help you use these powerful tools to optimize any Windows system's reliability, efficiency, performance, and security. The authors first explain Sysinternals' capabilities and help you get started fast. Next, they offer in-depth coverage of each major tool, from Process Explorer and Process Monitor to Sysinternals' security and file utilities. Then, building on this knowledge, they show the tools being used to solve real-world cases involving error messages, hangs, sluggishness, malware infections, and much more. Windows Sysinternals creator Mark Russinovich and Aaron Margosis show you how to: Use Process Explorer to display detailed process and system information Use Process Monitor to capture low-level system events, and quickly filter the output to narrow down root causes List, categorize, and manage software that starts when you start or sign in to your computer, or when you run Microsoft Office or Internet Explorer Verify digital signatures of files, of running programs, and of the modules loaded in those programs Use Autoruns, Process Explorer, Sigcheck, and Process Monitor features that can identify and clean malware infestations Inspect permissions on files, keys, services, shares, and other objects Use Sysmon to monitor security-relevant events across your network Generate memory dumps when a process meets specified criteria Execute processes remotely, and close files that were opened remotely Manage Active Directory objects and trace LDAP API calls Capture detailed data about processors, memory, and clocks Troubleshoot unbootable devices, file-in-use errors, unexplained communication, and many other problems Understand Windows core concepts that aren't well-documented elsewhere
Les mer
Part I Getting started Chapter 1 Getting started with the Sysinternals utilities Overview of the utilities The Windows Sysinternals website Sysinternals license information Chapter 2 Windows core concepts Administrative rights Processes, threads, and jobs User mode and kernel mode Handles Application isolation Call stacks and symbols Sessions, window stations, desktops, and window messages Chapter 3 Process Explorer Procexp overview Main window DLLs and handles Process details Thread details Verifying image signatures VirusTotal analysis System information Display options Procexp as a Task Manager replacement Miscellaneous features Keyboard shortcut reference Chapter 4 Autoruns Autoruns fundamentals Autostart categories Saving and comparing results AutorunsC Autoruns and malware Part II Usage guide Chapter 5 Process Monitor Getting started with Procmon Events Filtering, highlighting, and bookmarking Process Tree Saving and opening Procmon traces Logging boot, post-logoff, and shutdown activity Long-running traces and controlling log sizes Importing and exporting configuration settings Automating Procmon: command-line options Analysis tools Injecting custom debug output into Procmon traces Toolbar reference Chapter 6 ProcDump Command-line syntax Specifying which process to monitor Specifying the dump file path Specifying criteria for a dump Monitoring exceptions Dump file options Miniplus dumps ProcDump and Procmon: Better together Running ProcDump noninteractively Viewing the dump in the debugger Chapter 7 PsTools Common features PsExec PsFile PsGetSid PsInfo PsKill PsList PsLoggedOn PsLogList PsPasswd PsService PsShutdown PsSuspend PsTools command-line syntax PsTools system requirements Chapter 8 Process and diagnostic utilities VMMap DebugView LiveKd ListDLLs Handle Chapter 9 Security utilities SigCheck AccessChk Sysmon AccessEnum ShareEnum ShellRunAs Autologon LogonSessions SDelete Chapter 10 Active Directory utilities AdExplorer AdInsight AdRestore Chapter 11 Desktop utilities BgInfo Desktops. ZoomIt Chapter 12 File utilities Strings Streams NTFS link utilities Disk Usage (DU) Post-reboot file operation utilities Chapter 13 Disk utilities Disk2Vhd Sync DiskView Contig DiskExt LDMDump VolumeID Chapter 14 Network and communication utilities PsPing TCPView Whois Chapter 15 System information utilities RAMMap Registry Usage (RU) CoreInfo WinObj LoadOrder PipeList ClockRes Chapter 16 Miscellaneous utilities RegJump Hex2Dec RegDelNull Bluescreen Screen Saver Ctrl2Cap Part III Troubleshooting-"The Case of the Unexplained..." Chapter 17 Error messages Troubleshooting error messages The Case of the Locked Folder The Case of the File In Use Error The Case of the Unknown Photo Viewer Error The Case of the Failing ActiveX Registration The Case of the Failed Play-To The Case of the Installation Failure The Case of the Unreadable Text Files The Case of the Missing Folder Association The Case of the Temporary Registry Profiles The Case of the Office RMS Error The Case of the Failed Forest Functional Level Raise Chapter 18 Crashes Troubleshooting crashes The Case of the Failed AV Update The Case of the Crashing Proksi Utility The Case of the Failed Network Location Awareness Service The Case of the Failed EMET Upgrade The Case of the Missing Crash Dump The Case of the Random Sluggishness Chapter 19 Hangs and sluggish performance Troubleshooting hangs and sluggish performance The Case of the IExplore-Pegged CPU The Case of the Runaway Website The Case of the Excessive ReadyBoost The Case of the Stuttering Laptop Blu-ray Player The Case of the Company 15-Minute Logons The Case of the Hanging PayPal Emails The Case of the Hanging Accounting Software The Case of the Slow Keynote Demo The Case of the Slow Project File Opens The Compound Case of the Outlook Hangs Chapter 20 Malware Troubleshooting malware Stuxnet The Case of the Strange Reboots The Case of the Fake Java Updater The Case of the Winwebsec Scareware The Case of the Runaway GPU The Case of the Unexplained FTP Connections The Case of the Misconfigured Service The Case of the Sysinternals-Blocking Malware The Case of the Process-Killing Malware The Case of the Fake System Component The Case of the Mysterious ASEP Chapter 21 Understanding system behavior The Case of the Q: Drive The Case of the Unexplained Network Connections The Case of the Short-Lived Processes The Case of the App Install Recorder The Case of the Unknown NTLM Communications Chapter 22 Developer troubleshooting The Case of the Broken Kerberos Delegation The Case of the ProcDump Memory Leak
Les mer

Produktdetaljer

ISBN
9780133986532
Publisert
2016-10-10
Utgave
2. utgave
Utgiver
Pearson Education (US)
Vekt
1 gr
Aldersnivå
06, P
Språk
Product language
Engelsk
Format
Product format
Annet

Biografisk notat

Mark Russinovich is Chief Technology Officer of Microsoft Azure, where he oversees the technical strategy and architecture of Microsoft's cloud computing platform. He is a widely recognized expert in distributed systems, operating system internals, and cybersecurity. He is the author of the Jeff Aiken cyberthriller novels, Zero Day, Trojan Horse, and Rogue Code, and co-author of the Microsoft Press Windows Internals books. Russinovich joined Microsoft in 2006 when Microsoft acquired Winternals Software, the company he cofounded in 1996, as well as Sysinternals, where he authors and publishes dozens of popular Windows administration and diagnostic utilities. He is a featured speaker at major industry conferences, including Microsoft Ignite, Microsoft //build, RSA Conference, and more. Aaron Margosis is a Principal Consultant with Microsoft's Global Cybersecurity Practice, where he has worked with security-conscious customers since 1999. Aaron specializes in Windows security, least-privilege, application compatibility, and the configuration of locked-down environments. He is a top speaker at Microsoft conferences, and created many of the tools commonly used by organizations implementing high-security environments, including LUA Buglight, Policy Analyzer, IE Zone Analyzer, LGPO.exe (Local Group Policy Object utility), and MakeMeAdmin, which can be downloaded through his blog (https://blogs.msdn.microsoft.com/aaron_margosis) or through two team blogs for which he is a primary author (https://blogs.technet.microsoft.com/fdcc and https://blogs.technet.microsoft.com/SecGuide).