1 / 26

v irtual techdays

INDIA │ 18-20 august 2010. v irtual techdays. Windows Sysinternals Primer: Process Explorer, Process Monitor & More Tools. Aviraj Ajgekar │ Regional Site Manager │ Microsoft Corporation http://blogs.technet.com/aviraj │ Email i-aviraj@microsoft.com. INDIA │ 18-20 august 2010.

isla
Télécharger la présentation

v irtual techdays

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INDIA │ 18-20 august2010 virtual techdays Windows Sysinternals Primer: Process Explorer, Process Monitor & More Tools Aviraj Ajgekar │ Regional Site Manager │ Microsoft Corporation http://blogs.technet.com/aviraj│ Email i-aviraj@microsoft.com

  2. INDIA │ 18-20 august2010 virtual techdays • Introduction to Sysinternals • Process Explorer • Process Monitor • PsExec • Additional Sysinternals Utilities - Demo S E S S I O N A G E N D A

  3. INDIA │ 18-20 august2010 virtual techdays • High quality, advanced diagnostic and troubleshooting tools • Single executable package, no install needed • Free! • Authored by Mark Russinovich and/or Bryce Cogswell • Quick turnaround/update cycle • Limited support Introduction To Sysinternals

  4. INDIA │ 18-20 august2010 virtual techdays • http://www.Sysinternals.com • Redirects to technet.microsoft.com • Sysinternals Suite contains all the tools in one zip file • Site blog announces all updates • http://blogs.technet.com/Sysinternals • Run directly from the web: Sysinternals Live • http://live.sysinternals.com/procmon.exe, or • \\live.sysinternals.com\tools\procmon.exe • UNC syntax requires WebClient service • Videos on troubleshooting with the tools Sysinternals Website Features

  5. Ever See This? INDIA │ 18-20 august2010 virtual techdays Or this? • Cause: Security Zone info attached to file

  6. INDIA │ 18-20 august2010 virtual techdays Tip: Unblock before extracting (Remote Zone Information)

  7. INDIA │ 18-20 august2010 virtual techdays • What is a process? • Task Manager – The Good, The Bad, The Ugly • Demo’s  Processor Explorer

  8. What is a Process? • A process is a container for a set of resources, including one or more threads. • Threads – not processes – do the work and consume CPU, memory, etc • Every process has at least one thread Virtual Memory Address space One or More threads Security Tokens Open handles

  9. INDIA │ 18-20 august2010 virtual techdays • The good • Great for users of limited technical knowledge. • High level flat list of processes, services, users and system performance. • The bad • Doesn’t show path to executable. • Doesn’t show fractional CPU. • The ugly • Doesn’t show multi purpose processes. • Example: svchost.exe • Doesn’t show what might be causing a process to misbehave. • Doesn’t distinguish the different types of processes. • Doesn’t show threads Task Manager The good, the bad, the ugly

  10. INDIA │ 18-20 august2010 virtual techdays • The Good • Parent/Child Relationships • “Peer” into processes • The Better • Options galore • Process Highlighting • The Best • Customized Columns • Threads • CPU, Context Switch Delta, Cycles Delta • Determine which thread is consuming CPU Process Explorer The good, the better, the best

  11. INDIA │ 18-20 august2010 virtual techdays DEMO: Process Explorer Aviraj Ajgekar│ Microsoft Corporation

  12. INDIA │ 18-20 august2010 virtual techdays • Process Explorer shows a moving snapshot • Process Monitor is a logging utility • Captures detailed info about: • All registry activity • All file system activity • Process and thread events, including DLL load • Network activity • Periodic process profiling data Process Monitor

  13. INDIA │ 18-20 august2010 virtual techdays • Save results for viewing elsewhere • Can log boot activity • Advanced filtering capabilities • Filters can be saved and exported • Analysis tools for data mining • Command-line scriptable • Highly scalable Process Monitor Features

  14. Process Monitor Event Detail

  15. INDIA │ 18-20 august2010 virtual techdays DEMO: Process Monitor Aviraj Ajgekar│ Microsoft Corporation

  16. INDIA │ 18-20 august2010 virtual techdays • Execute processes on remote computers • Redirected console I/O  Remote-enable console apps • Execute processes as System PsExec

  17. PsExec Syntax • psexec [Computers] [Options] command [arguments] • Computers = • \\computer[,computer2[,...]] or • \\* or • @file • Alternate credentials (optional): • -u username [-p password]

  18. PsExec Alternate Credentials[-uusername [-ppassword]] • Can omit -p: it prompts you, doesn’t echo • Used twice: • To authenticate to the remote computer • To create a new logon on the remote computer • #2 puts the credentials on the wire in the clear • Required for remote access when: • Current account is not admin on the remote, or • Remote process needs to access network, or • Remote process needs to run interactive

  19. PsExec Options (Eye chart)

  20. INDIA │ 18-20 august2010 virtual techdays DEMO: PsExec Aviraj Ajgekar│ Microsoft Corporation

  21. PsExec Tips • Don’t forget /accepteula • RemotedSysinternals utilities will hang • Things you can’t do in a redirected console: • CLS • MORE • Text coloring • Tab completion • PowerShell v1

  22. Run Procmon Past LogoffNon-interactively, with PsExec -s Must specify a backing file Must not have user interaction Procmon must exit cleanly To start: PsExec -s -d Procmon.exe /AcceptEula /Quiet /BackingFile C:\Procmon.pml To stop: PsExec -s -d Procmon.exe /AcceptEula /Terminate

  23. INDIA │ 18-20 august2010 virtual techdays DEMO: Sysinternals Utilities such as Disk2VHD & More Aviraj Ajgekar│ Microsoft Corporation

  24. Additional Resources • Mark Russinovich’s blog: • http://blogs.technet.com/b/MarkRussinovich • Blog posts and utilities by Aaron Margosis • http://blogs.msdn.com/b/aaron_margosis • http://blogs.technet.com/b/fdcc • Aviraj Ajgekar’s Blog • http://blogs.technet.com/b/aviraj

  25. question & answer

  26. THANKS│18-20 august2010 virtual techdays Email i-aviraj@microsoft.com│Blog:http://blogs.technet.com/aviraj Thank You

More Related