SysInternals Overview

There is no single toolset I use more than the SysInternals tools. If you seriously want to understand what is happening on your system you can’t do it without them. When I taught the App-V workshops we used a few of the tools for troubleshooting installation and packaging issues. They were invaluable.

The most common tools I use are Process Explorer (procexp), Process Monitor (procmon – combines both filemon and regmon), Handle (allows you to search open handles, including files), and Strings (dumps all strings in binary files). You may also be familiar with the BSOD screensaver, BGInfo (prints the computer specs on the desktop wallpaper), the PSTools (doing remote commands), and ZoomIt (zoom in on a part of the desktop).

Windows SysInternals Logo
The Sysinternals web site was created in 1996 by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications.

First a bit of history. The SysInternals tools were provided for free by Mark and Bryce via the website. They also had a suite of non-free tools on the Winternals side, the most notable of which was ERD Commander. After many years of asking they finally agreed to sell. Microsoft bought the Winternals company and hired Mark and Bryce. (Side note – the assimilation has been a complete success.) now redirects to the System Center landing page. redirects to a TechNet page (which is easier to remember than the TechNet URL).

Today the SysInternals tools are not only being maintained for bug fixes and new operating systems, but the list of tools is expanding and some of the ideas and features are migrating into the OS (did you notice how Task Manager has evolved in recent releases?) The easiest way to get started is to download the entire SysInternals Suite in a single 12MB zip file.

You’ll notice a few other things about the site if you actually read the landing page (read documenation? shocked!).

  1. First, Mark is the co-author of a few technical books, notably Windows Internals (version 6 covers Windows 8 and Server 2012) and a SysInternals Administrator book.
  2. Mark occasionally blogs on the SysInternals site. Often these demonstrate advanced uses of the tools and are quite instructive on how to use them.
  3. There are a bunch of videos and documentation on the site itself for the tools.
  4. And finally, you can run the tools over the Internet via without manually downloading anything directly.

Oh, and ERD Commander? It’s now part of DaRT. DaRT is useful for recovering dead or unbootable systems. This is now part of the Microsoft Desktop Optimization Pack, so if your enterprise has Software Assurance you may also have access to MDOP. If you’re not familiar with MDOP you should be. But that’s for another post…

ERD Commander in MSDaRT 6.5

I’ll cover some of the SysInternals tools in future blog posts.

If you want more, here is a high level interview with Mark on MSDN’s Channel 9 show where he talks a bit about a bit about the history of SysInternals and Winternals: