使用 Windows Sysinternals 工具进行故障排除
Sysinternals 网站由Mark Russinovich于 1996 年创建,用于托管他的高级系统实用程序和技术信息。无论您是 IT 专业人员还是开发人员,您都可以找到 Sysinternals 实用程序来帮助您管理、排除故障和诊断您的 Windows 系统和应用程序。
- 阅读 Sysinternals 工具的官方指南,使用 Windows Sysinternals 工具进行故障排除
- 阅读Sysinternals 博客以获取工具更新的详细更改源
- 在 YouTube 上观看 Mark 的Sysinternals 更新视频
- 观看 Mark 最受好评的“无法解释的案例”故障排除演示和其他网络广播
- 阅读Mark 的博客,其中重点介绍了使用这些工具来解决实际问题
- 查看 Sysinternals学习资源页面
- 在Sysinternals 论坛中发布您的问题
Sysinternals Utilities - Windows Sysinternals | Microsoft Docs
Windows Sysinternals 创建者 Mark Russinovich 和 Aaron Margosis 向您展示如何:
- 使用 Process Explorer 显示详细的进程和系统信息
- 使用 Process Monitor 捕获低级系统事件,并快速过滤输出以缩小根本原因
- 列出、分类和管理在您启动或登录到您的计算机或运行 Microsoft Office 或 Internet Explorer 时运行的软件
- 验证文件、正在运行的程序以及在这些程序中加载的模块的数字签名
- 使用可以识别和清除恶意软件感染的 Autoruns、Process Explorer、Sigcheck 和 Process Monitor 功能
- 检查文件、密钥、服务、共享和其他对象的权限
- 使用 Sysmon 监控整个网络中的安全相关事件
- 当进程满足指定条件时生成内存转储
- 远程执行进程,关闭远程打开的文件
- 管理 Active Directory 对象并跟踪 LDAP API 调用
- 捕获有关处理器、内存和时钟的详细数据
- 对无法启动的设备、文件使用中的错误、无法解释的通信和许多其他问题进行故障排除
- 了解其他地方没有详细记录的 Windows 核心概念
Windows Sysinternals Administrator's Reference 的更新
作者 Mark Russinovich 和 Aaron Margosis
使用 Windows Sysinternals 工具进行故障排除是关于 Sysinternals 工具的官方书籍,由工具作者和 Sysinternals 联合创始人 Mark Russinovich 以及 Windows 专家 Aaron Margosis 撰写。这本书详细介绍了所有 65 种以上的工具,并有完整的章节介绍了 Process Explorer、Process Monitor 和 Autoruns 等主要工具。除了工具章节中的提示和技巧外,它还包括 45 个“无法解释的案例……”用户用于解决实际问题的工具示例。立即购买这本书,让您的 Windows 故障排除和系统管理技能更上一层楼。
IT 专业人员和高级用户认为免费的 Windows Sysinternals 工具对于诊断、故障排除和深入了解 Windows 平台是必不可少的。在这份广泛更新的指南中,Sysinternals 创建者 Mark Russinovich 和专家 Windows 顾问 Aaron Margosis 帮助您使用这些强大的工具来优化任何 Windows 系统的可靠性、效率、性能和安全性。作者首先解释了 Sysinternals 的功能并帮助您快速入门。接下来,他们深入介绍了每个主要工具,从 Process Explorer 和 Process Monitor 到 Sysinternals 的安全和文件实用程序。然后,在这些知识的基础上,他们展示了用于解决实际案例的工具,这些案例涉及错误消息、挂起、迟缓、恶意软件感染等等。
- 第一部分:入门
- 第 1 章 Sysinternals 实用程序入门
- 第 2 章 Windows 核心概念
- 第二部分:使用指南
- 第 3 章 进程浏览器
- 第 4 章 自动运行
- 第 5 章 进程监视器
- 第 6 章 ProcDump
- 第 7 章 PsTools
- 第 8 章过程和诊断实用程序
- 第 9 章 安全实用程序
- 第 10 章 Active Directory 实用程序
- 第 11 章 桌面实用程序
- 第 12 章 文件实用程序
- 第 13 章 磁盘实用程序
- 第 14 章 网络和通信实用程序
- 第 15 章 系统信息实用程序
- 第 16 章 杂项实用程序
- 第三部分:故障排除——“无法解释的案例……”
- 第 17 章 错误消息
- 第18章 崩溃
- 第19章 挂起和表现迟缓
- 第 20 章 恶意软件
- 第 21 章 理解系统行为
- 第 22 章 开发者疑难解答
Sysinternals Utilities Index
- Article
- 02/17/2022
- 7 minutes to read
- 6 contributors
Sysinternals Suite
The entire set of Sysinternals Utilities rolled up into a single download.
Sysinternals Suite for Nano Server
Sysinternals Utilities for Nano Server in a single download.
Sysinternals Suite for ARM64
Sysinternals Utilities for ARM64 in a single download.
Sysinternals Suite from the Microsoft Store
Sysinternals Utilities installation and updates via Microsoft Store.
AccessChk
v6.14 (June 22, 2021)
AccessChk is a command-line tool for viewing the effective permissions on files, registry keys, services, processes, kernel objects, and more.
AccessEnum
v1.33 (October 12, 2021)
This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions.
AdExplorer
v1.51 (December 16, 2021)
Active Directory Explorer is an advanced Active Directory (AD) viewer and editor.
AdInsight
v1.2 (October 26, 2015)
An LDAP (Light-weight Directory Access Protocol) real-time monitoring tool aimed at troubleshooting Active Directory client applications.
AdRestore
v1.2 (November 25, 2020)
Undelete Server 2003 Active Directory objects.
Autologon
v3.10 (August 29, 2016)
Bypass password screen during logon.
Autoruns
v14.09 (February 16, 2022)
See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.
BgInfo
v4.26 (October 19, 2018)
This fully-configurable program automatically generates desktop backgrounds that include important information about the system including IP addresses, computer name, network adapters, and more.
BlueScreen
v3.2 (November 1, 2006)
This screen saver not only accurately simulates Blue Screens, but simulated reboots as well (complete with CHKDSK), and works on Windows NT 4, Windows 2000, Windows XP, Server 2003 and Windows 95 and 98.
CacheSet
v1.02 (December 16, 2021)
CacheSet is a program that allows you to control the Cache Manager's working set size using functions provided by NT. It's compatible with all versions of NT.
ClockRes
v2.1 (July 4, 2016)
View the resolution of the system clock, which is also the maximum timer resolution.
Contig
v1.81 (October 12, 2021)
Wish you could quickly defragment your frequently used files? Use Contig to optimize individual files, or to create new files that are contiguous.
Coreinfo
v3.31 (August 18, 2014)
Coreinfo is a new command-line utility that shows you the mapping between logical processors and the physical processor, NUMA node, and socket on which they reside, as well as the cache’s assigned to each logical processor.
Ctrl2cap
v2.0 (November 1, 2006)
This is a kernel-mode driver that demonstrates keyboard input filtering just above the keyboard class driver in order to turn caps-locks into control keys. Filtering at this level allows conversion and hiding of keys before NT even "sees" them. Ctrl2cap also shows how to use NtDisplayString() to print messages to the initialization blue-screen.
DebugView
v4.90 (April 23, 2019)
Another first from Sysinternals: This program intercepts calls made to DbgPrint by device drivers and OutputDebugString made by Win32 programs. It allows for viewing and recording of debug session output on your local machine or across the Internet without an active debugger.
Desktops
v2.01 (October 12, 2021)
This new utility enables you to create up to four virtual desktops and to use a tray interface or hotkeys to preview what’s on each desktop and easily switch between them.
Disk2vhd
v2.02 (October 12, 2021)
Disk2vhd simplifies the migration of physical systems into virtual machines (p2v.md).
DiskExt
v1.2 (July 4, 2016)
Display volume disk-mappings.
Diskmon
v2.02 (October 12, 2021)
This utility captures all hard disk activity or acts like a software disk activity light in your system tray.
DiskView
v2.41 (October 15, 2020)
Graphical disk sector utility.
Disk Usage (DU)
v1.62 (November 04, 2020)
View disk usage by directory.
EFSDump
v1.03 (October 12, 2021)
View information for encrypted files.
FindLinks
v1.1 (July 4, 2016)
FindLinks reports the file index and any hard links (alternate file paths on the same volume.md) that exist for the specified file. A file's data remains allocated so long as at it has at least one file name referencing it.
Handle
v4.22 (June 14, 2019)
This handy command-line utility will show you what files are open by which processes, and much more.
Hex2dec
v1.1 (July 4, 2016)
Convert hex numbers to decimal and vice versa.
Junction
v1.07 (July 4, 2016)
Create Win2K NTFS symbolic links.
LDMDump
v1.02 (November 1, 2006)
Dump the contents of the Logical Disk Manager's on-disk database, which describes the partitioning of Windows 2000 Dynamic disks.
ListDLLs
v3.2 (July 4, 2016)
List all the DLLs that are currently loaded, including where they are loaded and their version numbers.
LiveKd
v5.62 (May 16, 2017)
Use Microsoft kernel debuggers to examine a live system.
LoadOrder
v1.02 (October 12, 2021)
See the order in which devices are loaded on your WinNT/2K system.
LogonSessions
v1.41 (November 25, 2020)
List the active logon sessions on a system.
MoveFile
v1.02 (September 17, 2020)
Allows you to schedule move and delete commands for the next reboot.
NotMyFault
v4.01 (November 18, 2016)
Notmyfault is a tool that you can use to crash, hang, and cause kernel memory leaks on your Windows system.
NTFSInfo
v1.2 (July 4, 2016)
Use NTFSInfo to see detailed information about NTFS volumes, including the size and location of the Master File Table (MFT) and MFT-zone, as well as the sizes of the NTFS meta-data files.
PendMoves
v1.3 (September 17, 2020)
Enumerate the list of file rename and delete commands that will be executed the next boot.
PipeList
v1.02 (July 4, 2016)
Displays the named pipes on your system, including the number of maximum instances and active instances for each pipe.
PortMon
v3.03 (January 12, 2012)
Monitor serial and parallel port activity with this advanced monitoring tool. It knows about all standard serial and parallel IOCTLs and even shows you a portion of the data being sent and received. Version 3.x has powerful new UI enhancements and advanced filtering capabilities.
ProcDump
v10.11 (August 18, 2021)
This command-line utility is aimed at capturing process dumps of otherwise difficult to isolate and reproduce CPU spikes. It also serves as a general process dump creation utility and can also monitor and generate process dumps when a process has a hung window or unhandled exception.
Process Explorer
v16.43 (August 18, 2021)
Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.
Process Monitor
v3.89 (February 16, 2022)
Monitor file system, Registry, process, thread and DLL activity in real-time.
PsExec
v2.34 (May 25, 2021)
Execute processes on remote systems.
PsFile
v1.03 (June 29, 2016)
See what files are opened remotely.
PsGetSid
v1.45 (June 29, 2016)
Displays the SID of a computer or a user.
PsInfo
v1.78 (June 29, 2016)
Obtain information about a system.
PsKill
v1.16 (June 29, 2016)
Terminate local or remote processes.
PsPing
v2.01 (January 29, 2014)
Measure network performance.
PsList
v1.4 (June 29, 2016)
Show information about processes and threads.
PsLoggedOn
v1.35 (June 29, 2016)
Show users logged on to a system.
PsLogList
v2.8 (June 29, 2016)
Dump event log records.
PsPasswd
v1.24 (June 29, 2016)
Changes account passwords.
PsService
v2.25 (June 29, 2016)
View and control services.
PsShutdown
v2.53 (October 12, 2021)
Shuts down and optionally reboots a computer.
PsSuspend
v1.07 (June 29, 2016)
Suspend and resume processes.
PsTools
v2.48 (October 12, 2021)
The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.
RAMMap
v1.60 (October 15, 2020)
An advanced physical memory usage analysis utility that presents usage information in different ways on its several different tabs.
RDCMan
v2.90 (January 27, 2022)
Manage multiple remote desktop connections.
RegDelNull
v1.11 (July 4, 2016)
Scan for and delete Registry keys that contain embedded null-characters that are otherwise undeleteable by standard Registry-editing tools.
Registry Usage (RU)
v1.2 (July 4, 2016)
View the registry space usage for the specified registry key.
RegJump
v1.11 (October 12, 2021)
Jump to the registry path you specify in Regedit.
SDelete
v2.04 (November 25, 2020)
Securely overwrite your sensitive files and cleanse your free space of previously deleted files using this DoD-compliant secure delete program.
ShareEnum
v1.61 (October 12, 2021)
Scan file shares on your network and view their security settings to close security holes.
ShellRunas
v1.02 (October 12, 2021)
Launch programs as a different user via a convenient shell context-menu entry.
Sigcheck
v2.82 (July 27, 2021)
Dump file version information and verify that images on your system are digitally signed.
Streams
v1.6 (July 4, 2016)
Reveal NTFS alternate streams.
Strings
v2.54 (June 22, 2021)
Search for ANSI and UNICODE strings in binary images.
Sync
v2.2 (July 4, 2016)
Flush cached data to disk.
Sysmon
v13.33 (February 16, 2022)
Monitors and reports key system activity via the Windows event log.
TCPView
v4.17 (January 27, 2022)
Active socket viewer.
VMMap
v3.32 (January 27, 2022)
VMMap is a process virtual and physical memory analysis utility.
VolumeId
v2.1 (July 4, 2016)
Set Volume ID of FAT or NTFS drives.
Whois
v1.20 (December 11, 2019)
See who owns an Internet address.
WinObj
v3.14 (January 27, 2022)
The ultimate Object Manager namespace viewer is here.
ZoomIt
v5.10 (February 16, 2022)
Presentation utility for zooming and drawing on the screen.
使用 Windows Sysinternals 工具进行故障排除相关推荐
- [Java故障排除指南- JDK11-学习笔记]-4-诊断工具之使用JConsole 工具进行故障排除
4-诊断工具之使用JConsole 工具进行故障排除 JDK 下载中包含的另一个有用工具是JConsole监控工具.该工具与 JMX 兼容.该工具使用 JVM 中的内置 JMX 工具来提供有关正在运行 ...
- vsphere 故障排除_为什么故障排除如此困难?
vsphere 故障排除 根据定义 ,故障排除被认为是对问题来源进行逻辑,系统的搜索以解决问题的方法. 现在,如果您还记得上次必须对生产系统中发生的特定问题进行故障排除的话,您会称之为逻辑和系统的吗? ...
- 教程篇(7.0) 07. 诊断和故障排除 ❀ FortiClient EMS ❀ Fortinet 网络安全专家 NSE 5
在本课中,你将学习如何诊断和排除FortiClient问题和FortiClient EMS问题. 在这节课中,你将学习上图显示的主题. 通过展示处理和排除FortiClient问题的能力,你将能 ...
- 新版《Windows Sysinternals实战指南》,读书积赞活动
新书<Windows Sysinternals实战指南>即将上市.该本由Sysinternals创始人.Windwos内核技术专家Mark Russinovich 与 Windows专家A ...
- ibm邮箱连接不到服务器,IBM i 安全邮件配置和常见故障排除方法
Body IBM i安全邮件配置和常见故障排除方法 简介:电子邮件是现在普遍使用的一种通信方式,为了提高通信过程中的安全并且保护邮件内容不被泄露,IBM i SMTP增加了对TLS的支持, 通过此技术 ...
- 常用组策略故障排除工具
常用组策略故障排除工具 工具, 控制器 Dcgpofix 如果以下两个默认 GPO 中的一个出现了问题,则可以使用该工具:默认域策略和默认域控制器策略.如果其中一个或全部两个 GPO 损坏,程度严重到 ...
- 网络故障排除工具 | 快速定位网络故障
网络故障排除对于网络技术专家和网络工程师是颇具挑战的工作.每当添加新的设备或网络发生变更时,新的问题就会出现,而且很难确定问题出在哪里.每一位网络工程师或专家都有自己的经验和必备工具,能让他们快速定位 ...
- vSphere 故障排除之工具篇
vSphere 故障排除之工具篇(转) 这周上完了vSphere Troubleshooting的课,课堂上也有很多学员互动和讨论,关于vSphere的常见故障也是很多工程师工作中经常遇到的,于是我准 ...
- 第14题 计算机网络故障排除的第二步是,计算机网络故障诊断与排除第1章网络故障和网络诊断测试工具(习题)(ok)...
计算机网络故障诊断与排除第1章网络故障和网络诊断测试工具(习题)(ok) (7页) 本资源提供全文预览,点击全文预览即可全文预览,如果喜欢文档就下载吧,查找使用更方便哦! 9.9 积分 第1章网络故障 ...
最新文章
- 51单片机怎么学啊?有推荐的线上网课和书籍么?
- python从文件中读取数据_Python3 中把txt数据文件读入到矩阵中的方法
- linux系统中条码如何识别的,如何(可靠地)在嵌入式(无头)Linux中读取USB条形码扫描仪?...
- android升级功能键,Android 按键添加转载
- Fetcher类的工作流程
- 数据库设计基础:数据字典相关知识笔记
- can总线报文是固定的吗_CAN总线负载率的计算方式
- 牛客练习赛20:D. 最短路2
- C语言流程图生成器的具体操作流程是什么,分享绘制C语言流程图方法
- window多台服务器文件同步,SyncToy 两台Windows电脑文件同步
- 图像坐标球面投影_从球面到平面的投影
- 小知识系列(3):Hanoi塔(汉诺塔,河内塔)
- 微信无法连接到服务器的原因
- 论文投稿指南——中文核心期刊推荐(自然科学总论)
- Http中post/get请求参数接收
- 大数据精准营销有哪些特性呢?
- C语言:找出10000以内所有的素数(质数)
- 无线通信原理之F-OFDM技术
- 力扣第 107 场双周赛
- 一次线上集群CPU占用100%的问题分析过程