Upload File

v irtual techdays

26
virtual techdays INDIA 18-20 august 2010 Windows Sysinternals Primer: Process Explorer, Process Monitor & More Tools Aviraj Ajgekar Regional Site Manager Microsoft Corporation http://blogs.technet.com/aviraj │ Email i- [email protected]

Upload: isla

Post on 24-Feb-2016

31 views

Category:

Documents


0 download

Report

Tags:

DESCRIPTION

INDIA │ 18-20 august 2010. v irtual techdays. Windows Sysinternals Primer: Process Explorer, Process Monitor & More Tools. Aviraj Ajgekar │ Regional Site Manager │ Microsoft Corporation http://blogs.technet.com/aviraj │ Email [email protected]. INDIA │ 18-20 august 2010. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: v irtual techdays

virtual techdaysINDIA │ 18-20 august 2010

Windows Sysinternals Primer: Process Explorer, Process Monitor & More Tools

Aviraj Ajgekar │ Regional Site Manager │ Microsoft Corporationhttp://blogs.technet.com/aviraj │ Email [email protected]

http://blogs.technet.com/aviraj
Page 2: v irtual techdays

Introduction to Sysinternals Process Explorer Process Monitor PsExec Additional Sysinternals Utilities - Demo

virtual techdaysINDIA │ 18-20 august 2010

S E S S I O N A G E N D A

Page 3: v irtual techdays

High quality, advanced diagnostic and troubleshooting tools Single executable package, no install needed Free! Authored by Mark Russinovich and/or Bryce Cogswell Quick turnaround/update cycle Limited support

virtual techdaysINDIA │ 18-20 august 2010

Introduction To Sysinternals

Page 4: v irtual techdays

http://www.Sysinternals.com Redirects to technet.microsoft.com

Sysinternals Suite contains all the tools in one zip file Site blog announces all updates

http://blogs.technet.com/Sysinternals Run directly from the web: Sysinternals Live

http://live.sysinternals.com/procmon.exe, or \\live.sysinternals.com\tools\procmon.exe UNC syntax requires WebClient service

Videos on troubleshooting with the tools

virtual techdaysINDIA │ 18-20 august 2010

Sysinternals Website Features

http://www.sysinternals.com/
http://blogs.technet.com/Sysinternals
http://live.sysinternals.com/procmon.exe
Page 5: v irtual techdays

virtual techdaysINDIA │ 18-20 august 2010

Ever See This?

Or this?

Cause: Security Zone info attached to file

Page 6: v irtual techdays

virtual techdaysINDIA │ 18-20 august 2010

Tip: Unblock before extracting(Remote Zone Information)

Page 7: v irtual techdays

What is a process? Task Manager – The Good, The Bad, The Ugly Demo’s

virtual techdaysINDIA │ 18-20 august 2010

Processor Explorer

Page 8: v irtual techdays

What is a Process?A process is a container for a set of resources, including one or more threads.Threads – not processes – do the work and consume CPU, memory, etc

Every process has at least one thread

One orMorethreads

Openhandles

SecurityTokens

VirtualMemoryAddressspace

Page 9: v irtual techdays

The good Great for users of limited technical knowledge. High level flat list of processes, services, users and system performance.

The bad Doesn’t show path to executable. Doesn’t show fractional CPU.

The ugly Doesn’t show multi purpose processes.

Example: svchost.exe Doesn’t show what might be causing a process to misbehave. Doesn’t distinguish the different types of processes. Doesn’t show threads

virtual techdaysINDIA │ 18-20 august 2010

Task ManagerThe good, the bad, the ugly

Page 10: v irtual techdays

The Good Parent/Child Relationships “Peer” into processes

The Better Options galore Process Highlighting

The Best Customized Columns

Threads CPU, Context Switch Delta, Cycles Delta

Determine which thread is consuming CPU

virtual techdaysINDIA │ 18-20 august 2010

Process ExplorerThe good, the better, the best

Page 11: v irtual techdays

virtual techdaysINDIA │ 18-20 august 2010

DEMO: Process ExplorerAviraj Ajgekar│ Microsoft Corporation

Page 12: v irtual techdays

Process Explorer shows a moving snapshot Process Monitor is a logging utility Captures detailed info about:

All registry activityAll file system activityProcess and thread events, including DLL loadNetwork activityPeriodic process profiling data

virtual techdaysINDIA │ 18-20 august 2010

Process Monitor

Page 13: v irtual techdays

Save results for viewing elsewhere Can log boot activity Advanced filtering capabilities

Filters can be saved and exported Analysis tools for data mining Command-line scriptable Highly scalable

virtual techdaysINDIA │ 18-20 august 2010

Process Monitor Features

Page 14: v irtual techdays

Process Monitor Event Detail

Page 15: v irtual techdays

virtual techdaysINDIA │ 18-20 august 2010

DEMO: Process MonitorAviraj Ajgekar│ Microsoft Corporation

Page 16: v irtual techdays

Execute processes on remote computers Redirected console I/O

Remote-enable console apps Execute processes as System

virtual techdaysINDIA │ 18-20 august 2010

PsExec

Page 17: v irtual techdays

PsExec Syntax

psexec [Computers] [Options] command [arguments]

Computers =\\computer[,computer2[,...]] or\\* or@file

Alternate credentials (optional):-u username [-p password]

Page 18: v irtual techdays

PsExec Alternate Credentials[-u username [-p password]]

Can omit -p: it prompts you, doesn’t echoUsed twice:

1. To authenticate to the remote computer2. To create a new logon on the remote computer #2 puts the credentials on the wire in the clear

Required for remote access when: Current account is not admin on the remote, or Remote process needs to access network, or Remote process needs to run interactive

Page 19: v irtual techdays

PsExec Options (Eye chart)Option Description-d Don’t wait for the process to terminate.

Process Performance Options-background-low-belownormal-abovenormal-high-realtime

Run the process at a different priority.

-a n,n… Specify the CPUs on which the process can run.Remote Connectivity Options

-c [-f|-v]Copies the specified program from the local to the remote system. If you omit this option, the application must be in the system path on the remote system. Adding -f forces the copy to occur; -v performs a version or timestamp check and copies only if the source is newer.

-n seconds Specifies timeout in seconds connecting to remote computers.Runtime environment options

-s Run the process in the System account.-i [session] Run the program on an interactive desktop.-x Run the process on the Winlogon secure desktop.-w directory Set the working directory of the process.-e Does not load the specified account’s profile.-h Use the account’s elevated context, if available.-l Run the process as a limited user.

Page 20: v irtual techdays

virtual techdaysINDIA │ 18-20 august 2010

DEMO: PsExecAviraj Ajgekar│ Microsoft Corporation

Page 21: v irtual techdays

PsExec Tips

Don’t forget /accepteula Remoted Sysinternals utilities will hang

Things you can’t do in a redirected console:CLSMOREText coloringTab completionPowerShell v1

Page 22: v irtual techdays

Run Procmon Past LogoffNon-interactively, with PsExec -s

Must specify a backing fileMust not have user interactionProcmon must exit cleanly

To start:PsExec -s -d Procmon.exe /AcceptEula /Quiet /BackingFile C:\Procmon.pml

To stop:PsExec -s -d Procmon.exe /AcceptEula /Terminate

Page 23: v irtual techdays

virtual techdaysINDIA │ 18-20 august 2010

DEMO: Sysinternals Utilities such as Disk2VHD & MoreAviraj Ajgekar│ Microsoft Corporation

Page 24: v irtual techdays

Additional Resources

• Mark Russinovich’s blog:– http://blogs.technet.com/b/MarkRussinovich

• Blog posts and utilities by Aaron Margosis– http://blogs.msdn.com/b/aaron_margosis– http://blogs.technet.com/b/fdcc

• Aviraj Ajgekar’s Blog– http://blogs.technet.com/b/aviraj

http://blogs.technet.com/b/MarkRussinovich
http://blogs.msdn.com/b/aaron_margosis
http://blogs.technet.com/b/fdcc
http://blogs.technet.com/b/aviraj
Page 25: v irtual techdays

question & answer

Page 26: v irtual techdays

virtual techdaysTHANKS│18-20 august 2010

Email [email protected] │Blog: http://blogs.technet.com/aviraj

Thank You

mailto:[email protected]
http://blogs.technet.com/aviraj

V irtual I nternational A uthority F ile

V IRTUAL P ARTICLES by Robert Nemiroff Michigan Tech

A ddressing V irtual Machine Migration P roblem s in …networking.khu.ac.kr/layouts/net/publications/data/KCC2015-12.pdfA ddressing V irtual Machine Migration P roblem s in Cloud

virtual techdays

TechDays 12

V irtual design

T HE P EDAGOGY & P RACTICE OF V IRTUAL S CHOOL T EACHING : M EETING THE N EEDS OF V IRTUAL S CHOOL T EACHERS THROUGH P ROFESSIONAL D EVELOPMENT Meredith

preANVIL : Design of A N etworked V irtual I nteroperability L aboratory

D ax A rts V irtual I nteract

Optimizing the Migration of V irtual Computersbuu1/teaching/spring06/papers/vmware...Optimizing the Migration of V irtual Computers Constantine P.Sapuntzakis Ramesh Chandra Ben Pf

Use of Virtual Teams Concept to Develop V irtual Student C hapters

LabVIEW Lab oratory V irtual I nstrument E ngineering W orkbench

Mythbusting Goes V irtual

The Role of V irtual Health Care and the Pharmaceutical

V IRTUAL F UNCTIONS Chapter 10 Department of CSE, BUET 1

HP V irtual Connect Flex-10 & FlexFabric Cisco Nexus 5000

V irtual Worlds Modelling Entitlement to Legal Aid Using The FRS

Activity plugin V irtual PC - Moodle · 2020-01-28 · Activity plugin V irtual PC Conexión de Moodle a escritorios/PC virtuales Farfán Leiva, Juan Jesús Godino Toro, Antonio Gutiérrez

V irtual machines image protection in Cloud computing

THE ESP-r COOKBOOK Strategies f or Deploying V irtual Repr esentations ... · THE ESP-r COOKBOOK Strategies f or Deploying V irtual Repr esentations of the Build En vir onment Jon

AUGUST 2, 2020 N INTH SUNDAY AFTER PENTECOST V IRTUAL

Manual básico cjm, v irtual i 2014

V irtual I nternational A uthority F ile

V irtual HOLIDAY PARTY GUIDE · 2020. 11. 11. · V irtual MAGICIAN SHOW MENTALIST SHOW • Peter Boie..The Magician for Non Believers has been touring across the US for over 15 years

P arallel V irtual M achines

v irtual field trip: form in modern art