If you troubleshoot Windows PCs for fun or profit, then chances are you've used one or more tools from Sysinternals. Microsoft bought the company and its amazing library of diagnostic, troubleshooting, and management utilities in 2006, and the collection has been continually updated ever since. It's also still completely free.
A few weeks ago, I ran into Sysinternals co-founder Mark Russinovich at a technical conference, where he told me about a new Sysinternals service that was in private beta testing. Today, I can finally break the news that Sysinternals Live is now open to the public.
The new service enables you to execute the most recent version of any Sysinternals tool directly from an Internet-connected PC, without having to hunt for the executable file and manually download it first. To access the complete library of tools, use either of these methods from a Windows-based PC:
- Go to the Sysinternals Live directory (http://live.sysinternals.com) and click the name of the tool you want to run. Because the directory listing is a bare-bones HTML file, it can be used in any browser.
- If you know the name of the executable file for the tool you want to use, enter it directly, using the syntax \\live.sysinternals.com\tools\<toolname>, where <toolname> is the name of the executable file. (Note the UNC syntax uses backslashes, not slashes, as in a URL. Start with a pair of backslashes to indicate that live.sysinternals.com is the remote server, and don't include the angle brackets with the tool name.)
If you've never used Sysinternals tools before, you'd do well to start at the Sysinternals home page, which includes descriptions of each tool, along with download links and installation instructions. But if you are already familiar with one or more tools in the library, you can create direct shortcuts to those tools on your desktop or on the USB flash drive you keep with your emergency toolkit.
Here are three shortcuts to get you started, all of which have been updated in 2008:
Process Explorer (\\live.sysinternals.com\tools\procexp.exe) - This Task Manager replacement occupies the number-one slot on my top 10 list of all-time favorite Windows programs. As I noted in that writeup, "It provides system information, a hierarchical view of all running processes (including services), and an overwhelming number of technical details about how each process uses CPU and memory. It all runs in real time, making it an ideal troubleshooting tool."
AutoRuns (\\live.sysinternals.com\tools\autoruns.exe) - Are you still using Msconfig to see which processes are automatically running when you start a Windows PC? Then you literally don't know what you're missing. There are dozens of nooks and crannies in the Windows file system and registry where auto-starting programs can park themselves. This tool finds them all. More importantly, it allows you to disable or remove any entry you find.
Process Monitor (\\live.sysinternals.com\tools\procmon.exe) - If you're trying to figure out exactly what a program or process is doing (especially if you're actively on the hunt for malware), this tool is your best friend. It combines the features of the now-retired Filemon and Regmon utilities to trace (and capture in an optional log file) the impact of a process as it starts, runs, and exits.
The "live" tools should work equally well in x86 and x64 versions of Windows Vista and Server 2008; I ran into a bug with Process Explorer and Handle.exe in my x64 testing, but corrected versions of both utilities were scheduled to go online today before Sysinternals Live opened to the public. Also, in Windows Vista and Server 2008 you can use "live" versions of command-line tools, but most require that you enter the command name in UNC syntax from an elevated prompt (click Start, type cmd in the Search box, select Cmd.exe from the results list, and press Ctrl+Shift+Enter). The command-line tools I tested worked perfectly exactly as expected.
If you're a Sysinternals fan, you'll love Sysinternals Live.
Update 30-May-2008: For instructions on how to create a Windows Explorer shortcut in the Computer folder that displays the contents of the Sysinternals Live Tools folder, see Working with Sysinternals Live.