Powertools from SysInternals
Posted by Ronnie Holm on September 17th, 2006
I use the SysInternals tools (now acquired by the Empire). The ones I use most often are:
- PageDefrag
PageDefrag uses advanced techniques to provide you what commercial defragmenters cannot: the ability for you to see how fragmented your page file and Registry hives are, and to defragment them. In addition, it defragments event log files and Windows 2000/XP hibernation files [...].
Has the ability to run at the next or every boot (that’s how it gets exclusive access to the system files). Running it every time I boot typically adds 10-20 seconds to my boot time, but I guess it depends on how often you boot, the amount of physical memory, and what kind of applications you run.
- Contig
Contig is a single-file defragmenter that attempts to make files contiguous on disk. It’s perfect for quickly optimizing files that are continuously becoming fragmented, or that you want to ensure are in as few fragments as possible.
Also has a recursive switch, so you can specify C:\ as the starting point and it’ll defragment its way through your entire drive.
- ShareEnum
When you run ShareEnum it uses NetBIOS enumeration to scan all the computers within the domains accessible to it, showing file and print shares and their security settings.
A worthy replacement for Network Neighborhood, although it sometimes is not able to find any shares, although I know there’s quite a few out there.
- Autoruns
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system boot or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys.
On my computer, it takes longer for Windows to become responsive after log on than it takes Windows to boot and display the log on screen, because Windows loads a ton of software, fills up the systray, and starts various services I really don’t need.
Services such as Remote Registry for accessing the registry across the network, Windows Image Acquisition for popping up a dialog box when I scan an image on the scanner I don’t have, or Windows Zero Configuration for managing the WLAN access I never use.
Those services are all on by default and can be disabled using AutoRuns (or using Control panel => Administrative tools => Services).
- Process Explorer
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you’ll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you’ll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
The quote speaks for itself.
There’s a lot more tools where these came from. Among the ones I use less frequently are FileMon and Regmon for real-time monitoring of file system and registry access, respectively. Also, I use TCPView as a more user friendly replacement for the netstat command.
Finally, take a look at dnrTV, where Scott Hanselman recently showed off some of these tools.
