Sign in with
Sign up | Sign in
Your question

Sysinternals: Proc Expl, Proc Mon; Sys....AV?

Last response: in Windows XP
Share
August 26, 2010 3:51:04 PM

After reading a PC World Magazine article about Sudden Temporary Slowdowns (I get lots of them), I wound up looking at Process Explorer, Process Monitor, and the suite of 66 troubleshooting tools. Found a few 'neutral' forums, but came away just as confused as when I started.

Is PE a component of PM? Does PM use only part of PE? What might I gain by getting both, or lose by getting only one (probably PM)? And, since they're both contained in the Suite, would that indicate substantial difference between them?

Also, with 'Micronopoly' having absorbed the company and suppressed a Linux something-or-other, did that absorbtion possibly result in some kind of downside?

And finally, there's something called Sysinternals Antivirus that is universally hated as malware; the product is nowhere on the Sysinternals site, but neither is a disclaimer re the use of the Sysinternals name....not even in Microsoft's dot-com page.

A big Thanks to anyone who can shed some light on this for me!

GSGregg
a b 8 Security
August 26, 2010 4:54:41 PM

Process Monitor and Process Explorer are separate, extremely useful, tools. Read the documentation and play with the tools and the difference will be self-evident.

Process Explorer has basically been incorporated into the latest versions of Task Manager. It is very much a real-time tool for analyzing system behaviour.

Process Monitor is more of a recording tool that can give you a list of every file and registry access made during a period of time, as well as other process behaviour. It can produce a huge amount of data, but this can be filtered.

The absorption of Sysinternals by Microsoft was an entirely positive process and has been advantageous to both of them. Linux never had anything to do with these tools.

Mark Russinovich, the author of these tools is extremely knowledgeable about Windows internals. His blogs are well worth a read by anyone who is interested in inspecting the behaviour of their system at a low-level and give invaluable insights into the process of tracing faults.

As for some malware writer hijacking the name - that's life, I'm afraid.
August 26, 2010 7:02:31 PM

Quote:
However since the Microsoft acquisition, none of the utilities currently available is accompanied with source code, and the Linux versions are no longer maintained or available.


Hello, ijack: Thanks for the quick reply. The Wikipedia passage above is where I got my reference to Linux, and as to the name being used on the 'AV', I thought the mal-clowns doctored the names just a bit so they would be easily misread as legit except when read attentively; I was fooled by not only the correct spelling, but also the capital 'S'. Live and learn, I guess.

M$ must be doing something right, or wouldn't Mark R. have taken his skills elsewhere....I will look up the blogs you mentioned.

So, the tools are as claimed; I guess the rest of the Suite is as good? I think it's only about 12MB, and I have plenty of room, so Why Not. My XP Pro/MCE sp3 needs almost ten minutes (probably double or more what it was when the comp was bequeathed to me) to boot to where the home page responds correctly to the scroll wheel, and I want to get to the bottom of it. With any luck I'll be able to post in a few days and relate something instead of ask about it. Thanks very much.

GSG
October 1, 2010 1:35:58 AM

A bit dated of a thread, but I found it on a search and felt obliged to add my two cents for anyone searching in the future.

Mark Russinovich and Bryce Cogswell (look closely and you'll see he's the unsung co-author of many of the tools) headed a company called Winternals. Sysinternals was their 'personal' side project. M$ acquired Winternals and Sysinternals came along for the ride.

I agree with ijack that M$ getting Sysinternals and Mark and Bryce has been a positive thing. I could be wrong, but it seems like development of the Sysinternals tools has sped up, while the spirit of the tools remains unchanged.

The source code was never available for most of the tools, at least not for at least few years before M$ even started sniffing around. There were a couple that did have the source code that no longer do. For example, Ctrl2cap originally had the source code published and the verbage describing it positioned it more as guide for how to write kernal-mode drivers. Now if you read it the wording has changed and it is touted as an ever-useful utility that turns the caps lock key into a control key, a must for any old school UNIX junkie! Umm... yeah.

Like ijack said, Sysinternals has never had any UNIX or Linux tool; it has always been dedicated to Windows tools. I imagine what creates the confusion is that many of the Sysinternals tools bring similar functionality of some *nix tools to Windows. Even to the degree that some are named similarly.

Not every tool would be useful to the home user, not even the curious home user. But there is a long list of the ones that are; Procexp and Procmon are just the tip of the iceberg!

I do have a bit of a correction though. The bulk of the upgrades in Task Manager came with the release of the Windows 6 code base (Vista and Server 2008) BEFORE Sysinternals was acquired by M$. Perhaps some engineers were inspired by the functionality of Process Monitor and decided to improve Task Manger, but it happened independently. While the improvement Task Manager is greatly appreciated (by me at least,) it still is missing most of the things that makes Procexp so useful.
October 1, 2010 3:46:57 AM

From my 8-26-2010 post: "With any luck I'll be able to post in a few days and relate something instead of ask about it."
Guess I didn't make it.

Thanks, by the way, to acray for the 'two cents'....they're good ones.

I did download the entire Sysinternals suite, and tried immediately to have ProcExp reveal my boot-delay culprit/s, but it was unable (or not yet configured?) to override the startup processes(?); by the time PE presented itself, the objectionably-long bootup had pretty much completed, and there was no indication of whatever program might have been hogging resources.

Taking the time to observe, rather than just powering up, walking away and expecting to come back to a fully active computer, I noticed that the Desktop (icons display) was complete in less than three minutes, so the problem had to be Internet Explorer, right? Having already performed a bunch of speed-up-your-computer rituals, I decided to switch from IE8 to Firefox (v.3.5.x at that time); that shaved over two minutes right off the bat. Within days, though, I was prompted to update to the latest FF (3.6.10, I think) and figured, why not?

The long bootups returned, except this time with message boxes about Unresponsive Scripts (mostly Java-based) that freeze the computer until you click on what you want done about it. Don't need the nuisance, and searched for a remedy; wound up in about.config and extended some runtime from 10 to 20 and that seems to have done the job. Bootup still takes about six minutes, but it's better than ten. [Sorry about all the off-topic; it was supposed to be just a quick BTW].

Back to Sysinternals, etc.; If I understood what acray wrote, then my XP-based Task Manager is lacking the improvements present in the Vista/etc. version. It would seem desirable to substitute PE for TM in the right-click popup, but I think I read about problems reversing that action later. Anything to that?

GSG
!