Home Upgrade Search Memberlist Extras Hacker Tools Award Goals Help Wiki Contact

HF Rulez the UniverseHF Rulez the Universe
BiNBo
The Church Of Stanley
Windows Sysint Sysinternals White Hat Systems Administration Endpoint Monitoring Process Explorer FileMon RegMon

Introduction to Sysinternals

Posted Oct 11, 2023 10:37 PM
Welcome To SysInternals Utilities

Welcome to the world of Windows Sysinternals, a powerful suite of utilities that has become an indispensable resource for system administrators, IT professionals, and curious Windows enthusiasts alike. Sysinternals is a collection of free system utilities designed to help IT professionals manage, troubleshoot, and diagnose their Windows systems and applications.

The tools were created by Mark Russinovich in 1996 and have long since been acquired by Microsoft. The suite includes over 70 distinct utilities, including Process Explorer, FileMon, RegMon, and more. These tools are widely used by IT professionals and developers to manage and optimize their systems. In this blog post, we'll delve into the fascinating realm of Sysinternals, exploring its array of invaluable tools and how it can empower you to effectively manage, troubleshoot, and optimize your Windows environment!

Downloading and Installing

Throughout our overview, we will be covering the local versions of SysInternals that can be downloaded, and not the web-based versions. Because SysInternals is an official Microsoft offering, finding a safe and verifiable link is nice and easy. To install the full suite (which this guide will assume is what you're doing) you'll simply need to go to the following link:

https://docs.microsoft.com/en-us/sysinte...downloads/

From there, the first option in the list will provide you with the entire suite of tools. It will download as a .zip file, which if you're following this guide you'll want to extract the contents of into the path, C:\Tools\SysInt which if it does not already exist, will be created automatically if set as the path upon extraction. You can also freely create these directories on your own. After the files have been extracted, you can optionally add the folder path to the environment variables. Doing this will enable you to launch the tools via the command line without having to navigate to the directory the tools are located in beforehand.

Environment Variables can be edited from the System Properties. If you aren't sure how to get to the System Properties menu, simply launch a command line and run the command sysdm.cpl and once in the menu, select the Advanced tab at the top as shown, then selecting environment variables.

[Image: Sys-Int-Install.png]

Once inside the Environment Variables menu, You're going to first select the, "Path" variable under System Variables (not user variables) and then click edit.

[Image: Sys-Int-Install-1.png]

From this sub-menu, you're going to click on new and in the field input the path to your directory in which you extracted the SysInternals suite, if you've been following alongside then it'll be, "C:\Tools\SysInt" (without the quotes).

What all is included?

The SysInternals suite includes over 70 tools and utilities from Microsoft that can be used to manage, troubleshoot, diagnose, and monitor Windows systems and their applications. This suite includes tools for a variety of tasks, including:
  • File and Disk management, monitoring and performance.
  • Network troubleshooting and activity monitoring.
  • Process monitoring and troubleshooting.
  • Security permissions management, malware detection, and incident investigation.
  • System Information gathering tools for hardware, software, and configuration.
  • And other useful miscellaneous utilities for various uses such as Strings, which extracts text strings from files.

To go over all of the SysInternals tools would take up far more time and space than we're really looking to here in this article. However, I will go over some of the most important tools in the SysInternals suite, their functions, and some example use cases.

The 5 Most Important Tools

Process Explorer
Process Explorer is a powerful tool for monitoring and troubleshooting running processes. It provides detailed information about each process, including its CPU and memory usage, its parent and child processes, and the DLL files it has loaded. Process Explorer also allows you to see which processes have opened files and handles, and to terminate processes if necessary.

[Image: Process-Explorer_1.png]

Process Monitor
Alongside Process Explorer, Process Monitor is a real-time system monitor that displays all system activity, including file and registry access, process and thread activity, and network activity. Process Monitor can be used to troubleshoot a wide variety of problems, such as application crashes, performance issues, and security incidents.

[Image: ?u=http%3A%2F%2Fimg.creativemark.co.uk%2...ipo=images]

TCPView
TCPView is a network monitoring tool that provides real-time information about active network connections, both incoming and outgoing. It offers details about the remote addresses, local ports, and the status of connections.

[Image: tcpview.png]

Autoruns
Autoruns is a utility that shows you all the programs and services that are configured to start up automatically when your system boots and you log in. Autoruns can be used to identify bloatware and other programs that you don't want to start up automatically, and to disable them.

[Image: AutoRuns_1.png]

Disk2vhd
Disk2vhd is a utility designed for creating virtual hard disk (VHD) files from physical disks. This tool is particularly useful for migrating physical servers to virtual environments or creating backup snapshots of system disks. IT administrators can employ Disk2vhd to convert physical servers into virtual machines or create disk images for disaster recovery purposes.

[Image: Disk2vhd.png]


Conclusion

SysInternals is a powerful suite of tools that can be used to troubleshoot, diagnose, and monitor Windows systems and their applications. The suite includes tools for a wide variety of tasks, including file and disk management, networking, process monitoring, security, and system information.

They're valuable tools for any IT professional, but it can also be useful for home users who want to troubleshoot their own systems. The tools are well-documented and easy to use, even for beginners. If you are a Windows user, I highly recommend downloading and installing the SysInternals suite. It is a free and essential tool for anyone who wants to get the most out of their Windows system.