SysInternals – ProcExp

If there was one of these tools that would make you drool, then this would be it. ProcExp is a process explorer that gives you all sorts of details about the jobs running on your system. After running it the first time, right click on the column bars and pick “Select Columns”, then add a few more useful columns. The most useful of these would be Path, which shows the disk location the exe or dll launched from. Version is also useful, you may find more that have meaning for you.[Picture of ProcMon basic view.]

Next, select View, Show Lower Pane. Then select View, Lower Pane View, and pick DLLs. OK, now here’s something really cool, especially for you .Net developers. See the image above, there are two processes that are highlighted in yellow. The yellow (and these colors are customizeable) indicates this is a .Net application. You can see I have two .Net apps, RSSBandit and PaintDotNet. Click on one of the yellow bars (in this case I picked PaintDotNet). You’ll see the lower pane populate, as in the picture below.

[Pic of ProcMon with it's lower panel showing some useful information.]

What you are seeing is a long list of all the DLLs loaded by your app. Way cool huh? You can see all the dependencies needed by your (or someone elses) program. Cool, but there’s more! Double click on the app line (again, the yellow line with PaintDotNet).

[Pic of dialog showing more information about the application you clicked on.]

You can see a new dialog with detailed info about the program. You can kill off the program, or bring it to the foreground. There’s lots of tabs you can click on, I’ll highlight a couple of the most useful ones. Click on the Performance Graph tab.

[Picture: Try not to drool as you look at this useful graph.]

This produces graphs similar to the ones Task Manager gives you, only this is targeted at just this particular app. Great tool for monitoring your program, looking at memory usage, CPU usage, etc. The Performance tab gives you similar information, only in a textual view.

Now go click on the .Net tab. You can see a list of the AppDomains. Click on the drop down (shown below) and you can see a list of the various performance counters you can view.

[Picture: Your like a kid at Christmas as you look over all the stats you can dig out of your .Net app.]

Lots of great info in this area, below I’ve pasted the Memory stats, just to give you an idea.

[Picture: Shows you just how much memory your app really needs.]

There’s more info to be found here than I can describe in this brief blog post. Take some time, dive in and look around. This tool can really assist you in determining the impact your application will have on the target system.

SysInternals – Two Monitor Programs

Nov. 9th Update:Microsoft has completed the merger of SysInternals into it’s internal TechNet area. Along with that they’ve renamed the old Process Monitor to Process Explorer. They have a new Process Monitor tool that combines the functionality of the two tools I mention below. Both tools below are still available, but you should also take a look at the new Process Monitor to see if it will better suit your needs.

How many times have you watched your hard drive light flicker and wondered “What the heck is banging my hard disk?” Well FileMon will help you figure this out. FileMon simply displays all the applications that are accessing your drives.

[Picture of FileMon.]

As you can see in the sample above, you can monitor all the items that are reading and writing to your disks. You can use filters in case there’s a particular program or programs you are interested in. The filters are nice in that you can use either includes (I only want to see…) or excludes (I want to see everything but…). Additionally you can save the output to a log so you can analyze it later.

Along the same lines is RegMon. RegMon is a Registry Monitor that will give you info on what is accessing your registry. Like FileMon there are filters and logging capability.

[Picture of RegMon.]

Two great monitoring tools to help you with debugging, and like all the SysInternals tools, free for the taking.


We interrupt this blog with a brief message of flagrant self promotion… On Thursday, November 9th at 6:30 p.m. I will be giving a presentation to the Birmingham Software Developer’s Association ( My presentation will focus on the tools I’ve been talking about in this blog. There will also be some hardware mentioned, my talk is designed to get you to think about ways to make your life as a developer or power user easier.

Consider this an open invitation to everyone to come on out and see me speak. See the website referenced above for directions and locations. Hope to see you there!

Robert (aka Arcane Code)

SysInternals – BgInfo

I work in a lot of Virtual PCs and remotely controlled pc’s via Remote Desktop. It’s gets confusing at times determining which PC I’m working in, especially when I step away for more coffee/hot tea or am interrupted.

BgInfo has really helped with this issue. It takes your current desktop (in my example I just have a plain black background) and overlays current system info, as is seen on my desktop below.

[Picture of my desktop with BgInfo's information on it.]

You can pick and choose the details you want to display, and reorder them in any order you want, using the interface.

[Picture of BgInfo's configuration screen.]

You can also configure BgInfo to run at every startup, or launch it at your convienience. In my normal day to day setup I selected half a dozen of the most useful items to display, but for my example above I left everything in.

Again, a very useful tool if you are in and out of virtual or remotely controlled machines every day.

SysInternals – Contig

Along the same lines as PageDefrag is Contig. Contig is a command line utility that will allow you to defrag a single file or group of files, instead of having to defragment your entire disk. Here’s the command line help:

Contig v1.53 - Makes files contiguous
Copyright (C) 1998-2006 Mark Russinovich Sysinternals -

Contig is a utility that relies on NT's built-in defragging support to make a specified file contiguous on disk. Use it to optimize execution of your frequently used files.
contig [-v] [-a] [-s] [-q] [existing file]
or contig [-v] -n [new file] [new file length]
-v: Verbose
-a: Analyze fragmentation
-q: Quiet mode
-s: Recurse subdirectories

Usage is pretty simple, just type in Contig followed by the file (or file spec, such as *.mdb) you wish to defragment. This can be useful if you have some larger database files or other files to process that are running slowly. Use contig prior to running your large jobs and you’ll see a nice speed boost.

Also useful if you just want to see if your file is fragmented, just add the –a switch prior to the file name and it will tell you how many pieces your file is fragmented into.

Note, with all these tools you use at your own risk. Always make sure to backup important files prior to running any of these tools on them.

SysInternals – PageDefragmentor

Next up is another startup tool, PageDefrag. As we all know, Windows relies heavily on it’s PageFile.Sys to manage memory. When your pagefile gets fragmented, performance can really take a hit.

Page Defrag will let you tell windows to defrag your system files the next time you boot, or everytime you boot. As you can see below my pagefile is not fragmented, but you might be surprised by yours. Give it a try, you might be startled at the performance boost you get.

[Picture of PageDefrags user interface.]


Scott Hanselman ( recently got with Carl Franklin ( on Dot Net Rocks Episode 35 ( for an hour long presentation on the great tools from SysInternals (

SysInternals is a collection of freeware tools that allows you to extract some really great info from the Windows OS, or adds some nifty extra utilities. If you don’t have an hour to invest right now, or are bandwidth impaired, I thought it’d be useful to spend a few blog posts talking about these tools.

One great feature of all the SysInternals tools is that none of them require installation. They can all be run without leaving footprints on the host system. I keep them on my USB thumb drive, so I can quickly and easily diagnose issues on users PCs.

A quick note, the parent company of SysInternals is WinTernals. WinTernals was recently purchased by Microsoft (shows you how cool the tools were). Soon many of the WinTernals / SysInternals tools will have Microsoft labels on them. Microsoft has pledged that SysInternals tools will continue to be free. Check the SysInternals blog for updates on the tools as time goes by.

To start things off, we’ll talk about a tool that helps you with your computer’s start up. Autoruns lets you examine everything that your computer launches. You can look at everything at once, or handy tabs let you look at it by category.

[Picture of AutoRuns user interface.]

Clicking on an item will populate the window with info about that item:

[Picture of the information area of the window.]

Want to learn more about an item? Right click on it, and select Google from the menu. Autoruns will launch a Google search in your browser of choice on the program in question, letting you learn more about it, to determine if you actually need this piece of software to load in your system.

If you decide you don’t want it, simply uncheck the box. Next time you boot that particular software won’t load. Discover you need it? No problem, simply launch Autoruns again and check it on, reboot and all is well. Autoruns preserves all of the settings you had on the auto launch so it can easily be restored.

If you happen to have the SysInternals Process Explorer tool (I’ll blog about this shortly) you can actually see how much memory, etc. the particular item is taking up.

I like this tool, it’s simple, and focuses on one thing, controlling what starts automatically on your pc. Easy to use, and it’s free!

.Net University

Over the previous weekend I attended Alabama Code Camp III down in Montgomery Alabama. A big thanks to the Montgomery group for a job well done!

While there I attended .Net University ( .Net U is a brand new program from Microsoft designed so that local developers can train their peers on the core components of the 3.0 .Net Framework. I attended four sessions, and got a terrific overview of the new features.

After completing the courses, I received a certificate of completion and a nifty t-shirt. Not only did I get to attend, but I was in the very first .Net U class in the country! Check out the Alumni page ( at the bottom is a pic of our class. (I’m almost dead center, standing directly in front of the big U (not the U in University, the U at the right end of the banner). I look like I have horns coming out of my head.)

If you get a chance to attend an upcoming .Net U, I encourage you to do so, gives you a great opportunity to get caught up on the new Framework features. One not near you? Put one on. All the materials you need are on the site, along with a contact link to get in touch with Microsoft.