SysInternals – The New Process Monitor

Just when I thought I was done talking about the SysInternals tools, Microsoft finally integrates them into their TechNet site and makes some changes. I’ve already mentioned a few in my last post, in this one I wanted to take a quick look at the new ProcMon.

Available at http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/processmonitor.mspx, the new Process Monitor (ProcMon) replaces two older tools, FileMon and RegMon. It will keep an eye on all disk activity, whether it be on the drive or the registry. In the example below you can see what’s going on in my system as I write this. For example, I have WinAmp playing a recent DotNetRocks episode.

[Picture of Process Montiors main UI.]

One feature I rather like is the Process Tree, under the Tools menu.

[Process Monitors Process Tree]

Here you can see some of the many programs I have running. All I have to do is click on one of them then click the Go To Event button and it will take me right to the event. Three buttons on the main toolbar make it very easy to filter down to the events you want to see.

[Handy tools in the ProcMon Toolbar.]

The leftmost button turns registry events on or off. The middle button shows or hides file system activity. The right most button toggles the display of process / thread activity. Other filters allow you to narrow down to specific files or events you want to monitor.

I like the new version of this tool, lots of new features that make me prefer this to the older FileMon/RegMon tools, which are still available if you want to do your own comparisons.

SysInternals – Update – Microsoft Merger Complete

Since I began my posts on SysInternals, I’ve found they have now gone completely Microsoft. The SysInternals URL now redirects you to a Microsoft TechNet page, http://www.microsoft.com/technet/sysinternals/default.mspx. All of the tools seem to be there, with a few minor changes.

The Process Monitor (ProcMon) tool has been renamed to Process Explorer. Other than that, it still seems to have the same capabilities, and they’ve made sure it works on Vista and the 64 bit Windows platforms.

Update: Seems I got confused over tool names, Process Explorer was always Process Explorer and not ProcMon. That’s what I get for writing blog posts at 2 am. Except for getting names confused, all the other details I point out are still accurate, good tools well worth the look.  Oh, and ProcExp does work on the Vista (32 and 64 bit versions).

There’s a new tool called Process Monitor that replaces the older FileMon and RegMon tools (although both of them are still available). The new ProcMon seems to give much the same info in a unified user interface. I admit it is nice to have all the info in one screen.

Take a look over the tools and feel free to post comments below on how you feel about the new features and the Microsoft revamp of the tools.

SysInternals – ZoomIt

The last tool I am going to present in this series (although certainly not the last tool available from SysInternals) is called ZoomIt. Zoom it allows you to zoom in on certain areas of the screen with one quick hit of a hotkey. The hotkeys are configurable, as you can see in the options dialog below.

[Picture of ZoomIt Option Dialog]

Once you activate the zoom, you can use the up and down arrows to change the level of magnification. The ESC key will exit the zoom functionality. You can also use the Draw feature to Draw on the screen, great if you are doing a net meeting or demonstration and want to highlight something.

Primarily this utility comes in handy during demos and meetings, but I’ve also found it useful when working on images for my app and need to look at a detail or two. Also handy for documentation, I have used the Draw feature to draw on the screen, then used Print Screen to snag the image and send to someone, as in the example below.

[Demonstration of ZoomIt's Draw feature.]

So give it a try, drop me a comment and let me know what creative uses you come up with for this handy tool!

SysInternals – ProcExp

If there was one of these tools that would make you drool, then this would be it. ProcExp is a process explorer that gives you all sorts of details about the jobs running on your system. After running it the first time, right click on the column bars and pick “Select Columns”, then add a few more useful columns. The most useful of these would be Path, which shows the disk location the exe or dll launched from. Version is also useful, you may find more that have meaning for you.[Picture of ProcMon basic view.]

Next, select View, Show Lower Pane. Then select View, Lower Pane View, and pick DLLs. OK, now here’s something really cool, especially for you .Net developers. See the image above, there are two processes that are highlighted in yellow. The yellow (and these colors are customizeable) indicates this is a .Net application. You can see I have two .Net apps, RSSBandit and PaintDotNet. Click on one of the yellow bars (in this case I picked PaintDotNet). You’ll see the lower pane populate, as in the picture below.

[Pic of ProcMon with it's lower panel showing some useful information.]

What you are seeing is a long list of all the DLLs loaded by your app. Way cool huh? You can see all the dependencies needed by your (or someone elses) program. Cool, but there’s more! Double click on the app line (again, the yellow line with PaintDotNet).

[Pic of dialog showing more information about the application you clicked on.]

You can see a new dialog with detailed info about the program. You can kill off the program, or bring it to the foreground. There’s lots of tabs you can click on, I’ll highlight a couple of the most useful ones. Click on the Performance Graph tab.

[Picture: Try not to drool as you look at this useful graph.]

This produces graphs similar to the ones Task Manager gives you, only this is targeted at just this particular app. Great tool for monitoring your program, looking at memory usage, CPU usage, etc. The Performance tab gives you similar information, only in a textual view.

Now go click on the .Net tab. You can see a list of the AppDomains. Click on the drop down (shown below) and you can see a list of the various performance counters you can view.

[Picture: Your like a kid at Christmas as you look over all the stats you can dig out of your .Net app.]

Lots of great info in this area, below I’ve pasted the Memory stats, just to give you an idea.

[Picture: Shows you just how much memory your app really needs.]

There’s more info to be found here than I can describe in this brief blog post. Take some time, dive in and look around. This tool can really assist you in determining the impact your application will have on the target system.

SysInternals – Two Monitor Programs

Nov. 9th Update:Microsoft has completed the merger of SysInternals into it’s internal TechNet area. Along with that they’ve renamed the old Process Monitor to Process Explorer. They have a new Process Monitor tool that combines the functionality of the two tools I mention below. Both tools below are still available, but you should also take a look at the new Process Monitor to see if it will better suit your needs.


How many times have you watched your hard drive light flicker and wondered “What the heck is banging my hard disk?” Well FileMon will help you figure this out. FileMon simply displays all the applications that are accessing your drives.

[Picture of FileMon.]

As you can see in the sample above, you can monitor all the items that are reading and writing to your disks. You can use filters in case there’s a particular program or programs you are interested in. The filters are nice in that you can use either includes (I only want to see…) or excludes (I want to see everything but…). Additionally you can save the output to a log so you can analyze it later.

Along the same lines is RegMon. RegMon is a Registry Monitor that will give you info on what is accessing your registry. Like FileMon there are filters and logging capability.

[Picture of RegMon.]

Two great monitoring tools to help you with debugging, and like all the SysInternals tools, free for the taking.

BSDA

We interrupt this blog with a brief message of flagrant self promotion… On Thursday, November 9th at 6:30 p.m. I will be giving a presentation to the Birmingham Software Developer’s Association (http://www.bsda.info/). My presentation will focus on the tools I’ve been talking about in this blog. There will also be some hardware mentioned, my talk is designed to get you to think about ways to make your life as a developer or power user easier.

Consider this an open invitation to everyone to come on out and see me speak. See the website referenced above for directions and locations. Hope to see you there!

Robert (aka Arcane Code)

SysInternals – BgInfo

I work in a lot of Virtual PCs and remotely controlled pc’s via Remote Desktop. It’s gets confusing at times determining which PC I’m working in, especially when I step away for more coffee/hot tea or am interrupted.

BgInfo has really helped with this issue. It takes your current desktop (in my example I just have a plain black background) and overlays current system info, as is seen on my desktop below.

[Picture of my desktop with BgInfo's information on it.]

You can pick and choose the details you want to display, and reorder them in any order you want, using the interface.

[Picture of BgInfo's configuration screen.]

You can also configure BgInfo to run at every startup, or launch it at your convienience. In my normal day to day setup I selected half a dozen of the most useful items to display, but for my example above I left everything in.

Again, a very useful tool if you are in and out of virtual or remotely controlled machines every day.

SysInternals – Contig

Along the same lines as PageDefrag is Contig. Contig is a command line utility that will allow you to defrag a single file or group of files, instead of having to defragment your entire disk. Here’s the command line help:

Contig v1.53 - Makes files contiguous
Copyright (C) 1998-2006 Mark Russinovich Sysinternals - http://www.sysinternals.com

Contig is a utility that relies on NT's built-in defragging support to make a specified file contiguous on disk. Use it to optimize execution of your frequently used files.
Usage:
contig [-v] [-a] [-s] [-q] [existing file]
or contig [-v] -n [new file] [new file length]
-v: Verbose
-a: Analyze fragmentation
-q: Quiet mode
-s: Recurse subdirectories

Usage is pretty simple, just type in Contig followed by the file (or file spec, such as *.mdb) you wish to defragment. This can be useful if you have some larger database files or other files to process that are running slowly. Use contig prior to running your large jobs and you’ll see a nice speed boost.

Also useful if you just want to see if your file is fragmented, just add the –a switch prior to the file name and it will tell you how many pieces your file is fragmented into.

Note, with all these tools you use at your own risk. Always make sure to backup important files prior to running any of these tools on them.

SysInternals – PageDefragmentor

Next up is another startup tool, PageDefrag. As we all know, Windows relies heavily on it’s PageFile.Sys to manage memory. When your pagefile gets fragmented, performance can really take a hit.

Page Defrag will let you tell windows to defrag your system files the next time you boot, or everytime you boot. As you can see below my pagefile is not fragmented, but you might be surprised by yours. Give it a try, you might be startled at the performance boost you get.

[Picture of PageDefrags user interface.]

SysInternals

Scott Hanselman (http://www.hanselman.com/blog/) recently got with Carl Franklin (http://www.intellectualhedonism.com/) on Dot Net Rocks Episode 35 (http://www.dnrtv.com/default.aspx?showID=35) for an hour long presentation on the great tools from SysInternals (http://www.sysinternals.com/).

SysInternals is a collection of freeware tools that allows you to extract some really great info from the Windows OS, or adds some nifty extra utilities. If you don’t have an hour to invest right now, or are bandwidth impaired, I thought it’d be useful to spend a few blog posts talking about these tools.

One great feature of all the SysInternals tools is that none of them require installation. They can all be run without leaving footprints on the host system. I keep them on my USB thumb drive, so I can quickly and easily diagnose issues on users PCs.

A quick note, the parent company of SysInternals is WinTernals. WinTernals was recently purchased by Microsoft (shows you how cool the tools were). Soon many of the WinTernals / SysInternals tools will have Microsoft labels on them. Microsoft has pledged that SysInternals tools will continue to be free. Check the SysInternals blog for updates on the tools as time goes by.

To start things off, we’ll talk about a tool that helps you with your computer’s start up. Autoruns lets you examine everything that your computer launches. You can look at everything at once, or handy tabs let you look at it by category.

[Picture of AutoRuns user interface.]

Clicking on an item will populate the window with info about that item:

[Picture of the information area of the window.]

Want to learn more about an item? Right click on it, and select Google from the menu. Autoruns will launch a Google search in your browser of choice on the program in question, letting you learn more about it, to determine if you actually need this piece of software to load in your system.

If you decide you don’t want it, simply uncheck the box. Next time you boot that particular software won’t load. Discover you need it? No problem, simply launch Autoruns again and check it on, reboot and all is well. Autoruns preserves all of the settings you had on the auto launch so it can easily be restored.

If you happen to have the SysInternals Process Explorer tool (I’ll blog about this shortly) you can actually see how much memory, etc. the particular item is taking up.

I like this tool, it’s simple, and focuses on one thing, controlling what starts automatically on your pc. Easy to use, and it’s free!

.Net University

Over the previous weekend I attended Alabama Code Camp III down in Montgomery Alabama. A big thanks to the Montgomery group for a job well done!

While there I attended .Net University (http://www.dotnet-u.com/). .Net U is a brand new program from Microsoft designed so that local developers can train their peers on the core components of the 3.0 .Net Framework. I attended four sessions, and got a terrific overview of the new features.

After completing the courses, I received a certificate of completion and a nifty t-shirt. Not only did I get to attend, but I was in the very first .Net U class in the country! Check out the Alumni page (http://www.dotnet-u.com/Alumni.aspx) at the bottom is a pic of our class. (I’m almost dead center, standing directly in front of the big U (not the U in University, the U at the right end of the banner). I look like I have horns coming out of my head.)

If you get a chance to attend an upcoming .Net U, I encourage you to do so, gives you a great opportunity to get caught up on the new Framework features. One not near you? Put one on. All the materials you need are on the site, along with a contact link to get in touch with Microsoft.

Inside the MSI

Have you ever needed, or wanted to see the list of files stored inside an MSI? When you wind up with a fair sized project, with a lot of third party components it’s not always clear what you need to deploy if you want to do a simple xcopy style deployment. I’ve found a tool though that makes it easy.

LessMSIerables, available from http://blogs.pingpoet.com/overflow/archive/2005/06/02/2449.aspx is a handy tool that will let you not only peer inside the contents of any MSI file, but extract the contents to a directory as well.

It’s a pretty simple interface, just use the button to the right of the File text box to load an MSI file, you can view in the table on the screen. Use the Extract button to pull all the files out to a directory, very handy for xcopy style distributions.

There are also ways to run this from the command line, great when doing automated builds. Go to the website to download it, as well as seeing full instructions.

Remote Desktop Connection

One of the coolest toys to ship with Windows XP is the Remote Desktop Connection tool. Let’s say you have a small home network, and like to take your laptop out on your deck and work under the sunny skies. However, much of what you need is on your desktop. You’d love to be able to control your desktop from your laptop. No problem!

For my example, we’ll assume you want to control your desktop from your laptop, but this will work with any two computers. First, you need the IP address of the computer you want to control. Walk up to your desktop, and open a command window (start, run, type in cmd and hit enter.) Now type in ipconfig and hit enter. After a moment some info will appear, look for the line that says “IP Address”. It will be four sets of numbers separated by periods, for example 192.168.0.7 . Jot this down on a piece of paper, then head out to your laptop.

On your laptop, bring up the Remote Desktop Connection tool (Start, All Programs, Accessories, Communications, Remote Desktop Connection). You’ll see a window like this:

Where it says Computer, type in the IP address you got a minute ago. Now, you could just hit the Connect button, but there’s probably a few options you can tweak that will make your experience nicer. First, click the Options >> button. The screen will now look like:

To save yourself a few minutes, you can go ahead and key in your user name and password you use to login to your remote computer, in this case your desktop.

Note, if your computer is part of a corporate domain (i.e. you are at work), you will probably be able to type in the name of your computer instead of it’s IP address. Just make sure to enter your Domain name in the domain box. You probably won’t be able to control your work computer from home though unless you hook up to your company network using a VPN (virtual private network). You’ll have to check with your individual company to see if this is possible and how it can be done.

Now click on the “Display” tab.

You can use the slider bar to adjust the size of your screen, in case you want something other than the full size screen. If you do want full screen, then leave set to full screen (all the way to the right) and click the Local Resources tab.

This has some options that will make your life easier. The one thing I’d suggest doing here is checking the “Disk Drives” box on. If you do this, if you bring up a “My Computer” window while controlling the desktop, it will show not only the hard drives for the desktop but for your laptop as well, allowing you to easily copy files from one computer to the other.

This is great for small files, but if you have larger files you may want to use a network share instead as it’s faster than using Remote Desktop.

Be warned though, you should trust the PC you are remoting to since this sets up a security vulnerability. If in our example a virus was running around on your desktop, by exposing your laptop’s drives your laptop could then get infected.

Finally, click on experience.

If you have a fast network, you can check everything on and get the full experience. If though you are truly controlling your desktop from somewhere else, as in the VPN I mentioned earlier, you may want to leave a few of these unchecked to make your work experience faster.

Even on a fast connection I typically leave it set to the settings you see above to get the maximum speed when I am VPNing to the office. At home though, controlling one computer from another I check everything on.

And that’s it, just click Connect, and you’ll should see your desktop’s computer appear on your screen. To exit, simply drag your mouse o the top middle of your display. A little yellow bar will pop down with the computer name and the usual X button over on the right to close the Remote Desktop Connection.

If you don’t get connected, there are a few trouble shooting things to look at:

  1. You must have administrative rights on the computer you are controlling, or be a member of the remote desktop users group.
  2. You must have a password on the remote computer, remote desktop won’t work if your password is empty.
  3. Your firewall may be blocking your access. If you are using the built in windows firewall, it sets to allow remote desktop. To get ZoneAlarm to work, set the security settings to Med. (Medium), and make sure to set the rights inside ZoneAlarm to let remote desktop send / receive data. (Open Zone Alarm, go to Program Control, scroll down to the entry for Remote Desktop Connection and make sure everything is checked on. )
  4. Confirm you have the correct IP address.

There you go, now you can sit out on your back deck and enjoy the sunny weather and still have the power of your monster desktop.

Virtual PC and Laptops

It’s been a crazy week here in the land of Arcane Code. Lots of traveling during a business trip, then the mad rush to take care of all the issues that arose while I was gone. I wanted to share a quick tip with you, now that you’ve had a chance to install and use Virtual PC.

If you run VPC on a laptop, as I do, you may have noticed some weird quirks especially when your laptop goes into Hibernate mode. Mostly the VPC becomes unresponsive, or in my case the main screen quits updating. Oddly enough the tiny icon window inside the VPC Console updates fine, but the big window doesn’t. Go figure.

Microsoft released a HotFix for this, but it didn’t get a lot of publicity. I found it buried in Virtual PC Guy’s weblog (http://blogs.msdn.com/virtual_pc_guy/archive/2006/07/13/662538.aspx). Since it’s brief I’ll regurgitate it here, in case you are a cautious type about link clicking.

I think the reason the hot fix is hard to find is because you already have it. Go back to the directory where you exploded the Virtual PC 2004 file. In addition to the Setup.exe, the MSI and INFs you’ll also find a directory called “Laptop Hotfix”.

In this directory is a text file that looks mostly like a license. However, at the top of the file is a link to the knowledge base article (http://support.microsoft.com/?kbid=889677) that describes a few of the nasties that this patch repairs.

What’s really important though is the MSP file. Just double click on it to install, and it should patch your system. If you are running a laptop, or regularly use the Hibernate or Standby features of your computer then you need to apply this patch.

I haven’t seen mention of this if you are running Virtual Server 2005, so perhaps they already included the fix there. If someone knows otherwise feel free to leave a comment.

Using and Tweaking Virtual PC

Once your Virtual PC is up and running, you may want to tweak a few of it’s settings. Let’s go over the menu options available to you.

Action Menu

This menu is fairly straight forward, and lets you initiate certain actions.

Full Screen Mode: Just what it says, shifts your OS into full screen mode.

Ctrl+Alt+Del: Sends the Ctrl+Alt+Delete sequence to the virtual OS instead of the host OS.

Pause: This places your OS into a stasis mode. This can be useful if your host system gets overloaded and you need to free up some resources. Note that it doesn’t close the window, merely suspends it.

Reset: This is the equivalent of yanking the power plug, then plugging it back in. You should only use this in extreme cases where your virtual OS is locked up.

Close: This brings up a small dialog window that asks if you wish to Save State or Turn Off. Turn Off is similar to Reset, in that it just stops whatever was going on and dumps the VPC from memory. Like Reset, you should only use this in extreme cases. Save State is very similar to the Hibernate mode in Windows, it puts the virtual OS into a suspended state.

Install or Update Virtual Machine Additions: This will install some very useful tools into your Virtual OS. These additions will make it easier to use the mouse (no more having to hit Right Alt to get your mouse out of the window). It will also allow you to share your host computers hard disks with the virtual computer. To the virtual computer they will appear as a network drive. If you use windows as a virtual OS, you’ll definitely want these additions. Be aware though that virtual additions also exist for many Linux distros.

Properties: Displays a four tabbed dialog that will give you info about your running virtual computer.

Edit Menu

Most of the items on the edit menu are pretty obvious. Copy, Paste, and Select All do just what they say. The real gem is Settings, which lets you tweak your VPC settings. I will focus on it shortly.

CD Menu

Your CD menu will vary depending on how many CD/DVD drives you have in your machine. All will start with Use Physical Drive and let you access your computers CD/DVD drive to do common tasks like load software or listen to your favorite tunes.

Also on the menu will be a Release Physical Drive for each drive you are using. When you no longer need the drive, you can click Release to free it up. There’s also an Eject CD option to pop the CD out without releasing use of the drive.

Capture ISO Image will let you take an ISO file, and treat it as if it were a real CD or DVD. This is quite useful for all those ISO images you wind up downloading from your MSDN subscription. (For those unfamiliar, an ISO is a CD or DVD disk image. You can use software such as Nero, Sonic, etc. to take the ISO and turn it into a CD full of files. )

BUG ALERT!!!! VPC has an issue with this Capture ISO Image command. There is a size limit of approximately 2 gig. If the ISO is bigger than that, VPC will fail but give you some really odd errors.

To get around this, in the host OS you can first mount the ISO like I describe in my September 13th blog post (https://arcanecode.wordpress.com/2006/09/13/virtualization/) then, using the machine additions, share the drive.

Floppy Menu

The commands under Floppy are almost identical to those in CD. I can’t recall the last time I used a Floppy, heck my last two computers don’t even have floppies, so I suspect this isn’t a command you’ll use much. But just in case, it’s there.

Help Menu

The Help menu has three commands, Virtual PC Help brings up the help file. Virtual PC Online takes you to the Microsoft site for VPC. Finally, About Virtual PC brings up a dialog displaying the version number and other info about the virtual environment.

That wraps up the menus, now let’s talk about Settings.

Settings

Accessible from either Edit, Settings or the Settings button on the Virtual PC Console, this dialog is where the real power resides to tweak your VPC. Let’s take a look at some of the more useful options.

File Name: Lets you rename the virtual machine. Sort of useless since you can do it from the OS, but what the heck.

Memory: This can be useful, in various ways. First, you can test your application to see how it performs under various memory conditions. Second, you may discover you’ve set your VPC too low. Finally, you may shift your VPC from one host computer to another, and the new host may not have as much ram (or more!).

Hard Disk 1..3: These will let you assign a virtual hard drive to a virtual computer. When you copy an existing VPC to create a new one, you’ll want to open up the settings and point to the new VHD, otherwise you’ll wind up still accessing the old one, which more than likely isn’t what you want.

Undo Disks: When enabled, this will write all changes you make to a VPC to an undo disk. When the session is over (i.e. you turn it off or reboot) you are asked if you want to commit your changes or discard. If you commit, your changes are placed into the VHD as you normally would without undo disks.

However, if you elect to discard, then the changes are thrown away. Your VPC is reset to the same condition it was when you first started. This is quite useful if you want to test install programs, to make sure everything installed correctly but don’t care about it after that. It’s also useful for training environments.

Networking: Under networking you can select which network card in your real, host computer to give the virtual machine access to. For example, my laptop has both wireless and wired networking, and through this option I can select which one to use (or I can select both). This mode is known as Virtual Networking.

In addition to Virtual Networking VPC also supports three other modes. Not Connected is pretty obvious, you are not allowing any network access. Local Only is used when you want to communicate with other virtual machines on the same host machine. This can be useful when you need a virtual pc to act as a client talking to a virtual server.

Finally, VPC has a mode called Shared networking (NAT). This is useful when you are using a dial up connection. Each VPC gets it’s address from a temporary, internal DHCP server. It then communicates to the internet via the host computer, which handles the network address translation. This is very similar to the way your home router talks to all of the computers on your home network.

Mouse: Once you install the machine additions, by default the mouse has pointer integration turned on. This is pretty simple, when you drag the mouse into the area of the window occupied by the VPC the mouse automatically is captured and used in the VPC. When you drag it out, it releases it.

There are a few cases where you may want to turn it off, such as when you are using a software KVM such as MaxiVista with it.

Shared Folders: Through shared folders you can access physical drives on your host computers environment. While this may seem quite convenient, you need to be careful. Opening up your host system to the virtual environment can present a security risk. If your virtual environment should get infected, that infection can spread to your host OS via the shared folders.

If you do choose to share folders (and sometimes you do need to), it will appear to your virtual OS to be a network drive. Normally this is no biggie, but be aware it can cause some trust issues with Visual Studio when attempting to open projects. I’ll post a fix for this later…

Tweak away

Hopefully now you have a good understanding of not only how to setup a Virtual Computer, but how to tweak the settings in VPC to make it do what you need. Don’t be afraid to experiment, change some settings and see what effect it has! (Just be sure to back up first!)