Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Well we were rummaging around in our collective tool box and we came up with the following:
FILEMON – Used for tracking down which processes are accessing particular files or particular drives on your system.
https://www.sysinternals.com/Utilities/Filemon.html
KERNRATE – Very useful for tracking down (right down to the line of code) which module in a usermode process or system driver is causing high CPU usage on a machine.
https://www.microsoft.com/downloads/details.aspx?FamilyID=d6e95259-8d9d-4c22-89c4-fad382eddcd1&DisplayLang=en
Example
‘General kernel sampling to determine which driver is consuming CPU cycles on a specific CPU
kernrate –m 0x1
‘Zoom in on a particular module that is shown as consuming a high number of cycles from the general kernel sampling. Note: symbol path is needed to resolve function names
kernrate –z foodriver –z ntdll –j srv*c:\symbols*https://msdl.microsoft.com/download/symbols
‘General usermode sampling on a particular process (using the PID) to see which modules are consuming CPU cycles
kernrate –p 1234
‘Zoom in on a particular module that is shown as consuming a high number of cycles in a particular usermode process. Note: symbol path is needed to resolve function names
kernrate –z foomodule –z ntdll –j srv*c:\symbols*https://msdl.microsoft.com/download/symbols
LOGMAN – Command line performance log creation / management
Ships with Windows.
Example:
‘create a binary circular perf log on SERVERNAME that can grow up to 300MB, logging every 3 seconds and using counters from counters.config on a UNC share
logman create counter <LOGFILE NAME> -s SERVERNAME -f bincirc -max 300 -si 3 --v -o "e:\perflogs\<LOGFILE NAME>" –cf "\\<your_server_name>\Performance\PerflogCollection\counters.config"
‘start the log on SERVERNAME
logman start <LOGFILE NAME> -s SERVERNAME
NETCAP + NETMON – Useful command line tool to interface and automate netmon captures.
https://support.microsoft.com/?id=310875
PROCESS EXPLORER – Useful for looking at a processes dependencies and any open handles a process has. Handy in cases where a file is in use, and you’re not sure what’s still holding on to it.
https://www.sysinternals.com/Utilities/ProcessExplorer.html
PSEXEC – Used to spawn processes (such as cmd.exe) on remote servers
https://www.sysinternals.com/utilities/psexec.html
Example:
‘Open up a cmd.exe process on a remote server for command line access
Psexec \\servername cmd.exe
REGMON – Same as FILEMON except for the registry. Useful for hunting down config keys that a process may be using, or understanding registry access behaviors.
https://www.sysinternals.com/Utilities/Regmon.html
ROBOCOPY – Very “robust” file copy tool for mirroring data trees in restartable mode
W2K3 Resource Kit: https://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
Example:
mirror c:\foo to d:\foo, copying security attributes, in restartable mode with a maximum of 10 retry attempts if the destination become unavailable
Robocopy c:\foo d:\foo *.* /MIR /SEC /Z /R:10
SCHTASKS.EXE – used for managing scheduled tasks.
Ships with Windows.
Example:
‘ Create a job named JOBNAME that runs “cscript \\server\unc\script.vbs” at 5:00AM every day on SERVERNAME machine
schtasks /CREATE /F /TN JOBNAME /TR “cscript \\server\unc\script.vbs" /ST 05:00 /SC DAILY /S SERVERNAME
SSLDIAG – used for troubleshooting SSL cert issues on an IIS server. Will quickly point out any problems with the SSL configuration (IIS config, cert problem, cert store problem)