Presentation is loading. Please wait.

Presentation is loading. Please wait.

sysinternals demo sysinternals.

Published byLester Gibbs Modified over 9 years ago

Similar presentations

Presentation on theme: "sysinternals demo sysinternals."— Presentation transcript:

1

2

3

4 sysinternals

5

6

7

8

9

10

11

12 demo

13 sysinternals

14

15 demo

16 sysinternals

17

18 ProcDump command line syntax

19 Which process to monitor and target dump file….

20 ProcDump command line syntax procdump [-c percent [-u]] [-s n] [-n count] [-m commit] [-h] [-e [1] [-b]] [-t] [-p counter threshold] [-ma | -mp] [-r] [-o] [-64] { {processname | PID} [dumpfile] | -x {imagefile} {dumpfile} [arguments] } Dump criteria…

21 ProcDump command line syntax procdump [-c percent [-u]] [-s n] [-n count] [-m commit] [-h] [-e [1]] [-t] [-p counter threshold] [-ma | -mp] [-r] [-o] [-64] { {processname | PID} [dumpfile] | -x {imagefile} {dumpfile} [arguments] } How to dump the process state…

22 demo

23 sysinternals

24

25

26 demo

27 sysinternals

28

29 demo

30 sysinternals

31

32

33 bonus tracks

34

35 Autoruns command line syntax

36

37 OptionDescription -cPrint output as CSV. -xPrint output as XML. -vVerify digital signatures. -mHide Microsoft entries. -z systemroot userprofileSpecifies the offline system to scan userSpecifies the name of the user account for which autostart entries will be shown. Autostart types -aShow all entries. -bShow boot execute entries. -dShow Appinit DLLs. -eShow Explorer addons. -gShow Sidebar gadgets (Vista and higher). -hShow Image hijacks. -iShow Internet Explorer addons. -kShow Known DLLs. -lShow Logon autostart entries (this is the default). -nShow Winsock protocol and network providers. -oShow Codecs. -pShow Print monitor DLLs. -rShow LSA security providers. -sShow services and drivers. -tShow Scheduled Tasks. -wShow Winlogon entries.

38

39 OptionDescription Target Process and Dump File processnameName of the target process. Must be unique instance and already running. PIDProcess ID of the target process. dumpfileName of dump file. Optional if process is already running; required if using –x. -xStart the target process, using imagefile and command line arguments. imagefileName of executable file to launch. argumentsOptional command line arguments to pass to new process. Dump Criteria -c percentCPU usage above which to capture a dump. -uUsed with –c to scale threshold against number of CPUs present. -s n Used with –c, sets duration of high CPU usage to trigger a dump. Used with –p, sets duration of a performance counter threshold exceeded to trigger a dump. Used with –n and no other dump criteria, dumps process every n seconds. -n countUsed with –c, –s or –p, specifies number of dumps to capture. -m commitSpecifies commit charge limit in MB at which to capture a dump. -hCapture a dump when a hung window is detected. -eCapture a dump when an unhandled exception occurs. If followed with 1, also captures a dump on a first-chance exception. -bUsed with –e, treats breakpoints as exceptions. Otherwise it ignores them. -tCapture a dump when the process terminates. -p counter thresholdCaptures a dump when the named performance counter exceeds the threshold. Dump File Options -maInclude all process memory in the dump. -mp“Miniplus”: creates the equivalent of a full dump but with large allocations omitted. -rReflect (clone) the process for the dump to minimize the time the process is suspended. (Requires Windows 7 or Windows Server 2008 R2 or higher.) -oOverwrite an existing dump file. -64Create a 64-bit dump of the target process. (x64 editions of Windows only.)

40 OptionDescription Object Type -dObject name represents a container; report permissions on that object rather than on its contents -kObject name represents a registry key -cObject name represents a Windows service -pObject name is the PID or (partial) name of a process -fUsed with –p, shows full process token information for specified process -oObject name represents an object in the Windows object manager namespace -t Used with –o, -t type specifies the object type Used with –p, reports permissions for the process’ threads -aObject name represents an account right Searching for Access Rights -sRecurse container hierarchy -nShow only objects that grant no access (usually used with user-or-group) -wShow only objects that grant Write access -rShow only objects that grant Read access -eShow only objects that have explicitly set integrity levels (Vista and higher) Output -lShows Access Control List (ACL) rather than effective permissions -uSuppress errors -vVerbose -qQuiet (suppresses banner)

41

42 www.microsoft.com/teched Sessions On-Demand & CommunityMicrosoft Certification & Training Resources Resources for IT ProfessionalsResources for Developers www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn http://northamerica.msteched.com Connect. Share. Discuss.

43

44 Scan the Tag to evaluate this session now on myTechEd Mobile

45

46

Download ppt "sysinternals demo sysinternals."

Similar presentations

WSV405. IPv6 Ready Logo Program www.ipv6ready.org.

WSV405. IPv6 Ready Logo Program
WSV302. Source: analyst-reports/2009-forrester-storage-choices -virtual-server.pdf.

WSV302. Source: analyst-reports/2009-forrester-storage-choices -virtual-server.pdf.
WCL211. A specialized Windows product portfolio. Licensing adapted to meet embedded scenarios. Supported by a specialized partner ecosystem Distributors.

WCL211. A specialized Windows product portfolio. Licensing adapted to meet embedded scenarios. Supported by a specialized partner ecosystem Distributors.
WSV304 Manual Deployment High cost Fully Automated Low cost.

WSV304 Manual Deployment High cost Fully Automated Low cost.
OSP303. demo Status Bar Notification.

OSP303. demo Status Bar Notification.
SIM344. 2 Separate solution install paths can be taken, stand alone and SCOM integrated. Both require core AVIcode web apps and DB’s.

SIM Separate solution install paths can be taken, stand alone and SCOM integrated. Both require core AVIcode web apps and DB’s.
DBI331. Cube Measure Group Measure Partition Cube Dimension Dimension Attribute Relationship Hierarchy Level Cube Attribute Cube Hierarchy Measure.

DBI331. Cube Measure Group Measure Partition Cube Dimension Dimension Attribute Relationship Hierarchy Level Cube Attribute Cube Hierarchy Measure.
DBI209 demo Deploy & Future Proof Monitor & Manage Share & Collaborate Mash-up & Analyze Connect & ProvisionFind & Access.

DBI209 demo Deploy & Future Proof Monitor & Manage Share & Collaborate Mash-up & Analyze Connect & ProvisionFind & Access.
DBI330. Use the SSRS Execution Log, capture SSAS trace Look for peak times Gather workload usage How many more users? Double estimate just in.

DBI330. Use the SSRS Execution Log, capture SSAS trace Look for peak times Gather workload usage How many more users? Double estimate just in.
OSP203. Customer’s Need …is a continuous process of managing the life of an application through governance, development and maintenance.

OSP203. Customer’s Need …is a continuous process of managing the life of an application through governance, development and maintenance.
DEV309.

DEV309.
SIM346. General information about the software application.

SIM346. General information about the software application.
WCL306. David Smith Technical Support Center, UMC Health System “This toolset enables us to restore clients instantly without rebuilding them - saving.

WCL306. David Smith Technical Support Center, UMC Health System “This toolset enables us to restore clients instantly without rebuilding them - saving.
DEV207. SSDT Database Services Database Services Analysis Services Reporting Services Integration Services.

DEV207. SSDT Database Services Database Services Analysis Services Reporting Services Integration Services.
DEV314. Entity Data Model demo Entity Data Model.

DEV314. Entity Data Model demo Entity Data Model.
OSP202. Business Need Business Creates Application DeploySupport The SharePoint Application Lifecycle Business Self-Service.

OSP202. Business Need Business Creates Application DeploySupport The SharePoint Application Lifecycle Business Self-Service.
DEV202 Before I get started... …is too expensive. …is too complex. …requires a server.

DEV202 Before I get started... …is too expensive. …is too complex. …requires a server.
WSV314. MAP 5.5 Internet ExplorerWindows 7 Software Usage Tracking Heterogeneous Server & Database Inventory Windows Server 2008 R2 Hyper-V SQL Server.

WSV314. MAP 5.5 Internet ExplorerWindows 7 Software Usage Tracking Heterogeneous Server & Database Inventory Windows Server 2008 R2 Hyper-V SQL Server.
WCL309. Demo.

WCL309. Demo.
SIM329. Certificate Enrollment Without CEP/CES Certificate Authority Active Directory Client Workstations 3 4 1 2 LDAP RPC/DCOM.

SIM329. Certificate Enrollment Without CEP/CES Certificate Authority Active Directory Client Workstations LDAP RPC/DCOM.

Similar presentations

Ads by Google