Mark Russinovich is a Technical Fellow in the Windows Azure group at Microsoft. He is co-creator of the Sysinternals tools and website; coauthor of the classic Windows Internals, currently in its fifth edition, and a highly regarded expert on Windows internals and computer security.
Aaron Margosis is a Principal Consultant with Microsoft Public Sector Services. He specializes in application development on Windows platforms, with a focus on security, least privilege, and compatibility in locked-down environments.
; Foreword; Introduction; Tools the Book Covers; The History of Sysinternals; Who Should Read This Book; Organization of This Book; Conventions and Features in This Book; System Requirements; Acknowledgments; Errata & Book Support; We Want to Hear from You; Stay in Touch; Getting Started; Chapter 1: Getting Started with the Sysinternals Utilities; 1.1 Overview of the Utilities; 1.2 The Windows Sysinternals Web Site; 1.3 Sysinternals License Information; Chapter 2: Windows Core Concepts; 2.1 Administrative Rights; 2.2 Processes, Threads, and Jobs; 2.3 User Mode and Kernel Mode; 2.4 Handles; 2.5 Call Stacks and Symbols; 2.6 Sessions, Window Stations, Desktops, and Window Messages; Usage Guide; Chapter 3: Process Explorer; 3.1 Procexp Overview; 3.2 Main Window; 3.3 DLLs and Handles; 3.4 Process Details; 3.5 Thread Details; 3.6 Verifying Image Signatures; 3.7 System Information; 3.8 Display Options; 3.9 Procexp as a Task Manager Replacement; 3.10 Miscellaneous Features; 3.11 Keyboard Shortcut Reference; Chapter 4: Process Monitor; 4.1 Getting Started with Procmon; 4.2 Events; 4.3 Filtering and Highlighting; 4.4 Process Tree; 4.5 Saving and Opening Procmon Traces; 4.6 Logging Boot, Post-Logoff, and Shutdown Activity; 4.7 Long-Running Traces and Controlling Log Sizes; 4.8 Importing and Exporting Configuration Settings; 4.9 Automating Procmon: Command-Line Options; 4.10 Analysis Tools; 4.11 Injecting Debug Output into Procmon Traces; 4.12 Toolbar Reference; Chapter 5: Autoruns; 5.1 Autoruns Fundamentals; 5.2 Autostart Categories; 5.3 Saving and Comparing Results; 5.4 AutorunsC; 5.5 Autoruns and Malware; Chapter 6: PsTools; 6.1 Common Features; 6.2 PsExec; 6.3 PsFile; 6.4 PsGetSid; 6.5 PsInfo; 6.6 PsKill; 6.7 PsList; 6.8 PsLoggedOn; 6.9 PsLogList; 6.10 PsPasswd; 6.11 PsService; 6.12 PsShutdown; 6.13 PsSuspend; 6.14 PsTools Command-Line Syntax; 6.15 PsTools System Requirements; Chapter 7: Process and Diagnostic Utilities; 7.1 VMMap; 7.2 ProcDump; 7.3 DebugView; 7.4 LiveKd; 7.5 ListDLLs; 7.6 Handle; Chapter 8: Security Utilities; 8.1 SigCheck; 8.2 AccessChk; 8.3 AccessEnum; 8.4 ShareEnum; 8.5 ShellRunAs; 8.6 Autologon; 8.7 LogonSessions; 8.8 SDelete; Chapter 9: Active Directory Utilities; 9.1 AdExplorer; 9.2 AdInsight; 9.3 AdRestore; Chapter 10: Desktop Utilities; 10.1 BgInfo; 10.2 Desktops; 10.3 ZoomIt; Chapter 11: File Utilities; 11.1 Strings; 11.2 Streams; 11.3 NTFS Link Utilities; 11.4 DU (Disk Usage); 11.5 Post-Reboot File Operation Utilities; Chapter 12: Disk Utilities; 12.1 Disk2Vhd; 12.2 Diskmon; 12.3 Sync; 12.4 DiskView; 12.5 Contig; 12.6 PageDefrag; 12.7 DiskExt; 12.8 LDMDump; 12.9 VolumeID; Chapter 13: Network and Communication Utilities; 13.1 TCPView; 13.2 Whois; 13.3 Portmon; Chapter 14: System Information Utilities; 14.1 RAMMap; 14.2 CoreInfo; 14.3 ProcFeatures; 14.4 WinObj; 14.5 LoadOrder; 14.6 PipeList; 14.7 ClockRes; Chapter 15: Miscellaneous Utilities; 15.1 RegJump; 15.2 Hex2Dec; 15.3 RegDelNull; 15.4 Bluescreen Screen Saver; 15.5 Ctrl2Cap; Troubleshooting—“The Case of the Unexplained...”; Chapter 16: Error Messages; 16.1 The Case of the Locked Folder; 16.2 The Case of the Failed AV Update; 16.3 The Case of the Failed Lotus Notes Backups; 16.4 The Case of the Failed Play-To; 16.5 The Case of the Crashing Proksi Utility; 16.6 The Case of the Installation Failure; 16.7 The Case of the Missing Folder Association; 16.8 The Case of the Temporary Registry Profiles; Chapter 17: Hangs and Sluggish Performance; 17.1 The Case of the IExplore-Pegged CPU; 17.2 The Case of the Excessive ReadyBoost; 17.3 The Case of the Slow Keynote Demo; 17.4 The Case of the Slow Project File Opens; 17.5 The Compound Case of the Outlook Hangs; Chapter 18: Malware; 18.1 The Case of the Sysinternals-Blocking Malware; 18.2 The Case of the Process-Killing Malware; 18.3 The Case of the Fake System Component; 18.4 The Case of the Mysterious ASEP; About the Authors;