Microsoft released Process Monitor v1.2 just two weeks ago. Now there is a newer version available again. It is only a minor update, just as the ones for TCPview and PSExec. Since all three utilities belong in every admin’s tool box, it is worth a blog post.
Process Monitor is probably the first tool you would pull out whenever an application runs amok. It helps you analyze the behavior of an app by monitoring its file system, Registry and process/thread activity. Version 1.21 supports XML export and Microsoft says that performance was improved and some bugs were fixed. However, I still have the problem that Process Monitor hangs on some Vista machines. It seems like I am not the only one who is affected by this bug. This is a serious one because you can’t shutdown Vista anymore once you launched Procmon. You have to pull the power plug!
TCPview is more or less a GUI version of the netstat tool that comes with Windows. It allows you to view TCP and UDP connections on your system. This is very useful if you want to find out to which remote systems an application is connecting. If you are afraid that you have been infected by spyware, then TCPview is the tool you should use to start analyzing your system. The most important new feature of TCPView 2.5 is that it now supports Vista including IPv6.
PSExec is my favorite tool to connect to a remote machine on the command line. It is comparable with telnet in the UNIX world. The good thing is that you don’t have to install anything on the host. You can also use the tool to remotely launch applications from the command line. The priority switch of PSExec v1.85 has the new background option which allows you to run an app with low memory and I/O priority on Vista machines.