I was excited to hear that the legendary Mark Russinovich had teamed up with all-around-smart guy Aaron Margosis to put together a guide to the Sysinternals toolset. Titled Windows Sysinternals Administrator's Reference, can get it for your Kindle, or as I did, in old-fashioned dead-tree format, suitable for scribbling in and dog-earing to your heart's content.
Now, for the rare techie who's not already a big fan of the Sysinternals tools, I'll give a bit of background. The collection includes around 70 freeware utilities grouped into six loose categories (Process Utilities, Security Utilities, File and Disk Utilities, Networking Utilities, System Info, and Miscellaneous) the majority of which run on any version of Windows (XP and later). I've been using several of the tools on an almost daily basis for a decade. I use Sysinternals utilities to deeply understand the guts of every product I've ever worked on, and to resolve problems with many pieces of software I otherwise know little about..
One of the perks of working in the Windows division at Microsoft is access to the source code of every version of Windows we've shipped in the last decade, but when I want to understand how our software works, I turn to Fiddler and the Sysinternals tools. Why? Because these utilities tell you the truth and show what's really going on. Source code is super-useful, of course, but it's often much more challenging to dig through--there are tens of millions of lines of code to sift through, and they interact in ways that were never formally documented, and sometimes, we find, ways that were never intended. The advantage of using monitoring utilities is that you get to see what's happening, and that usually brings you 90% of the way to a solution. The ability to "peek inside" software as it runs is astonishingly empowering-- in the same way that xrays and MRIs have had a huge impact on the practice of medicine.
Just booting Fiddler or Process Monitor and watching the events fly by will provide a non-trivial level of insight into how software on your computer works. But there's a difference between toying with these utilities and fully exploiting their power, and this is where Mark and Aaron's new book comes in. The book covers each of the tools and provides a full explanation of each; the two most useful tools (Process Explorer and Process Monitor) each get a chapter all their own, but even the most trivial of the utilities in the collection gets a page of coverage.
As a developer myself, my favorite parts of the book are where the authors reveal some of the tools' "secrets", explaining how they accomplish some interesting task. My other favorite parts of the book are the "Case of the..." sections that comprise the last three chapters--each section explains how the authors (or their colleagues) have used one or more of the Sysinternals tools to solve a real-world problem. These sections are well-written, super-interesting, and provide a fantastic primer for turning what you've learned in the earlier chapters into real-world results.
The book includes tons of facts about Windows itself that I'd forgotten or never picked up on to begin with. Over the years, Windows has added a number of features previously only available in the Sysinternals tools--the authors mention when this is the case, and compare and contrast the new Windows features to those in the Sysinternals utilities.
No book is perfect, of course. The book's structure enables the reader to jump directly to information about each specific tool, so anyone who reads the book cover-to-cover as I did will find some repetition of information between the sections and chapters. The authors' expectations of their readers' technical-savvy also seems uneven at some points--I was amused that a book that discusses kernel debugging and memory-manager design would take the time to footnote the meaning of the word "string" as it is used in software. But, on the whole, the book is very well-written.
If you develop or debug software on the Windows platform, this book will provide a great return on investment (purchase price and reading time).