No computer runs perfectly forever. Somewhere along the line, something will go wrong. While each successive version of Windows has been that much more reliable and self-healing, that’s never been an argument to forgo a good collection of software tools.
Over the years I’ve accumulated a slew of third-party troubleshooting apps that have proven their value again and again, so much so that they’re among the very first programs installed in any system I use. If something goes wrong — a Blue Screen of Death, a slow-booting system, a recent program install that’s made everything slower than molasses going uphill in January — I turn to these tools to set things right. All of them are free for personal use, some are open source, and each of them deserves a place in the toolbox of the savvy Windows user.
Sysinternals’s Process Explorer
“Task Manager on steroids” — that’s how someone described Process Explorer to me when Mark Russinovich first released it many years ago. It can replace Task Manager or run side by side with it, but either way it’s an absolute must-have for technically savvy users. I typically use it as the replacement for Task Manager on any PC I run; it’s just too handy not to have installed.
When you launch Process Explorer, you’ll see a tree view of processes; they’re nominally organized by which process spawned which, but you can click on the column headers to change the sorting as you please. The top portion of the window has four graphs: CPU usage, commit history, I/O bytes history, and physical memory history. Click on one to bring up a full-sized window view that’s akin to the Performance tab in Task Manager — but with a level of detail and insight into what programs are doing that Task Manager doesn’t even come close to providing.
Double-click on the name of a process, and up pops a window with a startling amount of detail: the process’s running threads (and the stack for each thread), which can be frozen or killed; its permissions; its network access; the program it was launched from; even a dump of text strings in either the on-disk program image or its copy in memory. Processes, or whole trees of them, can be killed off, frozen, resumed, or have their windows or priorities manipulated — handy if a process window vanishes behind something else and you need to force it to the front. You can also toggle on or off a lower pane that contains detailed information about a process, find the process for a particular window by pointing to it, or search by name for any running process, handle, or DLL.
Move over, Task Manager. Process Explorer can do everything you can do, and more.
System Information for Windows
No other free tool I’ve encountered packs as much true utility into a single executable as this one. System Information for Windows , abbreviated as SIW, has replaced more than a dozen other programs I’ve used that dump one kind of system or application data or another. SIW lists application license keys, probes installed hardware, fetches device temperatures, catalogs installed multimedia codecs — the list seems endless.
SIW is organized into four basic categories. Three of them are available through a tree view on the left side of the program window: Software, Hardware, and Network. Click on a branch of any of those items and you’ll see the right-hand window pane fill with the corresponding data. The harvesting process may take a moment, especially for things like device lists, so don’t freak out if you have to wait a bit before SIW pulls everything together. Half the fun of using the program is just spelunking through these three lists and seeing what’s available.
The fourth category is a gaggle of miscellaneous tools in the program’s Tools drop-down menu. This is stuff program author Gabriel Topala apparently couldn’t fit in one of the previous three areas, but still wanted to include. Among them are such goodies as Eureka, a way to expose starred-out password fields in most any program; a tool for sending a wake-on-LAN packet to the MAC address of your choice; a BIOS dumping tool; a Base64/UUencoder-decoder; a CPU stress test; and plenty more. SIW even runs in the Windows Recovery Environment.
One caveat: SIW is mostly read-only. While it’s good at listing or dumping out system information, it doesn’t always allow you to change those settings. If you wanted to disable or enable ActiveX controls listed through SIW, for instance, you’d need to do that with a third-party utility such as Nirsoft’s ActiveXHelper.
System Information for Windows can tell you almost everything you need to know about your Windows install and your computer.
In Windows, there’s little worse than dealing with a Blue Screen of Death, or BSOD for short. Aside from being cryptic and difficult to decipher — especially since some BSODs can have multiple causes — they’re just plain annoying. Granted, BSODs happen much less frequently these days, but when they do it’s no less of a chore. After dealing with a whole slew of BSODs the other month — which turned out to be a hardware issue — I hunted around for tools to help analyze BSODs and found one that did the job and more: BlueScreenView.
When a BSOD occurs the results are, whenever possible, saved into a dump file that can be examined later. BlueScreenView scans your system for these files and produces a report from them, which you can read within BlueScreenView itself or save to HTML for separate analysis.
Each line in the report describes the BSOD’s crash code, the time and date of its occurrence, any parameters that might have been passed with the crash (useful for debugging), and a slew of other minor details. The results are searchable, so you can hunt for a particular crash code, driver, or DLL that you think might be present.
Another thing BlueScreenView does is list all of the device drivers that were running at the time of the crash. If a particular driver was listed as the cause of the crash, it’s flagged and displayed in red. You can filter out all the other drivers that were loaded at the time if you just want to focus on the culprit. You can also load dump files copied in from elsewhere by pointing to a folder, or even from computers accessible across the local network (provided you have permission to do so.
One minor annoyance with BlueScreenView involves the reporting function. If you want to print out both a crash message and its attendant driver stack, you have to treat them as separate reports. That said, the core crash message typically lists the offending driver; if nothing else, you can use the basic BSOD report to derive all the most crucial information.
Tame BSODs with BlueScreenView, which lets you analyze crash messages to learn what went wrong and why.
One of the great banes of any Windows user’s life is software that insists on shoehorning things into the system to launch at startup, whether or not you actually need or want any of it. Scanner and printer drivers are among the worst offenders in this regard. They often insist on installing a bunch of system-tray-resident utilities of dubious usefulness.
Autoruns — by Mark Russinovich, of Process Explorer fame — not only roots out these annoyances, but it comes in handy for so many other things that it’s simply indispensible. Autoruns probes your system and dumps out lists of programs and system components that start automatically, without user intervention — from apps in your Startup folder to scheduled tasks, from services to device drivers, from Sidebar gadgets to codecs. By default it dumps out data pertinent to the current user context, but the program’s User menu lets you switch contexts. (You’ll need to run the program as Administrator, though.)
Autoruns organizes its views into the system by tabs (Logon, Services, Explorer, Internet Explorer, Drivers), making it easy to drill down to the entries you’re most concerned about. You can disable any app or service without actually deleting it, simply by unchecking a box, or you can remove it entirely with a selection from the right-click menu. That same menu also has options for jumping to the service’s entry in the Registry, verifying its code signature, and looking it up on Google.
Select Options | Hide Microsoft and Windows Entries, and when you next run Autoruns or click Refresh, you’ll see only third-party applications — a handy way to focus only on programs added to Windows after the fact and, thus, might be a problem. If Process Explorer is currently running, you can right-click on an item and bring up its Properties pane in Process Explorer, assuming said item is actually running.
Autoruns also comes in a command-line version, which can be used with scripts or other automation. Finally, check out a video for some neat Autoruns usage tips , from Mark Russinovich himself.
Autoruns reveals every app and service that’s running on your computer, and lets you disable or delete the ones you don’t want.
Where did all my disk space go? Every PC user asks this question at one time or another, and the answer can easily be found with a copy of WinDirStat. WinDirStat generates easy-to-understand graphical reports about disk usage, allowing you to see at a glance which individual files or folders hidden deep within a directory tree may be gobbling up dozens of gigabytes. A few other programs of this kind exist, but WinDirStat has consistently trumped them all.
Fire up the program and you’ll be asked to select one or more drives or folders in your system, which are then analyzed for space usage. The analysis may take a few minutes or more, depending on how many files or directories are on the drive(s) in question; you can switch away and let the program run in the background. (Cute touch: The progress bars use Pac-Man icons.)
Once the analysis is done, the results appear in an arrangement known as a treemap , where the files that take up the most space show up as large colored blocks. This makes it easy to quickly spot the biggest space hogs. Click on any block and the top part of the program’s window will display the corresponding file in the context of its directory, via a conventional tree-list view. You can also use the tree view to determine the relative space usage of the file or directory of your choice, so you can in effect drill down (or up) by either file size or location. Finally, files are color-coded by type, so you can see at a glance what kinds of files take up the most space.
It’s also possible to do cleanup operations within the program. Right-click on a file or folder, and you can delete it — either by sending it to the Recycle Bin or deleting it directly. You can also pop open a command line or Explorer window on the directory or file in question.
With WinDirStat, you can discover at a glance where most of your disk space is going.
Unlocker and OpenedFilesView
Here is another scenario most of us have encountered: a file that simply can’t be deleted because it’s “in use.” Windows Vista and Windows 7 are a little better at informing the user about which program is using the file in question, but sometimes you’re stuck playing digital Whack-A-Mole trying to figure out which window to close.
I’ve used not one but two programs, at different times, to deal with these annoyances. The first is Cedrick Collomb’s Unlocker , which many people know and love. The second is the lesser-known but still valuable OpenedFilesView (by Nir Sofer, author of BlueScreenView). Both do the same thing: Determine which process has a lock on which file, and let you release it either by killing the file handle or the offending process. However, they go about it very differently.
Unlocker runs silently in the background and adds a right-click context menu to Explorer. If you want to know what’s locking a particular file, right-click and select Unlocker. From there you can elect to terminate the processes locking a file, make a copy of the file in question, or remove the locks that the process has on the file.
OpenedFilesView, on the other hand, provides a regularly updated list of all files currently locked by all processes, which can be sorted and searched. The same types of action can be taken, although OpenedFilesView doesn’t support deleting a locked file or making a copy.One major drawback to both Unlocker and OpenedFilesView is shaky 64-bit support. Unlocker doesn’t work in 64-bit Windows at all.
OpenedFilesView has a 64-bit edition, but requires that you disable driver signing system-wide (which requires a reboot). Turning this off makes it that much easier for unauthorized software to install drivers, although I’d bet most users who need a tool like this are well aware of those risks.
For finding those processes that won’t let go, Unlocker (above) is simplest and best for regular users; OpenedFilesView (below) provides more advanced information about in-use files.