Software Investigators Tool Box for Windows

Troubleshooting is the art of posing the right questions and pocking the right places. It’s very similar to CSI’s quest to unveil the truth behind deaths… though not that dramatic. And similar to Crime Scene Investigators, Software Investigators have to have their own tool box, equipped to trap problems. Additional tools in the box are specific for each application, but basic set is always the same. A universal Windows tool box for me looks like this:

  1. Windows Performance Monitor is probably one of the most popular Windows tools of all times, and probably tool number one when testing in Windows environment. There are thousands reasons to turn it on, and I’d be suspicious of anyone, who claims to work in testing, but is not comfortable using it.
  2. Process Explorer by Mark Russinovich (now owned by Microsoft)
    It doesn’t only show the list of processes and their basic characteristics, like memory, IO throughput or CPU usage (which Windows Performance Monitor, or even a simple Windows Task Manager can do), but also allows you to dig inside and see files, directories and other handles opened by those processes, as well as dlls loaded by them. It also allows to monitor file and registry operations (the later task was previously available through separate FileMon and RegMon Sysinternals tools).
    Though Process Explorer is definitely the most known and the most used, other tools from Windows Sysinternals site can be as useful.
  3. Wireshark – a network monitoring tool, which allows you to look inside the data sent over the network, in virtually any format. I think Wireshark is still the best tool for the task, though Microsoft’s NetMon 3.x, in difference from its predecessor (NetMon 2.x), is becoming a powerful sniffer and analyzer too. It still has a long way to go, especially in analysis part, but it can become an alternative to Wireshark eventually.
  4. When you are debugging, you also often need to read or edit text files in different formats and encoding, or modify binary files. So you need something a bit stronger than a regular Windows Notepad. You need a Windows Notepad Replacement, which grew up into the whole family of the programs: Notepad++, TextPad, etc. I don’t have a strong preference in this category, as all the programs seems compete head to head, and at different points in time I found one or the other to be more helpful. I like how this page summarizes the most popular options.
  5. MS User Mode Process Dumper is a little bit more advanced tool to setup and use, but it’s worth it. It allows to generate an image of the running process (process dump) when an exception occurs, application hangs, crashes or quits. Once the dump was created, WinDbg tool, from Debugging Tools for Windows package can be used to understand and analyze the exception or crash. This set of tools is quite powerful (it’s a step above and beyond Process Explorer, or simple performance analysis), but it requires a collaboration between developers and testers, since even though anyone can create a dump, and some data can always be pulled out of it, effective analysis on the dump is only possible if symbols, specific for the build on which dump was created, are available.
  6. If you work with Windows application, it probably is installed using Windows Installer, thus you might need to troubleshoot the installation itself. And though msiexec has a few useful logging options, you might also need to pick inside the MSI. I usually use Total Commander’s MSI plugin (can be found on this page), Orca or MSIInfo.
  7. And no troubleshooting can be done without logging. Browsing manually through logs might be time consuming and ineffective, so the tool that allows to parse logs, would indeed be helpful. Microsoft’s Log Parser is such tool, which also has a non-Microsoft Visual extension to it.
Software Investigators Tool Box for Windows