Software Investigators Tool Box for Windows

Troubleshooting is the art of posing the right questions and pocking the right places. It’s very similar to CSI’s quest to unveil the truth behind deaths… though not that dramatic. And similar to Crime Scene Investigators, Software Investigators have to have their own tool box, equipped to trap problems. Additional tools in the box are specific for each application, but basic set is always the same. A universal Windows tool box for me looks like this:

  1. Windows Performance Monitor is probably one of the most popular Windows tools of all times, and probably tool number one when testing in Windows environment. There are thousands reasons to turn it on, and I’d be suspicious of anyone, who claims to work in testing, but is not comfortable using it.
  2. Process Explorer by Mark Russinovich (now owned by Microsoft)
    It doesn’t only show the list of processes and their basic characteristics, like memory, IO throughput or CPU usage (which Windows Performance Monitor, or even a simple Windows Task Manager can do), but also allows you to dig inside and see files, directories and other handles opened by those processes, as well as dlls loaded by them. It also allows to monitor file and registry operations (the later task was previously available through separate FileMon and RegMon Sysinternals tools).
    Though Process Explorer is definitely the most known and the most used, other tools from Windows Sysinternals site can be as useful.
  3. Wireshark – a network monitoring tool, which allows you to look inside the data sent over the network, in virtually any format. I think Wireshark is still the best tool for the task, though Microsoft’s NetMon 3.x, in difference from its predecessor (NetMon 2.x), is becoming a powerful sniffer and analyzer too. It still has a long way to go, especially in analysis part, but it can become an alternative to Wireshark eventually.
  4. When you are debugging, you also often need to read or edit text files in different formats and encoding, or modify binary files. So you need something a bit stronger than a regular Windows Notepad. You need a Windows Notepad Replacement, which grew up into the whole family of the programs: Notepad++, TextPad, etc. I don’t have a strong preference in this category, as all the programs seems compete head to head, and at different points in time I found one or the other to be more helpful. I like how this page summarizes the most popular options.
  5. MS User Mode Process Dumper is a little bit more advanced tool to setup and use, but it’s worth it. It allows to generate an image of the running process (process dump) when an exception occurs, application hangs, crashes or quits. Once the dump was created, WinDbg tool, from Debugging Tools for Windows package can be used to understand and analyze the exception or crash. This set of tools is quite powerful (it’s a step above and beyond Process Explorer, or simple performance analysis), but it requires a collaboration between developers and testers, since even though anyone can create a dump, and some data can always be pulled out of it, effective analysis on the dump is only possible if symbols, specific for the build on which dump was created, are available.
  6. If you work with Windows application, it probably is installed using Windows Installer, thus you might need to troubleshoot the installation itself. And though msiexec has a few useful logging options, you might also need to pick inside the MSI. I usually use Total Commander’s MSI plugin (can be found on this page), Orca or MSIInfo.
  7. And no troubleshooting can be done without logging. Browsing manually through logs might be time consuming and ineffective, so the tool that allows to parse logs, would indeed be helpful. Microsoft’s Log Parser is such tool, which also has a non-Microsoft Visual extension to it.
Software Investigators Tool Box for Windows

List of built-in Microsoft Management Consoles (MMC)

Computer Management compmgmt.msc
Device Manager devmgmt.msc
Disk Defragmenter dfrg.msc
Disk Management diskmgmt.msc
Removable Storage ntmsmgr.msc
Removable Storage Operator Requests ntmsoprq.msc
Authorization Manager azman.msc
Certificates certmgr.msc
Component Services comexp.msc
Deployment Services wdsmgmt.msc
Event Viewer eventvwr.msc
Group Policy gpedit.msc
Indexing Service ciadv.msc
Local Security Settings secpol.msc
Local Users and Groups lusrmgr.msc
Performance perfmon.msc
Performance Media Services wmtperf.msc
Resultant Set of Policy rsop.msc
Services services.msc
Windows Management Infrastructure (WMI) wmimgmt.msc
Windows Media Server wmsadmin.msc, wmsadminonly.msc
Distributed File System dfsgui.msc
File Server Manager (shares, sessions, …) filesvr.msc
Remote Desktops tsmmc.msc
Shared Folders fsmgmt.msc
Storage Server Manager nas.msc
Telephony tapimgmt.msc
Terminal Services Configuration tscc.msc
Active Directory
DHCP Management dhcpmgmt.msc
DNS Management dnsmgmt.msc
Domain Controller Security Policy dcpol.msc
Domain Security Policy dompol.msc
Domains and Trusts domain.msc
Internet Authentication Service ias.msc
Routing and Remote Access rrasmgmt.msc
Sites and Services dssite.msc
Users and Computers dsa.msc
Certificate Services
Certificate Services certsrv.msc
Certificate Templates certtmpl.msc
List of built-in Microsoft Management Consoles (MMC)