I have been a huge fan of the Sysinternals tools ever since I switched to Windows for my work. These tools give the ability to peek into every heartbeat of Windows, and you develop an appreciation for the beauty and complexity of this operating system. So, it is no wonder that I eagerly awaited the Windows Sysinternals Administrator’s Reference once Mark Russinovich announced it earlier this year. Written by Mark and Aaron Margosis, this book helps readers use the Sysinternals tools effectively to understand the working internals of Windows, and to diagnose and fix problems.
Part 1 talks about the history of Sysinternals tools and gives a brief description of administrator privileges, user-kernel mode, processes, threads, jobs and handles in Windows. Though designed similar to other operating systems, Windows is a different beast. This chapter is a highly educational read to understand just how it differs and to catch up on the Windows OS jargon. The first 3 chapters of Part 2 are worth the price of the book itself — they go deep into the capabilities of Process Explorer, Process Monitor and Autoruns. Having learnt these 3 tools one can start to live comfortably with Windows. (Well, almost!) The rest of Part 2 covers the other Sysinternals tools, most of which I do not use. Part 3 is a compendium of many troubleshooting mystery cases, which were solved by using Sysinternals tools. Followers of Russinovich’s blog or talks will be familiar with most of these since he has written and presented about them before. Written like a detective mystery, each of these are sure to be engaging to geeks.
Windows Sysinternals Administrator’s Reference is a good companion to the Windows Internals books, providing the much needed practical information and tools to get down-and-dirty with the internals of Windows. Like his blog and talks, Russinovich’s narrative here is entertaining and educational to read. The book completely pays for itself with just Part 1 and the first 3 chapters of Part 2. This book is a must for everyone who uses Windows as their primary operating system.