Presentation is loading. Please wait.

Presentation is loading. Please wait.

Troubleshooting processes with Process Explorer and Process Monitor

Published byDominic Lang Modified over 6 years ago

Similar presentations

Presentation on theme: "Troubleshooting processes with Process Explorer and Process Monitor"— Presentation transcript:

1 Troubleshooting processes with Process Explorer and Process Monitor
6/19/2018 7:18 PM BRK3268 Troubleshooting processes with Process Explorer and Process Monitor Sami Laiho, MVP—Windows OS Senior Technical Fellow—Adminize Senior Advisor—Intility/Applixure Member of Names.fi © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Sami Laiho Senior Technical Fellow adminize.com Twitter: @samilaiho
IT Admin since 1996 MCT since 2001 MVP in Windows OS since 2011 Specializes in and trains: Troubleshooting Security Hacking Penetration testing Social Engineering Trophies: NIC 2016, Best Speaker Ignite 2015 – Best male presenter ;) (#2 out of 1000 speakers) TechEd Europe 2014 – Best session TechEd North America Best session, Best speaker TechEd Australia Best session, Best speaker

3 I got certs

4 2,6 pounds of them

5 “JÄRJESTELMÄNVALVOJA” SWAG

6 Finnish is so easy! The feeling when you are going to get drunk home alone in your underwear – with no intention of going out. We have a word for it!! NO WAIT, THAT’S NOT ENOUGH… We actually have an official EMOJI for it!

7 6/19/2018 7:18 PM KALSARIKÄNNIT © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Demos or Slides?

9 Process Explorer

10 Starting Sami Laiho

11 Registry

12 Views Sami Laiho

13 Threads and Stacks Sami Laiho

14 Service Host grouping in Windows 10 1703
To see the refactoring behavior, create a Windows 10 version 1703 VM and configure the memory settings as follows: To see grouped processes, set the RAM to 3484 MB or less. Restart the VM and then open Task Manager. To see separated processes, set the RAM to 3486 MB or greater. Restart the VM and then open Task Manager.

15 Case – Hanged virtual machine
6/19/2018 Case – Hanged virtual machine VM totally stuck… Task manager looks like this © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Case – Hanged virtual machine
6/19/2018 Case – Hanged virtual machine Task Manager shows that SYSTEM is causing the problem… © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Case – Hanged virtual machine
6/19/2018 Case – Hanged virtual machine Process Explorer shows Threads! © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Case – Hanged virtual machine
6/19/2018 Case – Hanged virtual machine Removed the virtual floppy because it was pointing to a nonexistent file  © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Virus Hunting Sami Laiho

20 Resource Usage Sami Laiho

21 Saving Data Sami Laiho

22 Process Monitor

23 Launching Sami Laiho

24 Log Files Sami Laiho

25 Views Sami Laiho

26 Advanced Filtering Sami Laiho

27 Tips and Tricks for finding
Sami Laiho

28 Logoff/Logon and Boot Sami Laiho

29 Profiling Sami Laiho

30 Remote Procmon Sami Laiho

31 Want more? Sessions to come: Today: THR3087, Tomorrow: BRK3286
Check out my videos at PluralSight! Check out my personal video library at Follow me on Blog, Slack: Consulting? me at

32 Please evaluate this session
Tech Ready 15 6/19/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 6/19/2018 7:18 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Troubleshooting processes with Process Explorer and Process Monitor"

Similar presentations

MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Windows 7 Training Microsoft Confidential. Windows ® 7 Compatibility Version Checking.

Windows 7 Training Microsoft Confidential. Windows ® 7 Compatibility Version Checking.
Session 1.

Session 1.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
demo Demo.

demo Demo.
demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z01234567893.

demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks.
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee Welly.Lee@microsoft.com.

6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
6/23/2018 8:31 PM THR1071 So you want to start a User Group? Notes from the field to make it a success Chris Rhodes MCT & MVP Windows User Group © Microsoft.

6/23/2018 8:31 PM THR1071 So you want to start a User Group? Notes from the field to make it a success Chris Rhodes MCT & MVP Windows User Group © Microsoft.
Azure SDKs and Tools for You

Azure SDKs and Tools for You
Do more with Microsoft Word and Office 365

Do more with Microsoft Word and Office 365
Get Typed with TypeScript!

Get Typed with TypeScript!
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
What a Real, Functioning DevOps Team Looks Like

What a Real, Functioning DevOps Team Looks Like

Similar presentations

Ads by Google