Debugging Windows OS & Apps
Applications and tools for debugging Windows OS and applications without access to their source code.
Spy++ (SPYXX.EXE) is a Win32-based utility, included in Microsoft Visual Studio , that gives you a graphical view of the system’s processes, threads, windows, and window messages.
SpyStudio is the best product to trace user-mode API calls on Windows. SpyStudio is an Application tracer which shows and interprets calls, displaying the results in a structured way which is easy for any IT professional to understand. SpyStudio can understand the resources that an application uses, track down errors, detect malware and create application layers for virtualization. SpyStudio has a trace comparison tool which is useful for identifying problems in virtualized environments. You can obtain two samples: the native version of the application and the virtual version which has the problems. Using the 'Compare traces' feature, you can see what is missing in the virtual environment. SpyStudio is the user-mode SysInternals Process Monitor's (aka Procmon) complement. Looking for application errors with kernel-mode traces is tedious, and it is very difficult to see the final outcome of a user-mode call. With kernel-mode tools, you get a lot of noise that the application does not see, since a single user-mode call generates lots of kernel-mode events that are not important from the application's perspective. Most application errors are generated by failed user-mode calls which expect a different state of some resources: registry keys and values, files, pipes, services and printers. SpyStudio is also able to load and interpret Procmon logs.
Nektra’s SpyStudio simplifies application virtualization packaging for VMware ThinApp and Symantec Workspace Virtualization. It includes advanced features for application harvesting, and troubleshooting. It is able to package applications with or without installation media in ThinApp environment.
API Monitor is a Windows program that lets you monitor and control API calls made by applications and services. Its a powerful tool for seeing how applications and services work or for tracking down problems that you have in your own applications.
The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault.
The Suite is a bundling of the following selected Sysinternals Utilities:
AccessChk AccessEnum AdExplorer AdRestore Autologon Autoruns BgInfo CacheSet ClockRes Contig Coreinfo Ctrl2Cap DebugView Desktops Disk2vhd DiskExt DiskMon DiskView Disk Usage (DU) EFSDump Handle Hex2dec Junction LDMDump ListDLLs LiveKd LoadOrder LogonSessions NTFSInfo PageDefrag PendMoves PipeList PortMon ProcDump Process Explorer Process Monitor ProcFeatures PsExec PsFile PsGetSid PsInfo PsKill PsList PsLoggedOn PsLogList PsPasswd PsService PsShutdown PsSuspend RegDelNull RegJump RootkitRevealer SDelete ShareEnum ShellRunas SigCheck Streams Strings Sync TCPView VMMap VolumeID WhoIs WinObj ZoomIt
Process Hacker is a feature-packed tool for manipulating processes and services on your computer. A free and open source process viewer with powerful process termination and memory searching/editing capabilities.
Key features of Process Hacker:
• A simple, customizable tree view with highlighting showing you the processes running on your computer. • Detailed system statistics with graphs. • Advanced features not found in other programs, such as detaching from debuggers, viewing GDI handles, viewing heaps, injecting and unloading DLLs, and more. • Powerful process termination that bypasses security software and rootkits. • View, edit and control services, including those not shown by the Services console. • View and close network connections. • Starts up almost instantly, unlike other programs.