More free troubleshooting tools for Windows

Last month I compiled a list of the best troubleshooting tools for Windows, the result of many years of sifting through and trying out many such programs. One of the problems with assembling any such list is that a lot of good stuff always gets overlooked. It’s like a movie buff being asked to pick only 10 favorite films: It’s so hard to limit yourself!

To that end, here’s another batch of tools that didn’t make the first cut, but are still enormously useful. Even better, they’re all free, and they can be carried around on a thumb drive when you’re stuck making PC house calls for yet another user in trouble — or when you’re in trouble yourself, for that matter.

Windows Installer Cleanup Whenever Microsoft makes a useful tool for Windows, it tends to go unsung compared to the bevy of third-party productions out there. That’s a shame, because many of Microsoft’s internal creations are incredibly useful. To wit: the Windows Installer Cleanup utility.

Originally written as a support tool when Microsoft’s .MSI installer technology was still new and a bit raw, Windows Installer Cleanup was devised to allow people to manually remove the entries that .MSI installations create in the system’s installed-applications database. This was, and still is, useful if a program installation goes south — if the installer crashes, for instance — or if the program refuses to uninstall correctly. Consequently, this program is useful for troubleshooting broken application installations by letting you start the install from scratch.

When you install Windows Installer Cleanup, it creates an icon in the Start Menu under All Programs. Run it and you’ll be presented with a list of all the apps registered in the Windows Installer database. To remove a program from the database, just select it and hit Remove. Note that this does not delete the program’s directory — it simply removes any references to it from the .MSI database. Then you can rerun the installer without the computer complaining that said program is already installed.

Note that if you can’t find an entry for a particular program in Windows Installer Cleanup, but it still appears in the “Uninstall or change a program” section of the Control Panel, chances are the .MSI database entry for the program has been removed but that the Registry entry that makes the uninstaller available was left behind. You can remove this manually with CCleaner, another of InfoWorld’s top Windows tools.

AppCrashView In my previous article on Windows troubleshooting tools, I talked about Nir Sofer’s BlueScreenView utility, which allows you to dump out and analyze crash messages generated by Windows BSODs. Now that I think about it, one of his other tools may be even more useful in a day-to-day context: AppCrashView.

AppCrashView is to applications what BlueScreenView is to the whole system. It polls the system for information about application crashes (which can be a little ornery to dig out on your own) and presents it in a gridded view. Click on an entry, and the bottom pane of the AppCrashView window fills with a text copy of the crash information, which is in a simple key/value format (such as the old Windows .INI files).

Double-click on each app crash entry, and you’ll bring up a dialog box with a detailed view of the selected item: the name and path of the app in question, time and date of the crash, the crash code, the module that caused the crash, and the location of the crash report file itself (in case, for instance, you need to send it to someone else for debugging). Right-click on one or more of the selected entries and you can copy them out to the clipboard, save them in a variety of formats (plaintext, HTML, XML, comma-delimited, or tab-delimited files), or generate a separate HTML report that opens automatically in your default Web browser.

Application crash logs are stored in a couple of different places in the system: the Report Archive and the Report Queue. Under Options in AppCrashView, you’ll see two selections: “Show ReportArchive files” and “Show ReportQueue files.” The latter, which is disabled by default, holds reports of problems with applications due to compatibility issues. In other words, they might not be full-blown program crashes, but the information is useful if you suspect a couple of programs aren’t getting along.

Note that AppCrashView works with Windows Vista, Windows 7, and Windows Server 2008 only. It does not work with any previous version of Windows due to a change in the way crash information is saved. Older versions of Windows used the Dr. Watson utility to generate crash information from a faulty program, but newer versions use the Windows Error Reporting technology, which allows for more robust reporting of program issues. Dr. Watson is retired.

ProcessActivityView”What is that program doing!?” We’ve all asked this question at one time or another. Little is more frustrating than running a program and watching it do absolutely nothing. Or burning up 99 percent of all four cores without getting even a responsive window for all that trouble. The worst is when a program is churning furiously away at the disk for no apparent reason. It’s not just a performance killer; those of us with a paranoid streak may wonder if our files are all being shredded while we sit and drum our fingers.

Another of Nir Sofer’s endlessly useful software creations to the rescue: ProcessActivityView. ProcessActivityView lets you inspect the file activity of a given process in great detail, and create a running log of all the file accesses generated by that program.

When you run ProcessActivityView, click on “Start With Existing Process” and you’ll be presented with a list of all running programs. Select one, click OK, and ProcessActivityView will begin to record everything that program does with respect to files: files opened, written to, closed, which program module performed the deed, the last process handle associated with the file, and any resulting error codes generated by the file access. This last option is especially useful if a program is trying to access a file that, for instance, it doesn’t have permission to talk to and is crashing because it doesn’t have code to handle such a condition. You can also launch a process from within ProcessActivityView (click “Start New Process”) and start tracing its activity immediately. As with all of Nir Sofer’s apps, you can generate reports in HTML, XML, plaintext, and CSV from the data harvested.

ProcessActivityView comes in two editions: x86 and x64. Note that the x64 version is used for inspecting x64 applications; it’s not the version you must run on 64-bit Windows. In other words, if you have 64-bit Windows, you need to run one of either version of ProcessActivityView depending on the program you’re inspecting: the 32-bit version for 32-bit apps and the 64-bit version for 64-bit apps. If you try to use the x64 version to inspect a 32-bit app, the app in question may crash. For safety’s sake, start with the 32-bit edition first, and if you don’t see the intended program, grab the 64-bit edition and use it. I keep both editions in one folder with “x64” tacked onto the end of the name of the 64-bit version.

Also note that ProcessActivityView is most useful when you’re dealing with a specific program. It can’t tabulate results from multiple programs at once.

ProcessActivityView traces the file activity of a specific application and creates detailed logs for later analysis.

Resource Monitor Another of Microsoft’s unsung tools (albeit only available in Windows Vista and Windows 7), Resource Monitor (Resmon) charts the way resources are used in your system, and in a way that makes it abundantly clear what’s gobbling up what. Whenever you ask yourself, “Why is my hard drive grinding away like that?” you will find Resmon indispensable. Process Explorer is better at giving you detailed information about other aspects of a process, such as the thread stack or the process’s security tokens. Resource Monitor focuses on performance and resource usage, making it an excellent complementary tool to Process Explorer.

Resmon’s window is divided into five tabs: Overview, CPU, Memory, Disk, and Network. The Overview tab gives you a summary view of the other four; click one of the other tabs to bring up a detailed breakdown of that particular resource type. If something’s stuck or hogging your system, you can terminate or suspend it or see what else it might be holding up.

Most of the troubleshooting I’ve done on systems revolves around disk usage, so I’ll talk about the Disk tab first. Click it and you’ll see which processes are accessing the disk, what files are being accessed, and — in my opinion, most important — the percentage of the queue used up for a particular storage device. The more queue is used up on a drive, the more any individual application has to wait to use it. The disk monitor also lists the response time for a given application (in milliseconds) and the I/O priority assigned to a given process. One of the biggest disk hogs on my system turned out to be Firefox, so I moved it off my system drive and immediately saw much better performance. The difference between Resmon and ProcessActivityView is that Resmon lets you see the whole system in context, while ProcessActivityView focuses on one app at a time.

The CPU tab should look familiar to anyone who has run Process Explorer or Task Manager, and it provides much of the same information, although by default it lists all the individual services that are running. If you select the check box next to a given process, you can filter all of the other panes in that tab — the services list, the handles list, and the modules list — so that they show only the items relevant to the selected process. It’s a different way of slicing and dicing the information than used by Process Explorer, so it might provide a faster way for you to drill down and find details. The Network tab lets you see total network throughput and determine which TCP connections, remote hosts, or ports a particular program has open.

The Memory tab also features many of the same things as Process Explorer (and Task Manager), but they’re organized a little differently. The physical memory chart gives you an easy-to-read graphical breakdown of how all the memory in the system is allocated; the memory usage columns in the process list is smaller than Process Explorer but also less bewildering. (Don’t panic if you see, say, only 2MB of “free memory” in the Physical Memory chart. The way Windows allocates memory means that commonly used items are precached and released as needed to make room for program data.) If a process seems stuck, right-click on it and select “Analyze Wait Chain.” You’ll see a list of all the processes that particular program is waiting on, and you can terminate them to free up the stuck application.

Resource Monitor in Windows 7 and Windows Vista gives you a comprehensive view of CPU, memory, disk, and network resource consumption in your system, and the tools to manage it all.

Control Content Saver Most troubleshooting apps are information gathering tools of one kind or another. Sometimes the information you need is in a strange place, such as an onscreen window from which you can’t copy and paste text. The usual alternatives for collecting information from such windows has been one of the following:

• Pencil and paper
• Copying the message verbatim in Notepad
• Taking screenshots

I’ve never been fond of any of these methods. The first two increase the chances of making a mistake, and the third is hardly a useful way of sharing information. Why do it that way when, by all rights, you ought to be able to copy the contents of the window as plain text? Isn’t that the whole point of using computers — standardizing the way data is passed between things?

I was faced with various incarnations of this problem while troubleshooting a program whose only error messages appeared in modal dialog boxes right before the program crashed (bad program design in the extreme). After tiring of copying messages by hand or taking screenshots, I dug around and found Control Content Saver, a free and open source app by Jacquelin Potier that solved my problem and then some.

Control Content Saver lets you point to any control in any program’s window that contains text and copy the results to the clipboard. This includes the following items:

• Password fields, where you can both reveal the obscured text in the field and copy the results to the clipboard
• Tree view controls, where you can save the entire tree, only the selected elements in the tree, or only the expanded branches of the tree
• ListView controls (gridded controls), where you can save specific columns or only selected items
• ListBox controls, where you can save everything or just selected items

Control Content Saver can also be invoked with a set of command-line parameters, where you can specify the handle number of the window to copy information from. This trick isn’t likely to be useful to anyone other than programmers and others fairly high up on the tech-geek food chain, but it’s handy all the same.

Control Content Saver can’t capture some kinds of output. It can’t grab control content from programs written in Java, for instance. Also, Windows Vista and Windows 7 apps that use the new Windows Presentation Foundation (WPF) look and feel may not return useful information. But you should be able to grab text from controls in conventional Windows apps without a hitch — especially those annoying modal dialogs!

Drag Control Content Saver’s crosshairs to any control, and it will copy out the text printed there.