Useful tools



This is by far the best tool to examine what is going on in a workerprocess. Once you've learned how to use it you'll never understand how you ever made it without it. I have written various posts on this tool and I expect that there will be even more to come. For an introduction, please see the following posts:



Getting a memory dump using Windbg is a command-line experience. If you'd prefer using a graphical UI to set up rules and triggers for when to get a dump you might want to look at DebugDiag. It also has a nice little auto-analyzis feature which I find really helpful sometimes. Especially when dealing with classic ASP and memory leaks.



This is a fantastic tool to use. Drop any .NET assembly on this tool and it will give you a decompiled view of the code. I use this so often that I can't even begin to thank Lutz Roeder enough. The typical scenario is something like this:

The customer is experiencing a hang/deadlock and after analyzing a dump I know pretty well where things are heading south. Using !clrstack I now have the method and classname that seems to be causing the problem. I save the modules from the memory dump to disk, drop them on reflector and begin looking at the code. Pretty soon I'll find the circular that is causing the problem.

I actually enjoy Reflector so much that I kind off prefer looking at the code that way rather than working with the customers (usually) unstructured source files.



This is a classic tool that you're probably well aware of allready. It allows you to monitor all network traffic making it a breeze to determine if that troublesome webservice request ever reaches the remote server or under what security context that particular request is running.



Fiddler is more or less Netmon light. While Netmon will give you everything Fiddler will bring you only the HTTP-traffic. It will act as a proxy and intercept all HTTP-traffic, so you'll still get IM-sessions and software checking for updates, etc. Still, it will exclude a lot of useless information making it a lot easier to examine. Fiddler 2 is even capeable of decoding SSL-traffic which is a really nice feature. I use Fiddler quite a lot since it's easier to filter out the noise and I'm rarely interested in anything else than HTTP. I also find it slightly easier to introduce to a customer who is inexperienced with Netmon.



The Sysinternals web site was created in 1996 by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information. Microsoft acquired Sysinternals in July, 2006. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications. If you have a question about a tool or how to use them, please visit the Sysinternals Forum for answers and help from other users and our moderators.

The tool I use the most is probably Process Monitor, previously known as Filemon and Regmon.

Comments (5)

  1. Hi Johan,

    A couple of months ago I compiled a list of tools used for debugging and investigation scenarios.  You might find the list useful, or even incorporate it into your own somehow.

    Check it out at:



  2. I’ve been using SOSEX quite a bit lately, and have been pretty happy with it.

    For the hardcore SOS guys (like you, Tess, etc), this is probably more trouble than it’s worth, but for me the "!refs" command alone has saves quite a bit of typing and pain.

  3. JohanSt says:

    Hi Chris,

    I actually haven’t tried SOSEX, even though I’ve always thought it looks very cool. It all comes down to force of habit. 🙂

  4. Problem: A customer called in. They had a Web Service running on a single IIS6. Memory usage would slowly

  5. Problem: A customer called in. They had a Web Service running on a single IIS6. Memory usage would slowly

Skip to main content