GuidesSnooping Around

Snooping Around content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Windows, at this point, is fiendishly complex. But much of this complexity
is exposed for you to inspect, if you know how to look for it. Because they
depend on well-defined APIs and program structures, Windows applications (and
Windows itself, for that matter) are relatively easy to poke around in. Here are
half a dozen free tools that you can use to help you find out what’s going
on, whether in your own code or programs produced by other people.

Process Explorer

Process Explorer starts out by presenting a list of all the processes running
on your computer. You might well be surprised at how many there are, once you
take into account all of the startup applications and hidden windows that keep
your system smoothly moving along. You can see the process ID, owning user,
amount of CPU being used, and so on. The context menu lets you kill a process,
suspend it, or alter its priority. You can also see other details, such as the
number of assemblies and classes that a .NET process has loaded; the list of
columns here is long and configurable.

The lower pane of Process Explorer toggles between two different views. In
DLL view, shown in the figure, you can see what libraries the process has
loaded. In handle view, you cand see which Windows resources (such as threads
and events) the application is using.

Perhaps the best part of Process Explorer is its ability to search across all
running processes. Ever wondered which application is holding a DLL in memory,
forcing you to reboot to replace that DLL? Or been frustrated by not being able
to delete a file, because some application is hanging on to it, and not knowing
what application is the culprit? Process Explorer can answer these questions
easily, and let you delete the offending handle as well.


One of the key facts about .NET applications is that you can use reflection
to look inside of them and discover details about their code (there’s a whole
industry of obfuscators springing up in response to make your code more
confusing). The .NET SDK includes the ILDASM utility to get you started, but if
you’re really interested in the internals of .NET applications, you’ll want to
download Lutz Roeder’s Reflector

Most developers have, at best, limited graphics skills. That poses a problem
for us when we need to use icons in our application, whether to represent nodes
in a treeview or the minimized application on the Taskbar. What Cobicon does is
show you all of the icons in a Windows executable or DLL file, and let you save
them individually to .ico files. Of course, you need to be respectful of
copyrights when you use this technique to grab icons, but there are many
standard ones (like file and folder icons from shell32.dll) that everyone

Cobicon also offers one feature that distinguishes it from other icon
extractors that I’ve seen. You can specify a source folder and a destination
folder, and with one click extract all of the icons from files in the
source folder and put them in the destination folder. Try this with the System32
folder some time to see a truly staggering variety of Windows icons.

PE Resource Explorer

Of course, Windows PE files (the common format used by applications running
on Windows) can contain other resources besides icons. If you want to see them
all, try PE
Resource Explorer

PE Resource Explorer understands the portion of the PE file format that
stores resources: AVIs, bitmaps, strings, you name it. You can drill into any of
these parts of a file to see what’s there. I find this particularly useful when
trying to get acquainted with a new application while it’s still in beta and
poorly documented. Inspecting bitmaps and strings can often give you a sense of
what functionality is lurking in the application, waiting for you to find

In addition to viewing and saving resources, PE Resource Explorer actually
lets you edit them. This is useful for doing quick localization on an
application that you don’t have the source for. For that matter, it can also
lead to some interesting practical jokes (imagine Notepad with all of its menu
items in Pig Latin, for instance).

CLR Profiler

My final free pick is CLR
, a free tool for optimizing .NET applications available directly
from Microsoft.

Click here for a larger

CLR Profiler is primarily a tool to use when trying to optimize your own .NET
applications (though it can be fun – or appalling – to watch what happens with
other .NET applications as well). It works by hooking into the part of the .NET
Framework that keeps track of object allocations and garbage collections. To use
CLR Profiler, you first open it up and then use it to launch a .NET application.
Run the application as you normall would (though it will be much slower due to
the amount of information being collected), and then go back to CLR Profiler to
see the results.

These results are presented as a series of colorful graphs and histograms.
You can see which objects took up the most space, where they were created and
destroyed, which routines are heaviest, and so on. The graphs are well designed
and can be filtered to let you home in on the problem parts of your program very
quickly. There are commercial alternatives that do more, but if you want to get
a start with profiling objects, the price is certainly right here.

About the Author

Mike Gunderloy is the author of over 20 books and numerous articles on
development topics, and the lead developer for Larkware. Check out his MCAD
70-305, MCAD
70-306, and MCAD 70-310 Training Guides from Que Publishing. When he’s not
writing code, Mike putters in the garden on his farm in eastern Washington

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories