Using Process Explorer without an Internet Connection

In the earlier post on Memory Management – Understanding Pool Resources, it was mentioned that it was possible to use Process Explorer to view the limit for both Paged and NonPaged Pool by installing the Microsoft Debugging Tools and configure the Symbol Path so that Process Explorer could pull the information for the Paged and NonPaged Pool […]

In the earlier post on Memory Management – Understanding Pool Resources, it was mentioned that it was possible to use Process Explorer to view the limit for both Paged and NonPaged Pool by installing the Microsoft Debugging Tools and configure the Symbol Path so that Process Explorer could pull the information for the Paged and NonPaged Pool limits.  That all seemed fairly straightforward, right?  Well, that doesn’t always work so well for every customer – we have many customers who have systems that have no Internet connectivity at all, and in some cases no connectivity to any systems outside of the subnet on which they sit.  So short of capturing a dump file (which is not always feasible) and using the !vm command to view the memory information, how can we get this information?

The answer lies in the Debugging Tools themselves.  Install the Debugging Tools and Process Explorer on the system with no Network access (which we will call ISLAND for the purposes of this post) for which you want to view the information.  You will also need to install the Debugging Tools on a system that has access to the Internet (we’ll call this system CLOUD).  Once everything is installed, we can use the SYMCHECK.EXE utility with a couple of switches and our second machine to get the symbols we need.

On ISLAND, run the following command from a command prompt.  You’ll need to change directories to the folder in which you installed the Debugging Tools:  symchk.exe /om c:\symlist /if c:\windows\system32\ntoskrnl.exe as shown below: