Sysinternals Autoruns utility beefs up software debugging

A good thing always deserves to get better, and in this case, it has. Autoruns for Windows is one of the few utilities that any self-respecting admin should always have. It's just too useful to live

Requires Free Membership to View

without, and it's helped me debug countless machines that had entirely too much of the wrong kind of software shoehorned into them.

For those not already in the know, Autoruns is one of a clutch of tools published by Microsoft mavens Mark Russinovich and Bryce Cogswell under the Windows Sysinternals banner. Autoruns probes a system and creates an enormously detailed report of every program, driver, hooking DLL and any other system component that gets loaded automatically.

The value of Sysinternals utilities for Windows

"I'm often surprised by the lack of Windows server administration tools that are used in some enterprises. Many administrators I work with just use the built-in tools that ship with Windows Server -- something I liken to going through life without experiencing the exhilaration of a powerful and great-handling sports car."
-- Kevin Beaver, CISSP

Read more: The very best Sysinternals tools for Windows server security

For systems that are running slowly or not at all, Autoruns is an invaluable way to figure out if a given software component is causing problems. You can non-destructively disable individual components, explore their Registry entries, view the presence of the loaded component in Process Explorer (another Sysinternals app that is too good to do without), save and compare scan results from two different machines, and perform a great many other troubleshooting tasks on top of all that. Recently, Autoruns has received a major revision to the left of the decimal point, as version 10.01 sports several new features that make it ever the more indispensible.

Offline system analysis. One long-time problem with Autoruns was that it did not allow you to analyze a system unless it was actually running—a bit of a Catch-22 if the system in question was not functioning well to begin with. Autoruns now lets you read data from a system's disk even if it's not running, as long as the system and user profile directories can be read.

To do this, you need to run the program as Administrator (there's an option for this in the program's own File menu), then select File | Analyze Offline System and point to the \Windows directory. You'll also need to point to a user profile directory; the default is in fact "Default", which may not give you the results you're looking for, so be cautious. Click OK and Autoruns will go to work. (I've seen a few instances where the program crashes while dumping an offline system, but those issues were mostly due to attempting to access a nonexistent user profile.)

Signed Windows entries are hidden by default. A quirk of previous versions of Autoruns was that it dumped out everything it found, which made it a little harder to separate the signal from the noise. It was tough to tell at a glance if the system components and auto-running programs you were being told about were worthy of your attention or not. The program did have a setting under the Options menu—"Hide Microsoft and Windows entries"—which cut down on the clutter by concealing everything that Microsoft put into the system by default. But you had to actually turn it on to reap its benefits, and many people only found out about it after having someone else clue them in.

As of version 10, this option is enabled by default, so what you see when you fire up the program automatically has all Microsoft- and Windows-native drivers and components excluded. This makes the debugging process a good deal less confusing from the get-go.

Finally, as before, the program comes with a command-line-only incarnation, autorunsc.exe, which comes in handy for scripting or unattended automation.

Figure 1. Autoruns version 10.01 (click to enlarge)

Serdar Yegulalp
has been writing about computers and information technology for more than 15 years for a variety of publications, including InformationWeek and Windows Magazine.

This was first published in June 2010

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.