by Chris Taylor
In April and May, I reviewed portions of
the Winternals Administrator’s Pak 3.0 — ERD Commander, Remote Recover,
and Disk Commander. This month, I wrap up the Admin Pak with reviews of
NTFSDOS Pro and Monitoring Tools.
When NTFS was introduced by Microsoft back
with Windows NT v3, many hailed it as a real breakthrough. Finally, we
had a journaling file system that was far more robust than the old FAT
file system. But with that robustness came a price. It was no longer possible
to access a disk that was formatted as NTFS unless you were in Windows
That made for a real problem when it came
to trouble-shooting. If you could not get Windows NT to boot, you could
not get access to the file system to attempt to fix the problem. A real
Well, the folks at Winternals came to the
rescue with NTFSDOS. Currently at v4.02 in the “Pro” version, it permits
you to access NTFS-formatted drives from MS-DOS. NTFSDOS Pro uses the existing
NTFS drivers from Windows NT/2K/XP. Since it is Microsoft’s driver code
being loaded, compatibility is assured. Very slick!
You must supply your own DOS boot disk
and it must be at least DOS5. However, it is recommended that you use at
least DOS7 — the version included with Windows 95 and 98 — as that is the
first version to support long file names. As well, to set up an NTFSDOS
boot disk, you need to have a working copy of NT, 2K, or XP somewhere,
as it needs to make copies of some of the files.
A wizard walks you through the creation
of a pair of diskettes. The instructions they provide might lead you to
believe you can add NTFSDOS Pro to a bootable DOS disk. The problem is,
once the disk is bootable, there is not enough remaining disk space to
add the required files for NTFSDOS. Fortunately, it is easy enough to work
around this problem. Just feed blank, formatted floppies to the wizard.
Then, boot with a bootable DOS disk, swap out the disk for the disk containing
NTFSDOS and load the program.
Once loaded, NTFSDOS will find all hard
drive partitions and assign them drive letters. From there, you have complete
read/write access to the NTFS partitions. You can replace corrupted files,
edit configuration files, run anti-virus software, etc.
Also included is NTFSCHK, which is similar
to CHKDSK included in NT, 2K, and XP. It allows you to boot from DOS and
perform a standard repair process on an NTFS volume. Very nice.
The final portion of the Administrator
Pak v3.0 is Monitoring Tools, which is actually a pair of programs—Filemon/EE
and Regmon/EE. These are two terrific trouble-shooting programs designed
to shed some light on what is going on under the hood. Filemon/EE monitors
accesses to the file system and Regmon/EE monitors accesses to the registry.
More frequently that I would like, I have
seen programs fail (most frequently installation programs) with obscure
messages such as “file not found”. The problem is that they frequently
give you no clue as to what file was not found.
Filemon/EE, monitors all attempted file
system accesses. It gives a time stamp, the process that was attempting
the access, what type of request was attempted, the full path to the file
being accessed, the result, and “Other”. Typically, this last bit of information
gives you things like an offset into the file being accessed, attributes
being set on a file, etc.
If you are having a problem with file access,
you can start Filemon/EE and then run the problem program. Once you get
the error, you can switch over to Filemon/EE and look for the error. Then
you at least have a fighting chance of figuring out what went wrong and
how to fix it. I will caution you, there is typically a huge amount of
info you have presented to you. On my system, with about a dozen programs
running, but (I thought) not doing much, I generated over 3,000 lines of
information in Filemon/EE in under a minute!
Also be aware that, unless you are a programmer,
it is highly unlikely you will really understand all the information presented.
File system requests such as “fsctl_is_volume_mounted” are Greek to me.
Fortunately, in most cases you are looking for more obvious problems, such
as a failure of an “open” request.
Regmon/EE works the same way as Filemon/EE,
but instead monitors registry accesses. The information it reports is the
time stamp, the process attempting a registry access, what the request
was (such as querying a key or setting a value), the path in the registry,
the result, and “Other”. Typically, the “Other” column is used to detail
values read or written.
Like Filemon/EE, Regmon/EE generates a
of information. On my system, I had about 500 registry accesses in the
first minute of operation. And again, like Filemon/EE, most of it was pretty
Greek to me. But if you are trying to trouble-shoot a problem, it may jump
out at you when you see, for example, a registry write being denied. Maybe
someone tightened down security on registry keys more tightly than a particular
application can deal with.
Filemon/EE and Regmon/EE share many capabilities.
First, the /EE portion of the name stands for “Enterprise Edition” and
indicates that you can monitor a remote system over the network. You can
also filter and highlight lines based on certain text. You can pause scrolling
and capturing of data. You can print or save out the information to a file.
And you can set the windows to be “always on top”.
Like most of Winternals programs, both
Filemon/EE and Regmon/EE provide a wealth of information that generally
will not help the true novice. But if you have any degree of skill at trouble-shooting,
they provide you with that extra information you may need to understand
what is going wrong.
All three programs in this review are available
in more limited forms from the www.sysinternals.com site. Sysinternals
is run by the Winternal folks, but contains a wealth of free utilities.
Among other things at the site, you can find NTFSDOS v3.02, Filemon v4.34,
and Regmon v4.34
NTFSDOS works basically the same as NTFSDOS
Pro, but in read-only mode. Filemon and Regmon are very similar to the
“EE” versions but lack the ability to save to a log file as the data is
generated and they can only access the local system, not other systems
over the wire.
NTFSDOS Pro – a drive formatted with NTFS
and a DOS bootable diskette (at least DOS5, DOS7 recommended)
Monitoring Tools – Windows 95 through Windows
Administrator’s Pak v3.0 – US$699
NTFSDOS Pro v4.02 – US$299
Monitoring Tools – US$44
Web site: http://www.winternals.com
Originally published: June, 2002
top of page
The opinions expressed in these reviews
do not necessarily represent the views of the
Ottawa PC Users' Group or its members.