Tracking system resources with free WinObj utility from Sysinternals

Mark Russinovich and company did Microsoft one better with the WinObj tool for tracking Windows system resources, though there’s still room for improvement.

Deep inside Windows lies a subsystem called the Object Manager that is responsible for tracking every resource in the system. “Resources” can be files, Registry entries, hardware devices, running processes -- essentially everything in the system that can be named and addressed.

Most of the time, information about resources isn’t exposed directly to the end user since there’s no particular reason to do that. But an administrator or programmer will almost certainly need to know about resources for a variety of reasons. Some examples would be to audit security against objects or examine which system-wide symbolic links resolve to certain objects.

Originally, Microsoft created a utility called Winobj to probe the Object Manager namespace, but according to Mark Russinovich of Sysinternals fame, it’s terribly buggy and doesn’t return results for many object types. Russinovich decided to do Microsoft one better and wrote another version of the tool, also named WinObj (don’t get them confused!).

More Windows tools

  • TrueCrypt disk encryption: A cheap alternative to BitLocker?
  • Microsoft Web development tool simplifies website deployment
  • Changing file attributes in bulk with free utility

Russinovich’s WinObj runs on any client version of Windows XP on up, and any server version starting with Windows Server 2003. No installation is required and it can run from any folder. WinObj can also be run as a regular user, but many functions may not work correctly in this context. For the best results you should run it as a local administrator. If you forget to launch it as an admin, there’s a File menu option that lets you re-launch the program with elevated privileges.

The program is divided into two panes: a tree-view explorer that lists the hierarchy of namespaces in Object Manager, and a panel that lists the contents of the currently-selected hierarchy. The right-hand panel lists the names of objects, their type and any symbolic link that corresponds to the object. If you double-click on a symbolic link, you’ll be taken to the actual object that it points to.

If you right-click on an object listed in the right panel and select Properties, and you’ll see some basic details about the object along with a Security tab. Note that it is possible to change permissions on selected objects, but that’s something you should only mess with if you know what you’re doing.

WinObj for Sysinternals isn’t without its drawbacks, though. For example, there’s no way to interactively search the namespace. It would be handy to have a way to supply a name for an object or symbolic link and have WinObj return everything that matches that search term. As it is, you have to drill down manually through the object hierarchy to find things. There’s also no mechanism for exporting data for use outside the program, meaning you can’t dump an object list to text or XML (nor can you dump an object’s properties). Finally, there’s no command-line version of the program, which would be helpful with batch or Windows PowerShell scripts.

So clearly there’s a lot of room for expansion with this tool, but there are also few substitutes for it as it stands. Here’s hoping Russinovich and company see fit to build on WinObj in the same way they’ve expanded many of the other Sysinternals utilities.

Figure 1. Sysinternals WinObj 2.21 (click to enlarge)
Sysinternals WinObj 2.21

You can follow SearchWindowsServer.com on Twitter @WindowsTT.

Serdar Yegulalp has been writing about computers and information technology for more than 15 years for a variety of publications, including InformationWeek and Windows Magazine.

Dig Deeper on IT operations and infrastructure management

Cloud Computing
Enterprise Desktop
Virtual Desktop