Sysinternals Tool List
will introduce you to the impressive Windows
programs/applications/tools developed by Sysinternals. Everyone here at
M.I.C.A. is very thankful for them. The Sysinternals web site was created in 1996 by
Mark
Russinovich and Bryce Cogswell to host their advanced system
utilities and technical information, and after many determined years of
hard work, Microsoft
acquired Sysinternals in July, 2006 (this was a very smart move by
Microsoft).
Mark is now dug in at
Microsoft, working on the many new exciting projects for XP and
Vista. Whether you’re an IT Pro or a developer, you’ll find a
Sysinternals utilities to help you manage, troubleshoot or diagnose
your next Windows systems & applications adventure!
If you have a question
about a tool or how to use them, please visit the
Sysinternals Forum for
answers and help from other users and our moderators.
Click on the name to download the small
application directly from Microsoft. Currently, you can only get
these free tools from Microsoft.
| • |
Sysinternals Suite The entire set of
Sysinternals Utilities rolled up into a single
download. |
| • |
AccessChk v3.0 (2/27/2007)
This tool shows you the accesses the user or group
you specify has to files, Registry keys or Windows
services. |
| • |
AccessEnum v1.32 (11/1/2006)
This simple yet powerful security tool shows you who
has what access to directories, files and Registry
keys on your systems. Use it to find holes in your
permissions. |
| • |
AdRestore v1.1 (11/1/2006)
Undelete Server 2003 Active Directory objects |
To the Top
| • |
Autologon v2.10 (11/1/2006)
Bypass password screen during logon. |
| • |
Autoruns v8.61 (1/22/2007)
See what programs are configured to startup
automatically when your system boots and you login.
Autoruns also shows you the full list of Registry
and file locations where applications can configure
auto-start settings. |
| • |
BgInfo v4.10 (3/16/2007)
This fully-configurable program automatically
generates desktop backgrounds that include important
information about the system including IP addresses,
computer name, network adapters, and more. |
| • |
BlueScreen v3.2 (11/1/2006)
This screen saver not only accurately simulates Blue
Screens, but simulated reboots as well (complete
with CHKDSK), and works on Windows NT 4, Windows
2000, Windows XP, Server 2003 and Windows 9x. |
| • |
CacheSet v1.0 (11/1/2006)
CacheSet is a program that allows you to control the
Cache Manager's working set size using functions
provided by NT. It's compatible with all versions of
NT and full source code is provided. |
| • |
ClockRes v1.0 (11/1/2006)
View the resolution of the system clock, which is
also the maximum timer resolution |
| • |
Contig v1.54 (3/21/2007)
Wish you could quickly defragment your frequently
used files? Use Contig to optimize individual files,
or to create new files that are contiguous. |
| • |
Ctrl2cap v2.0 (11/1/2006)
This is a kernel-mode driver that demonstrates
keyboard input filtering just above the keyboard
class driver in order to turn caps-locks into
control keys. Filtering at this level allows
conversion and hiding of keys before NT even "sees"
them. Full source is included. Ctrl2cap also shows
how to use NtDisplayString() to print messages to
the initialization blue-screen. |
| • |
DebugView v4.64 (1/8/2007)
Another first from Sysinternals: This program
intercepts calls made to DbgPrint by device drivers
and OutputDebugString made by Win32 programs. It
allows for viewing and recording of debug session
output on your local machine or across the Internet
without an active debugger. |
| • |
DiskExt v1.0 (11/1/2006)
Display volume disk-mappings |
To the Top
| • |
DiskView v2.21 (11/1/2006)
Graphical disk sector utility |
| • |
Diskmon v2.01 (11/1/2006)
This utility captures all hard disk activity or acts
like a software disk activity light in your system
tray. |
| • |
Du v1.31 (11/1/2006)
View disk usage by directory |
| • |
EFSDump v1.02 (11/1/2006)
View information for encrypted files |
| • |
Filemon v7.04 (11/1/2006)
This monitoring tool lets you see all file system
activity in real-time. |
| • |
Handle v3.20 (11/1/2006)
This handy command-line utility will show you what
files are open by which processes, and much more. |
| • |
Hex2dec v1.0 (11/1/2006)
Convert hex numbers to decimal and vice versa. |
To the Top
| • |
Junction v1.04 (11/1/2006)
Create Win2K NTFS symbolic links |
| • |
LDMDump v1.02 (11/1/2006)
Dump the contents of the Logical Disk Manager's
on-disk database, which describes the partitioning
of Windows 2000 Dynamic disks. |
| • |
ListDLLs v2.25 (11/1/2006)
List all the DLLs that are currently loaded,
including where they are loaded and their version
numbers. Version 2.0 prints the full path names of
loaded modules. |
| • |
LiveKd v3.0 (11/1/2006)
Use Microsoft kernel debuggers to examine a live
system. |
| • |
LoadOrder v1.0 (11/1/2006)
See the order in which devices are loaded on your
WinNT/2K system |
| • |
MoveFile v1.0 (11/1/2006)
Allows you to schedule move and delete commands for
the next reboot. |
| • |
LogonSessions v1.1 (11/1/2006)
List the active logon sessions on a system. |
| • |
NewSID v4.10 (11/1/2006)
Learn about the computer SID problem everybody has
been talking about and get a free computer SID
changer, NewSID, complete with full source code. |
| • |
NTFSInfo v1.0 (11/1/2006)
Use NTFSInfo to see detailed information about NTFS
volumes, including the size and location of the
Master File Table (MFT) and MFT-zone, as well as the
sizes of the NTFS meta-data files. |
To the Top
| • |
PageDefrag v2.32 (11/1/2006)
Defragment your paging files and Registry hives! |
| • |
PendMoves v1.1 (11/1/2006)
Enumerate the list of file rename and delete
commands that will be executed the next boot |
| • |
Portmon v3.02 (11/1/2006)
Monitor serial and parallel port activity with this
advanced monitoring tool. It knows about all
standard serial and parallel IOCTLs and even shows
you a portion of the data being sent and received.
Version 3.x has powerful new UI enhancements and
advanced filtering capabilities. |
| • |
Process Explorer v10.21 (11/1/2006)
Find out what files, registry keys and other objects
processes have open, which DLLs they have loaded,
and more. This uniquely powerful utility will even
show you who owns each process. |
| • |
Process Monitor v1.12 (4/6/2007)
Monitor file system, Registry, process, thread and
DLL activity in real-time. |
| • |
ProcFeatures v1.10 (11/1/2006)
This applet reports processor and Windows support
for Physical Address Extensions and No Execute
buffer overflow protection. |
| • |
PsExec v1.82 (3/5/2007)
Execute processes with limited-user rights. |
| • |
PsFile v1.02 (12/4/2006)
See what files are opened remotely. |
| • |
PsGetSid v1.43 (12/4/2006)
Displays the SID of a computer or a user. |
| • |
PsInfo v1.74 (12/4/2006)
Obtain information about a system. |
| • |
PsKill v1.12 (12/4/2006)
Terminate local or remote processes. |
| • |
PsList v1.28 (12/4/2006)
Show information about processes and threads. |
To the Top
| • |
PsLoggedOn v1.33 (12/4/2006)
Show users logged on to a system |
| • |
PsLogList v2.64 (12/4/2006)
Dump event log records. |
| • |
PsPasswd v1.22 (12/4/2006)
Changes account passwords. |
| • |
PsService v2.21 (12/4/2006)
View and control services. |
| • |
PsShutdown v2.52 (12/4/2006)
Shuts down and optionally reboots a computer. |
| • |
PsSuspend v1.06 (12/4/2006)
Suspend and resume processes. |
| • |
PsTools v2.43 (2/12/2007)
The PsTools suite includes command-line utilities
for listing the processes running on local or remote
computers, running processes remotely, rebooting
computers, dumping event logs, and more. |
| • |
RegDelNull v1.10 (11/1/2006)
Scan for and delete Registry keys that contain
embedded null-characters that are otherwise
undeleteable by standard Registry-editing tools.
|
| • |
RegHide v1.0 (11/1/2006)
Creates a key called "HKEY_LOCAL_MACHINE\Software\Sysinternals\Can't
touch me!\0" using the Native API, and inside this
key it creates a value. |
| • |
Regjump v1.01 (11/1/2006)
Jump to the registry path you specify in Regedit.
|
To the Top
| • |
Regmon v7.04 (11/1/2006)
This monitoring tool lets you see all Registry
activity in real-time. |
| • |
RootkitRevealer v1.71 (11/1/2006)
Scan your system for rootkit-based malware |
| • |
SDelete v1.51 (11/1/2006)
Securely overwrite your sensitive files and cleanse
your free space of previously deleted files using
this DoD-compliant secure delete program. Complete
source code is included. |
| • |
ShareEnum v1.6 (11/1/2006)
Scan file shares on your network and view their
security settings to close security holes. |
| • |
Sigcheck v1.30 (11/1/2006)
Dump file version information and verify that images
on your system are digitally signed. |
| • |
Streams v1.53 (11/1/2006)
Reveal NTFS alternate streams |
| • |
Strings v2.30 (11/1/2006)
Search for ANSI and UNICODE strings in binaryimages.
|
| • |
Sync v2.0 (11/1/2006)
Flush cached data to disk |
| • |
TCPView v2.40 (11/1/2006)
Active socket command-line viewer. |
| • |
VolumeId v2.0 (11/1/2006)
Set Volume ID of FAT or NTFS drives |
| • |
Whois v1.01 (11/1/2006)
See who owns an Internet address. |
| • |
Winobj v2.15 (11/1/2006)
The ultimate Object Manager namespace viewer is
here. |
| •
|
ZoomIt v1.30 (3/26/2007)
Presentation utility for zooming and drawing on the
screen. |
|
