Microsoft's best Sysinternals Suite toolkit User Guide

Microsoft's best Sysinternals Suite toolkit User Guide

Sort by the first letter of the name, click on each blue title link to go to the corresponding official Microsoft page, there are direct and more detailed usage of these toolkit. Because almost every software can be described in a long article, we will only introduce and list it here.

Each software can be downloaded separately. Of course, we recommend that you directly download the integrated version of sysinternals suite. In fact, this Toolkit is almost unchanged all the year round and basically kept at 10 MB. Remember: http://download.sysinternals.com/files/sysinternalssuite.zip.

Below is the list

I. Introduction to various tools and official Microsoft Web pages

Accesschk
To ensure a secure environment, a Windows Administrator usually needs to know which access permissions a specific user or user group has for resources such as files, directories, registry entries, and Windows Services. The accesschk can quickly answer these questions through an intuitive interface and output.

Accessenum
This simple but powerful security tool shows you who can use which access permissions to access directories, files, and registry entries in your system. You can use this tool to find the permission vulnerability.

Adexplorer
Active Directory Explorer is an advanced Active Directory (AD) viewer and editor.

Adinsight
An LDAP (Lightweight Directory Access Protocol) Real-time Monitoring Tool designed to troubleshoot Active Directory Client Applications.

Adrestore
Restore the deleted Server 2003 Active Directory object.

Autologon
The password screen is skipped during logon.

Autoruns
Check which programs are configured to automatically start when the system starts and you log on. Autoruns also provides a complete list of registry and file locations that the application can configure for Automatic startup.

BgInfo
This completely configurable program automatically generates a desktop background, which contains important information about the system's IP address, computer name, network adapter, and more.

BlueScreen
This screen saver not only accurately simulates the "blue screen", but also simulates the restart (to complete the CHKDSK ), it can also work on Windows NT 4, Windows 2000, Windows XP, Server 2003, and Windows 9x.

CacheSet
CacheSet is a program that allows you to use the functions provided by NT to control the working set size of the cache manager. It is compatible with all versions of NT.

ClockRes
View the system clock resolution, that is, the maximum timer resolution.

Contig
Do you want to quickly fragment frequently used files? Optimize a single file using Contig, or create continuous new files.

Coreinfo
Coreinfo is a new command line utility that shows you the ing between logical processors and physical processors, NUMA nodes and their slots, and the cache allocated to each logical processor.

Ctrl2cap
This is a kernel-mode driver that demonstrates keyboard input filtering on a keyboard-type driver to convert Caps-Lock into a control key. At this level, filtering allows you to change and hide keys before NT just needs to "see" The Key. Ctrl2cap also shows how to use NtDisplayString () to print messages that initialize the blue screen.

DebugView
Another priority program of Sysinternals: This program intercepts the call of the device driver to dbuplint and the OutputDebugString generated by Win32. It allows you to view and record debugging session output on a local computer or over the Internet without using an active debugger.

Desktops
You can use this new utility to create up to four virtual desktops, use the taskbar interface or hotkey to preview the content on each desktop, and easily switch between these desktops.

Disk2vhd
Disk2vhd simplifies migration from a physical system to a virtual machine (p2v.

DiskExt
Displays volume disk ing.

Diskmon
This utility captures all hard drive activity, or works like a software disk activity light in your system taskbar.

DiskView
Graphic disk sector utility.

Disk Usage (DU)
View disk usage by directory.

EFSDump
View the encrypted file information.

Handle
This easy-to-use command line utility shows which processes open files and more information.

Hex2dec
Convert a hexadecimal number to a decimal number or a reverse conversion.

Joint point
Create a Win2K NTFS symbolic link.

LDMDump
Dump the database content of the Logical Disk Manager on the disk, which describes the partition of the Dynamic Disk in Windows 2000.

ListDLLs
List all currently loaded DLL files, including the loading location and version number. Version 2.0 prints the complete path name of the loaded module.

LiveKd
Use the Microsoft kernel debugger to check the real system.

LoadOrder
View the order in which the device is loaded to the WinNT/2 K system.

LogonSessions
Lists active logon sessions in the system.

MoveFile
This allows you to execute the move and delete commands during the next restart of the system.

NTFSInfo
You can use NTFSInfo to view detailed information about NTFS volumes, including the size and location of the primary file table (MFT) and MFT, and the size of the NTFS metadata file.

PageDefrag
Fragment your paging files and registry configuration units.

PendMoves
Lists the commands to be renamed and deleted at the next startup of the system.

PipeList
Display the named MPs queue on the system, including the maximum number of instances and the number of active instances for each MPs queue.

PortMon
Use advanced monitoring tools to monitor the activity of serial ports and parallel ports. It can recognize all the standard serial and parallel IOCTL, and even display part of the data being sent and received. Version 3.x has powerful new UI enhancement and advanced filtering functions.

ProcDump
This new command line utility is designed to capture process dump that is difficult to isolate and reproduce CPU peaks in other ways. This tool can also be used to create a process dump. It can monitor and generate a process dump when a process has a pending window or an unhandled exception.

Process Explorer
Find out the files, registry keys, and other objects opened by the process, and the DLL files that have been loaded by the process. This powerful utility can even display the owner of each process.

Process Monitor
Monitors file systems, registries, processes, threads, and DLL activities in real time.

ProcFeatures
This small program reports support for "physical address extension" and "unexecuted" buffer overflow protection for processors and Windows.

Psexec
Execute a process on a remote system.

Psfile
View remotely opened files.

Psgetsid
Displays the SID of a computer or user.

Psinfo
Obtain information about the system.

Pskill
V1.13 (December 1, 2009)
Terminate a local or remote process.

Pslist
Displays information about processes and threads.

Psloggedon
Displays the users logged on to a system.

Psloglist
Dump event logging.

Pspasswd
Change the account password.

Psservice
View and control services.

Psshutdown
Disable and restart (optional) the computer.

Pssuspend
Pending and resuming processes.

Pstools
The pstools suite includes command line programs that list processes running on local or remote computers, remotely running processes, restarting computers, dumping event logs, and executing other tasks.

Regdelnull
Scan and delete the registry key that contains embedded null characters. The standard registry editing tool cannot delete this registry key.

Regjump
Jump to the Registry path specified in regedit.

Rootkitrevealer
Scan the system to find out rootkit-based malware.

SDelete
Securely overwrite sensitive files and use this DoD-compliant secure delete program to clear the available space of the previously deleted files.

ShareEnum
Scan file sharing on the network and view its security settings to disable security vulnerabilities.

ShellRunas
Use the Convenient shell context menu item to start the program as another user.

Sigcheck
Dump the file version information and check whether the image in the system has been digitally signed.

Streams
Displays NTFS backup data streams.

Strings
Search For ANSI and UNICODE strings in the binary image.

Sync
Refresh the cached data to the disk.

TCPView
The active socket command line viewer.

VMMap
VMMap is a virtual and physical memory analysis utility for processes.

VolumeId
Set the volume ID of the FAT or NTFS drive.

Whois
View the Internet address owner.

WinObj
Basic Object Manager namespace viewer.

ZoomIt
A demo utility for Zoom and drawing on the screen.