Turn http://bbs.ctocio.com.cn/home.php? MoD = Space & uid = 373635 & Do = Blog & id = 627
Windows sysinternals suite is a free system tool set officially provided by Microsoft. It has a large number of practical and free system maintenance software, such as virtutops (virtual desktop) and process Explorer (process browser) autoruns (system startup Item Management) and so on, each of which is a super-classic and super-practical tool. It is definitely worth your understanding, collection, and use. As there are too many built-in utility tools in this tool set, the following is a simple list of the basic information about each tool in this tool set. I hope it will be helpful when you choose to use it!
Next, I will sort out all the practical software in Windows sysinternals suite and give a brief introduction to each tool in order by the first letter of the name, because almost every software can be described in a long article, due to the time relationship, I will only make an introduction here:
Accesschk: displays the access permissions of a specified user or user group on files, registry keys, or Windows Services.
Accessenum: this is a simple but powerful tool that shows you who can use which access permissions to access the directories, files, and registry entries in your system. This tool can be used to search for permission vulnerabilities.
Adexplorer: an advanced activity directory viewing and editing tool that allows you to browse ad databases, customize quick portals, view object attributes, edit permissions, and perform exact search, you can also save snapshots of the AD database and view and compare them offline.
Adinsight: an LDAP (Lightweight Directory Access Protocol) Real-time Monitoring Tool designed to troubleshoot Active Directory Client Applications.
Adrestore: restores the deleted Server 2003 Active Directory object.
Autologon: password authentication is skipped during logon.
Autoruns: check which programs are configured to automatically start when the system starts and you log on. You can also configure the registry and file location configured for Automatic startup for the application.
Bginfo: A Configurable automatic desktop background Generation Program that generates desktop backgrounds containing important system information, including IP addresses, computer names, network adapters, and other information.
Cacheset: cacheset is a program that allows you to use the functions provided by nt to control the working set size of the cache manager. It is compatible with all versions of NT.
Clockres: displays the resolution of the system clock, that is, the maximum timer resolution.
Contig: Do you want to quickly fragment frequently used files? Optimize a single file using contig, or create continuous new files.
Coreinfo: a new command line utility that shows you the ing between logical processors and physical processors, numa nodes and their slots, and the cache allocated to each logical processor.
Ctrl2cap: A kernel-mode driver that demonstrates keyboard input filtering on a keyboard-type driver to convert caps-lock into a control key. At this level, filtering allows you to change and hide keys before nt just needs to "see" The Key. Ctrl2cap also shows how to use ntdisplaystring () to print messages that initialize the blue screen.
Debugview: Another priority program of sysinternals: This program intercepts the call of the device driver to dbuplint and the outputdebugstring generated by Win32. It allows you to view and record debugging session output on a local computer or over the Internet without using an active debugger.
Desktops: this tool can create up to four virtual desktops, use the taskbar interface or hot key to preview the content on each desktop and easily switch between these desktops.
Disk2vhd: simplifies migration from a physical system to a virtual machine (p2v.
Diskext: displays the ing between volume partitions and disks.
Diskmon: capture all activities of the hard disk, or appear in the tray as a hard disk activity indicator.
Diskview: Displays disk space usage and file and folder space usage intuitively.
Efsdump: displays information about encrypted files.
Handle: A small command line tool that shows which files are opened by which processes, and more information.
Hex2dec: convert a hexadecimal number to a decimal number or a reverse conversion.
Junction: Create a symbolic link on an NTFS Volume (similar to a Linux Symbolic Link, which is quite practical if used flexibly ).
Ldmdump: dumping the database content of the Logical Disk Manager on the disk, which describes the partition of the Dynamic Disk in Windows 2000.
Listdlls: lists all currently loaded DLLs, their locations, and versions. Version 2.0 displays the complete path name of the loaded modules.
Livekd: Use the Microsoft kernel debugger or the MS kernel debugging tool windbg in the live (CD) system.
Loadorder: view the order in which the device is loaded to the WINNT/2 K system.
Logonsessions: List active login sessions in the system.
Movefile: allows you to execute the move and delete commands during the next restart of the system. This is useful for clearing stubborn or malicious files in use.
Ntfsinfo: You can view detailed information about NTFS volumes, including the size and location of the master file table (MFT) and MFT-zone, as well as the NTFS metadata file size.
Pagedefrag: defragmentation of your paging files and registry configuration units.
Pendmoves: lists the commands to be renamed and deleted at the next startup of the system.
Pipelist: displays named pipelines on the system, including the maximum number of instances for each pipeline and the number of active instances.
Portmon: uses advanced monitoring tools to monitor the activity of serial ports and parallel ports. It can recognize all the standard serial and parallel ioctl, and even display part of the data being sent and received. Version 3.x has powerful new UI enhancement and advanced filtering functions.
Procdump: This new command line utility is designed to capture process dump that is difficult to isolate and reproduce CPU peaks in other ways. This tool can also be used to create a process dump. It can monitor and generate a process dump when a process has a pending window or an unhandled exception.
Procexp: Find out which files, registry keys, and other objects are opened by the process, and the DLL files that have been loaded. This powerful utility can even display the owner of each process.
Procmon: monitors file systems, registries, processes, threads, and DLL activities in real time.
Running xec: processes are executed on a remote system.
Psfile: Used to help users view remotely opened files.
Psgetsid: displays the SID of a computer or user.
Psinfo: obtains information about the system.
Pskill: Terminate local or remote processes.
Pslist: displays information about processes and threads.
Psloggedon: displays the users logged on to a system.
Psloglist: Dump event log records.
Pspasswd: Change the account password.
Psservice: View and control the service.
Psshutdown: Shut down and restart the (optional) computer.
Pssuspend: suspends and continues the process.
Rammap: memory usage analysis tools in Windows 7 show the current system and process memory status and utilization.
Regdelnull: scans and deletes the registry key that contains embedded null characters. The standard registry editing tool cannot delete this registry key.
Regjump: Jump to the Registry path specified in regedit.
Rootkitrevealer: Scan rootkit-based malicious programs in the system.
Sdelete: securely overwrite sensitive files and use this DOD-compliant secure delete program to clear the available space of previously deleted files.
Shareenum: scan file sharing in the network and view its security settings to block security vulnerabilities.
Shellrunas: Use a convenient shell context menu item to start a program as another user.
Sigcheck: dump the file version information and check whether the image in the system has been digitally signed.
Streams: displays NTFS backup data streams
Strings: searches for ANSI/Unicode strings in a binary image.
Sync: Send cached data to the hard disk/Mobile Disk. (Release disk write cache)
Tcpvcon: a command line tool used to view the network connection (TCP/UDP) status of a specified process.
Tcpview: the active socket command line viewer. (You can easily check which software occupies what port and so on)
Vmmap is a virtual and physical memory analysis utility for processes.
Volumeid: Set the volume ID of the fat or NTFS drive.
Whois: Used to help users view the Internet address owner.
Winobj: a powerful tool for viewing Object Manager namespaces.
Zoomit: the auxiliary demo tool supports on-screen and drawing.
Because sysinternals suite has too many tools, I just briefly list the basic information about each tool in the tool set and hope to help you. If you need it, you can download sysinternals suite to obtain all the tools at a time. You can also download your favorite tools separately to familiarize yourself with and master these tools, your computer maintenance and application skills will be greatly improved without a dime.