sysinternals undelete

touch new file touch filename such as:touchfile1 New file named File1 in the current directory Note: 1) The same directory cannot create a file with the same name 2) the file name of Linux is case-sensitive mv Modify the file name (or the name of the directory), move the path mv old file name new file name ======= Modify the file name mv old directory name New directory name ======= "Modify directory name mv file name directory name ======= "Move path cp (copy abbreviation) Copy file (dir

Sysinternals tool. The command line is as follows:Export xec \ remote-c rootkitrealer.exe-a c: windowssystem32ootkit. logRootkitRevealerThis is a screenshot of RootkitRevealer's detection of HackerDefender rootkit. With RootkitRevealer, we can easily find the driver and service sub-keys and file storage addresses of HackerDefender stored in the registry.By using the information scanned by RootkitRevealer, you can determine which Rootkit your machine

connection. Upgrade anti-virus software to prevent viruses. You can click Start, Run, enter msconfig, open the System Configuration Utility, click the BOOT. INI tab, and modify it. Then, restart the system to enter the Secure Mode with network connections. 4. manually clear Because pandatv is an infectious virus, manual removal is quite troublesome. The manual removal solution released by netizens can only end the virus process manually. A program that has been infected with the pandatv virus

Sometimes it is really interesting to write and debug a program. For example, this time, the program has been done well.Netstat or other tools that list ports, such as fport or sysinternals Tcpview, call the API in Iphlpapi. dll to list ports. The API in Iphlpapi. dll eventually uses ZwDeviceIoControlFile to send IOCTL_TCP_QUERY_INFORMATION_EX to the device object DeviceTcp to obtain various information. Therefore, we only need to Hook the correspondi

Use mimikatz to obtain the win7 Password Mimikatz: Http://www.webshell.cc/wp-content/uploads/2012/02/mimikatz_trunk.zip Http://blog.gentilkiwi.com/downloads/mimikatz_trunk.zip Blog.gentilkiwi.com should be a French blog. Use mimikatz to obtain the win7 password: Microsoft Windows [version 6.1.7600] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C: \ Users \ Administrator> cd C: \ mimikatz_trunk \ toolsC: \ mimikatz_trunk \ tools> export xec.exe \ 127.0.0.1 cmd.exe uninstall x

Task Manager, process-> to get the dump file of the current process. I used the following program to generate the dump file:Procdump: Https://technet.microsoft.com/en-us/sysinternals/dd996900.aspxFor the use of the ProDump program, refer to the following two blog articles:High CPU Dump collection tool-ProcDump usage This article introduces a useful dump capture tool-ProcDump In the command line, run this program: procdump -ma mydotNetApp.exe d:\myapp

partition, remember: You must note that if you set the publisher to Microsoft in the Rules, tools such as Sysinternals are also enabled. You need to monitor the access permissions of the folder when using the path. If anyone can write to a folder that you trust, AppLocker will be bypassed because it has no meaning. If you try to block the execution in the Temporary Folder, AppLocker can do it as required. But it will also break a lot of things for yo

(Newarr.pop () + "} Output:["A", "B", "C"]CBAThe reviver function is typically used to convert the JSON representation of a date string from the International Organization for Standardization (ISO) to a Coordinated Universal Time (UTC) format Date object. This example uses Json.parse to deserialize a date string in ISO format. The Datereviver function returns a Date object for a member formatted as an ISO date string . var jsontext = ' {' hiredate ': ' 2008-01-01t12:00:00z ', ' birthdate ': ' 2

isolate the session, the Basin simple summary: The first is Terminal Services, the session is invented for this technology. Fast User Switching, which is actually the same as Terminal Services, except that Fast User Switching only provides the latest logged-on user's desktop (shell). Starting with Windows Vista, system-level processes and services run in Session 0, which is why we can no longer use the "mstsc/console" command to log on to the server's console session. Starting w

partition.6. Junction PointCompared to Hardlink,junction point can be regarded as the hard connection of the folder, Vista Junction has been replaced by a complete symbolic connection.7. Reparse pointIt's a bit similar to Hardlink, but for folders or fsutil commands to manageC:\windows\system32>fsutil Reparsepoint----Supported Reparsepoint commands----Query for a re-analysis pointDelete Remove a re-analysis pointBut if you want to build it, you can create it by

supR3HardenedErrorV:supR3HardenedMonitor_LdrLoadDll:rejecting ' C:\Windows\system32\uxtheme.dll ' ( C:\Windows\system32\uxtheme.dll): rcnt=0xc0000190 Reason Because most people use the ghost system will crack Uxtheme.dll file cause VirtualBox start failure Verify Uxtheme.dll Download the Microsoft Sigcheck Tool Http://technet.microsoft.com/en-us/sysinternals/bb897441.aspx Run command Sigcheck-i-a-h C:\windows\system32\uxtheme.dll Show results The

Windows XP prompts a file or folder to be consumed and cannot be deleted when deleting a file or folderWorkaround:Win7:WinXPRequires third-party tools Unlocker, 360, Process Explorer (this is supported by Microsoft)After the tool finds the process that occupies the file or folder, end the processTake Process Explorer For example:Https://download.sysinternals.com/files/ProcessExplorer.ziphttps://technet.microsoft.com/en-us/sysinternals/bb896653/Find th

Using junction, Address:https://technet.microsoft.com/en-us/sysinternals/bb896768Installation:1. After downloading the Junction.exe, copy the file to C:\Windows\System32;2. Double click to run, select agree, install complete;3. Open the Command Line window to create and delete the soft chain;To create a command:Junction D:\java\iapp\resource "D:\webresource"Junction D:\java\student\resource "D:\webresource"D:\webresource are physical directories on di

When operating systems identify users and computers, they are not identified by names, but by SID numbers. What is a SID number? The Chinese name of a SID is a security identifier, this is a bit similar to our ID card number. It is a long string of characters. When you create an account, the system will assign it a SID number, after you delete this account, create another account with the same name, even if the password is the same, but the two accounts are definitely different, because the SID

passwordNote: all Microsoft Windows system default administrator users are administator and the password is set by yourself, the system does not have a default password2. Running the native Windows service, successfully accessing the network drive ZReferencesHttp://stackoverflow.com/questions/18632193/directory-exists-returns-false-for-mapped-drive-in-c-sharp-codingHttp://stackoverflow.com/questions/3622089/windows-service-cant-access-network-shareHttp://serverfault.com/questions/177139/windows

, Windbg->file->symbol File Path input in the interface Srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols; and select Reload , WINDBG will automatically download for you, the key is to check Reload . 5,instdrv software (for installation, start, stop, uninstall Drive)Note:srvinstw.exe can also install and unload the sys file, but you need to execute the net start under the cmd Command Window the driver name,net stop driver name to start, stop the service. 6.64signer-v1.2(Win7 pri

, for example, $ session1 = new-pssession-computer server1. Use the Credential parameter if necessary .) 2. remotely execute scripts or script files in sessions): Use the Invoke-Command to execute remote scripts, such as Invoke-Command-Session $ session1-ScriptBlock {dir c: \} or Invoke-Command-Session $ session1-FilePath. \ dirDriveC. ps1 3. Get the result: You can assign the execution result to a variable, for example, $ sub = Invoke-Command-Session $ session1-ScriptBlock {dir c: \} or $ sub =

BKJIA: WindowsPager is a free virtual desktop management tool that allows us to manage multiple virtual applications on our desktop. Channel recommendation: Ten Sysinternals tools (for download) Many virtual desktop management tools on Linux have been well received. However, it is strange that Microsoft has not released such functional software on its Windows system. Virtual desktop management tools may confuse users, because applications running on t

functions are similar to those under the process tag. At the same time, when you enter "msconfig" in the running state to switch to the Startup tag, the original content is gone and direct to the task manager. Without the classic Start Menu, you can add shortcuts to the directory "C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ StartUp "(you can enter" shell: startup "during running to open it directly) in this way, you can add shortcuts to the Start menu for auto-start in the

installation to the desktop for the first time, the first thought is that the interface is very similar to Windows 8, but it seems that there is a genome containing Windows 7 in the depth, which is really tangled! In addition to the final regression of the Start menu, the entire interface is very simple and refreshing. The desktop application icons show the flat feature of IOS, the window border is narrow, the window color and desktop background are very matched, and the overall feeling is ver