Wednesday, February 14, 2007

The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools

Mark Russinovich the guy who revealed to the world that Sony CDs had that nasty rootkit installed has made available a single suite of tools for download. These tools are a must have for every single windows developer.

The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault.

Download it here

Here is what is included:

• AccessChk

v2.0 (11/1/2006)
This tool shows you the accesses the user or group you specify has to files, Registry keys or Windows services.

• AccessEnum

v1.32 (11/1/2006)
This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions.

• AdRestore

v1.1 (11/1/2006)
Undelete Server 2003 Active Directory objects

• Autologon

v2.10 (11/1/2006)
Bypass password screen during logon.

• Autoruns

v8.61 (1/22/2007)
See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.

• BgInfo

v4.0 (11/1/2006)
This fully-configurable program automatically generates desktop backgrounds that include important information about the system including IP addresses, computer name, network adapters, and more.

• BlueScreen

v3.2 (11/1/2006)
This screen saver not only accurately simulates Blue Screens, but simulated reboots as well (complete with CHKDSK), and works on Windows NT 4, Windows 2000, Windows XP, Server 2003 and Windows 9x.

[EDIT]
BlueScreen is NOT part of the suite, you can download it here
[/EDIT]

• CacheSet

v1.0 (11/1/2006)
CacheSet is a program that allows you to control the Cache Manager's working set size using functions provided by NT. It's compatible with all versions of NT and full source code is provided.

• ClockRes

v1.0 (11/1/2006)
View the resolution of the system clock, which is also the maximum timer resolution

• Contig

v1.53 (11/1/2006)
Wish you could quickly defragment your frequently used files? Use Contig to optimize individual files, or to create new files that are contiguous.

• Ctrl2cap

v2.0 (11/1/2006)
This is a kernel-mode driver that demonstrates keyboard input filtering just above the keyboard class driver in order to turn caps-locks into control keys. Filtering at this level allows conversion and hiding of keys before NT even "sees" them. Full source is included. Ctrl2cap also shows how to use NtDisplayString() to print messages to the initialization blue-screen.

• DebugView

v4.64 (1/8/2007)
Another first from Sysinternals: This program intercepts calls made to DbgPrint by device drivers and OutputDebugString made by Win32 programs. It allows for viewing and recording of debug session output on your local machine or across the Internet without an active debugger.

• DiskExt

v1.0 (11/1/2006)
Display volume disk-mappings

• DiskView

v2.21 (11/1/2006)
Graphical disk sector utility

• Diskmon

v2.01 (11/1/2006)
This utility captures all hard disk activity or acts like a software disk activity light in your system tray.

• Du

v1.31 (11/1/2006)
View disk usage by directory

• EFSDump

v1.02 (11/1/2006)
View information for encrypted files

• Filemon

v7.04 (11/1/2006)
This monitoring tool lets you see all file system activity in real-time.

• Handle

v3.20 (11/1/2006)
This handy command-line utility will show you what files are open by which processes, and much more.

• Hex2dec

v1.0 (11/1/2006)
Convert hex numbers to decimal and vice versa.

• Junction

v1.04 (11/1/2006)
Create Win2K NTFS symbolic links

• LDMDump

v1.02 (11/1/2006)
Dump the contents of the Logical Disk Manager's on-disk database, which describes the partitioning of Windows 2000 Dynamic disks.

• ListDLLs

v2.25 (11/1/2006)
List all the DLLs that are currently loaded, including where they are loaded and their version numbers. Version 2.0 prints the full path names of loaded modules.

• LiveKd

v3.0 (11/1/2006)
Use Microsoft kernel debuggers to examine a live system.

• LoadOrder

v1.0 (11/1/2006)
See the order in which devices are loaded on your WinNT/2K system

• MoveFile

v1.0 (11/1/2006)
Allows you to schedule move and delete commands for the next reboot.

• LogonSessions

v1.1 (11/1/2006)
List the active logon sessions on a system.

• NewSID

v4.10 (11/1/2006)
Learn about the computer SID problem everybody has been talking about and get a free computer SID changer, NewSID, complete with full source code.

• NTFSInfo

v1.0 (11/1/2006)
Use NTFSInfo to see detailed information about NTFS volumes, including the size and location of the Master File Table (MFT) and MFT-zone, as well as the sizes of the NTFS meta-data files.

• PageDefrag

v2.32 (11/1/2006)
Defragment your paging files and Registry hives!

• PendMoves

v1.1 (11/1/2006)
Enumerate the list of file rename and delete commands that will be executed the next boot

• Portmon

v3.02 (11/1/2006)
Monitor serial and parallel port activity with this advanced monitoring tool. It knows about all standard serial and parallel IOCTLs and even shows you a portion of the data being sent and received. Version 3.x has powerful new UI enhancements and advanced filtering capabilities.

• Process Explorer

v10.21 (11/1/2006)
Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.

• Process Monitor

v1.01 (11/9/2006)
Monitor file system, Registry, process, thread and DLL activity in real-time.

• ProcFeatures

v1.10 (11/1/2006)
This applet reports processor and Windows support for Physical Address Extensions and No Execute buffer overflow protection.

• PsExec

v1.80 (2/12/2007)
Execute processes with limited-user rights.

• PsFile

v1.02 (12/4/2006)
See what files are opened remotely.

• PsGetSid

v1.43 (12/4/2006)
Displays the SID of a computer or a user.

• PsInfo

v1.74 (12/4/2006)
Obtain information about a system.

• PsKill

v1.12 (12/4/2006)
Terminate local or remote processes.

• PsList

v1.28 (12/4/2006)
Show information about processes and threads.

• PsLoggedOn

v1.33 (12/4/2006)
Show users logged on to a system

• PsLogList

v2.64 (12/4/2006)
Dump event log records.

• PsPasswd

v1.22 (12/4/2006)
Changes account passwords.

• PsService

v2.21 (12/4/2006)
View and control services.

• PsShutdown

v2.52 (12/4/2006)
Shuts down and optionally reboots a computer.

• PsSuspend

v1.06 (12/4/2006)
Suspend and resume processes.

• PsTools

v2.43 (2/12/2007)
The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.

• RegDelNull

v1.10 (11/1/2006)
Scan for and delete Registry keys that contain embedded null-characters that are otherwise undeleteable by standard Registry-editing tools.

• RegHide

v1.0 (11/1/2006)
Creates a key called "HKEY_LOCAL_MACHINE\Software\Sysinternals\Can't touch me!\0" using the Native API, and inside this key it creates a value.

• Regjump

v1.01 (11/1/2006)
Jump to the registry path you specify in Regedit.

• Regmon

v7.04 (11/1/2006)
This monitoring tool lets you see all Registry activity in real-time.

• RootkitRevealer

v1.71 (11/1/2006)
Scan your system for rootkit-based malware

• SDelete

v1.51 (11/1/2006)
Securely overwrite your sensitive files and cleanse your free space of previously deleted files using this DoD-compliant secure delete program. Complete source code is included.

• ShareEnum

v1.6 (11/1/2006)
Scan file shares on your network and view their security settings to close security holes.

• Sigcheck

v1.30 (11/1/2006)
Dump file version information and verify that images on your system are digitally signed.

• Streams

v1.53 (11/1/2006)
Reveal NTFS alternate streams

• Strings

v2.30 (11/1/2006)
Search for ANSI and UNICODE strings in binaryimages.

• Sync

v2.0 (11/1/2006)
Flush cached data to disk

• TCPView

v2.40 (11/1/2006)
Active socket command-line viewer.

• VolumeId

v2.0 (11/1/2006)
Set Volume ID of FAT or NTFS drives

• Whois

v1.01 (11/1/2006)
See who owns an Internet address.

• Winobj

v2.15 (11/1/2006)
The ultimate Object Manager namespace viewer is here.

• ZoomIt

v1.21 (1/19/2007)
Presentation utility for zooming and drawing on the screen.

5 comments:

  1. Anonymous5:47 AM

    BlueScreen screen saver is NOT included in the Suite archive you reference.

    ReplyDelete
  2. You have to click the agree button to run some of the utilities.

    ReplyDelete
  3. Anonymous10:57 PM

    thanks a lot for these, they are very useful. Is there any way to make it so you don't have to OK through the agreement ever time?

    ReplyDelete
  4. Anonymous7:11 AM

    All the pstools accept "-accepteula" as an argument....

    ReplyDelete
  5. PSKill was just flagged by AVAST as a Trojan Horse.

    Is AVAST mistaken or is PSKill unsafe ??

    ReplyDelete