Mark Russinovich the guy who revealed to the world that Sony CDs had that nasty rootkit installed has made available a single suite of tools for download. These tools are a must have for every single windows developer.
The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault.
Download it here
Here is what is included:
• AccessChk
v2.0 (11/1/2006)
This tool shows you the accesses the user or group you specify has to files, Registry keys or Windows services.
• AccessEnum
v1.32 (11/1/2006)
This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions.
• AdRestore
v1.1 (11/1/2006)
Undelete Server 2003 Active Directory objects
• Autologon
v2.10 (11/1/2006)
Bypass password screen during logon.
• Autoruns
v8.61 (1/22/2007)
See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.
• BgInfo
v4.0 (11/1/2006)
This fully-configurable program automatically generates desktop backgrounds that include important information about the system including IP addresses, computer name, network adapters, and more.
• BlueScreen
v3.2 (11/1/2006)
This screen saver not only accurately simulates Blue Screens, but simulated reboots as well (complete with CHKDSK), and works on Windows NT 4, Windows 2000, Windows XP, Server 2003 and Windows 9x.
[EDIT]
BlueScreen is NOT part of the suite, you can download it here
[/EDIT]
• CacheSet
v1.0 (11/1/2006)
CacheSet is a program that allows you to control the Cache Manager's working set size using functions provided by NT. It's compatible with all versions of NT and full source code is provided.
• ClockRes
v1.0 (11/1/2006)
View the resolution of the system clock, which is also the maximum timer resolution
• Contig
v1.53 (11/1/2006)
Wish you could quickly defragment your frequently used files? Use Contig to optimize individual files, or to create new files that are contiguous.
• Ctrl2cap
v2.0 (11/1/2006)
This is a kernel-mode driver that demonstrates keyboard input filtering just above the keyboard class driver in order to turn caps-locks into control keys. Filtering at this level allows conversion and hiding of keys before NT even "sees" them. Full source is included. Ctrl2cap also shows how to use NtDisplayString() to print messages to the initialization blue-screen.
• DebugView
v4.64 (1/8/2007)
Another first from Sysinternals: This program intercepts calls made to DbgPrint by device drivers and OutputDebugString made by Win32 programs. It allows for viewing and recording of debug session output on your local machine or across the Internet without an active debugger.
• DiskExt
v1.0 (11/1/2006)
Display volume disk-mappings
• DiskView
v2.21 (11/1/2006)
Graphical disk sector utility
• Diskmon
v2.01 (11/1/2006)
This utility captures all hard disk activity or acts like a software disk activity light in your system tray.
• Du
v1.31 (11/1/2006)
View disk usage by directory
• EFSDump
v1.02 (11/1/2006)
View information for encrypted files
• Filemon
v7.04 (11/1/2006)
This monitoring tool lets you see all file system activity in real-time.
• Handle
v3.20 (11/1/2006)
This handy command-line utility will show you what files are open by which processes, and much more.
• Hex2dec
v1.0 (11/1/2006)
Convert hex numbers to decimal and vice versa.
• Junction
v1.04 (11/1/2006)
Create Win2K NTFS symbolic links
• LDMDump
v1.02 (11/1/2006)
Dump the contents of the Logical Disk Manager's on-disk database, which describes the partitioning of Windows 2000 Dynamic disks.
• ListDLLs
v2.25 (11/1/2006)
List all the DLLs that are currently loaded, including where they are loaded and their version numbers. Version 2.0 prints the full path names of loaded modules.
• LiveKd
v3.0 (11/1/2006)
Use Microsoft kernel debuggers to examine a live system.
• LoadOrder
v1.0 (11/1/2006)
See the order in which devices are loaded on your WinNT/2K system
• MoveFile
v1.0 (11/1/2006)
Allows you to schedule move and delete commands for the next reboot.
• LogonSessions
v1.1 (11/1/2006)
List the active logon sessions on a system.
• NewSID
v4.10 (11/1/2006)
Learn about the computer SID problem everybody has been talking about and get a free computer SID changer, NewSID, complete with full source code.
• NTFSInfo
v1.0 (11/1/2006)
Use NTFSInfo to see detailed information about NTFS volumes, including the size and location of the Master File Table (MFT) and MFT-zone, as well as the sizes of the NTFS meta-data files.
• PageDefrag
v2.32 (11/1/2006)
Defragment your paging files and Registry hives!
• PendMoves
v1.1 (11/1/2006)
Enumerate the list of file rename and delete commands that will be executed the next boot
• Portmon
v3.02 (11/1/2006)
Monitor serial and parallel port activity with this advanced monitoring tool. It knows about all standard serial and parallel IOCTLs and even shows you a portion of the data being sent and received. Version 3.x has powerful new UI enhancements and advanced filtering capabilities.
• Process Explorer
v10.21 (11/1/2006)
Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.
• Process Monitor
v1.01 (11/9/2006)
Monitor file system, Registry, process, thread and DLL activity in real-time.
• ProcFeatures
v1.10 (11/1/2006)
This applet reports processor and Windows support for Physical Address Extensions and No Execute buffer overflow protection.
• PsExec
v1.80 (2/12/2007)
Execute processes with limited-user rights.
• PsFile
v1.02 (12/4/2006)
See what files are opened remotely.
• PsGetSid
v1.43 (12/4/2006)
Displays the SID of a computer or a user.
• PsInfo
v1.74 (12/4/2006)
Obtain information about a system.
• PsKill
v1.12 (12/4/2006)
Terminate local or remote processes.
• PsList
v1.28 (12/4/2006)
Show information about processes and threads.
• PsLoggedOn
v1.33 (12/4/2006)
Show users logged on to a system
• PsLogList
v2.64 (12/4/2006)
Dump event log records.
• PsPasswd
v1.22 (12/4/2006)
Changes account passwords.
• PsService
v2.21 (12/4/2006)
View and control services.
• PsShutdown
v2.52 (12/4/2006)
Shuts down and optionally reboots a computer.
• PsSuspend
v1.06 (12/4/2006)
Suspend and resume processes.
• PsTools
v2.43 (2/12/2007)
The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.
• RegDelNull
v1.10 (11/1/2006)
Scan for and delete Registry keys that contain embedded null-characters that are otherwise undeleteable by standard Registry-editing tools.
• RegHide
v1.0 (11/1/2006)
Creates a key called "HKEY_LOCAL_MACHINE\Software\Sysinternals\Can't touch me!\0" using the Native API, and inside this key it creates a value.
• Regjump
v1.01 (11/1/2006)
Jump to the registry path you specify in Regedit.
• Regmon
v7.04 (11/1/2006)
This monitoring tool lets you see all Registry activity in real-time.
• RootkitRevealer
v1.71 (11/1/2006)
Scan your system for rootkit-based malware
• SDelete
v1.51 (11/1/2006)
Securely overwrite your sensitive files and cleanse your free space of previously deleted files using this DoD-compliant secure delete program. Complete source code is included.
• ShareEnum
v1.6 (11/1/2006)
Scan file shares on your network and view their security settings to close security holes.
• Sigcheck
v1.30 (11/1/2006)
Dump file version information and verify that images on your system are digitally signed.
• Streams
v1.53 (11/1/2006)
Reveal NTFS alternate streams
• Strings
v2.30 (11/1/2006)
Search for ANSI and UNICODE strings in binaryimages.
• Sync
v2.0 (11/1/2006)
Flush cached data to disk
• TCPView
v2.40 (11/1/2006)
Active socket command-line viewer.
• VolumeId
v2.0 (11/1/2006)
Set Volume ID of FAT or NTFS drives
• Whois
v1.01 (11/1/2006)
See who owns an Internet address.
• Winobj
v2.15 (11/1/2006)
The ultimate Object Manager namespace viewer is here.
• ZoomIt
v1.21 (1/19/2007)
Presentation utility for zooming and drawing on the screen.
BlueScreen screen saver is NOT included in the Suite archive you reference.
ReplyDeleteYou have to click the agree button to run some of the utilities.
ReplyDeletethanks a lot for these, they are very useful. Is there any way to make it so you don't have to OK through the agreement ever time?
ReplyDeleteAll the pstools accept "-accepteula" as an argument....
ReplyDeletePSKill was just flagged by AVAST as a Trojan Horse.
ReplyDeleteIs AVAST mistaken or is PSKill unsafe ??