SlideShare una empresa de Scribd logo

Вячеслав Кабак "Microsoft Sysinternals-Useful Utilities"

Descargar como PPTX, PDF
EPAM Systems
EPAM Systems
Tecnología
1 de 27
Useful Utilities by Slava Kabak
Sysinternals.com
1. File and Disk utilities AccessEnum This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions. Contig Wish you could quickly defragment your frequently used files? Use Contig to optimize individual files, or to create new files that are contiguous. Disk2vhd Disk2vhd simplifies the migration of physical systems into virtual machines (p2v). DiskExt Display volume disk-mappings. DiskMon This utility captures all hard disk activity or acts like a software disk activity light in your system tray. DiskView Graphical disk sector utility. Disk Usage (DU) View disk usage by directory. EFSDump View information for encrypted files.
1. File and Disk utilities FindLinks FindLinks reports the file index and any hard links (alternate file paths on the same volume) that exist for the specified file. A file's data remains allocated so long as at it has at least one file name referencing it. Junction Create Win2K NTFS symbolic links. LDMDump Dump the contents of the Logical Disk Manager"s on-disk database, which describes the partitioning of Windows 2000 Dynamic disks. MoveFile Schedule file rename and delete commands for the next reboot. This can be useful for cleaning stubborn or in-use malware files. NTFSInfo Use NTFSInfo to see detailed information about NTFS volumes, including the size and location of the Master File Table (MFT) and MFT-zone, as well as the sizes of the NTFS meta-data files. PageDefrag Defragment your paging files and Registry hives! PendMoves See what files are scheduled for delete or rename the next time the system boots.
1. File and Disk utilities Process Monitor Monitor file system, Registry, process, thread and DLL activity in real-time. PsFile See what files are opened remotely. PsTools The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more. ShareEnum Scan file shares on your network and view their security settings to close security holes. Sigcheck Dump file version information and verify that images on your system are digitally signed. Streams Reveal NTFS alternate streams. Sync Flush cached data to disk. VolumeID Set Volume ID of FAT or NTFS drives.
2. Networking Utilities • AD Explorer Active Directory Explorer is an advanced Active Directory (AD) viewer and editor. • AD Insight AD Insight is an LDAP (Light-weight Directory Access Protocol) real-time monitoring tool aimed at troubleshooting Active Directory client applications. • AdRestore Undelete Server 2003 Active Directory objects. • PipeList Displays the named pipes on your system, including the number of maximum instances and active instances for each pipe. • PsFile See what files are opened remotely. • PsTools The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more. • ShareEnum Scan file shares on your network and view their security settings to close security holes. • TCPView Active socket command-line viewer. • Whois See who owns an Internet address.
3. Process utilities • Autoruns See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings. • Handle This handy command-line utility will show you what files are open by which processes, and much more. • ListDLLs List all the DLLs that are currently loaded, including where they are loaded and their version numbers. Version 2.0 prints the full path names of loaded modules. • PortMon Monitor serial and parallel port activity with this advanced monitoring tool. It knows about all standard serial and parallel IOCTLs and even shows you a portion of the data being sent and received. Version 3.x has powerful new UI enhancements and advanced filtering capabilities. • ProcDump This new command-line utility is aimed at capturing process dumps of otherwise difficult to isolate and reproduce CPU spikes. It also serves as a general process dump creation utility and can also monitor and generate process dumps when a process has a hung window or unhandled exception. • Process Explorer Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process. • Process Monitor Monitor file system, Registry, process, thread and DLL activity in real-time. • PsExec Execute processes remotely.
3. Process utilities • PsGetSid Displays the SID of a computer or a user. • PsKill Terminate local or remote processes. • PsList Show information about processes and threads. • PsService View and control services. • PsSuspend Suspend and resume processes. • PsTools The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more. • ShellRunas Launch programs as a different user via a convenient shell context-menu entry. • VMMap See a breakdown of a process's committed virtual memory types as well as the amount of physical memory (working set) assigned by the operating system to those types. Identify the sources of process memory usage and the memory cost of application features.
4. Security utilities • AccessChk This tool shows you the accesses the user or group you specify has to files, Registry keys or Windows services. • AccessEnum This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions. • Autologon Bypass password screen during logon. • Autoruns See what programs are configured to startup automatically when your system boots and you log in. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings. • LogonSessions List active logon sessions • Process Explorer Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process. • PsExec Execute processes with limited-user rights.
4. Security utilities • PsLoggedOn Show users logged on to a system. • PsLogList Dump event log records. • PsTools The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more. • RootkitRevealer Scan your system for rootkit-based malware • SDelete Securely overwrite your sensitive files and cleanse your free space of previously deleted files using this DoD-compliant secure delete program. • ShareEnum Scan file shares on your network and view their security settings to close security holes. • ShellRunas Launch programs as a different user via a convenient shell context-menu entry. • Sigcheck Dump file version information and verify that images on your system are digitally signed.
5. System Information Utilities • Autoruns See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings. • ClockRes View the resolution of the system clock, which is also the maximum timer resolution. • Coreinfo Coreinfo is a command-line utility that shows you the mapping between logical processors and the physical processor, NUMA node, and socket on which they reside, as well as the cache’s assigned to each logical processor. • Handle This handy command-line utility will show you what files are open by which processes, and much more. • LiveKd Use Microsoft kernel debuggers to examine a live system. • LoadOrder See the order in which devices are loaded on your WinNT/2K system. • LogonSessions List the active logon sessions on a system.
5. System Information Utilities • PendMoves Enumerate the list of file rename and delete commands that will be executed the next boot. • Process Explorer Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process. • Process Monitor Monitor file system, Registry, process, thread and DLL activity in real-time. • ProcFeatures This applet reports processor and Windows support for Physical Address Extensions and No Execute buffer overflow protection. • PsInfo Obtain information about a system. • PsLoggedOn Show users logged on to a system • PsTools The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.
5. System Information Utilities RAMMap An advanced physical memory usage analysis utility that presents usage information in different ways on its several different tabs. WinObj The ultimate Object Manager namespace viewer is here.
6. Miscellaneous Utilities • DebugView Another first from Sysinternals: This program intercepts calls made to DbgPrint by device drivers and OutputDebugString made by Win32 programs. It allows for viewing and recording of debug session output on your local machine or across the Internet without an active debugger. • Desktops This new utility enables you to create up to four virtual desktops and to use a tray interface or hotkeys to preview what’s on each desktop and easily switch between them. • Hex2dec Convert hex numbers to decimal and vice versa. • PsLogList Dump event log records. • PsTools The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.
6. Miscellaneous Utilities • AD Explorer Active Directory Explorer is an advanced Active Directory (AD) viewer and editor • AdRestore Restore tombstoned Active Directory objects in Server 2003 domains. • Autologon Bypass password screen during logon. • BgInfo This fully-configurable program automatically generates desktop backgrounds that include important information about the system including IP addresses, computer name, network adapters, and more. • BlueScreen This screen saver not only accurately simulates Blue Screens, but simulated reboots as well (complete with CHKDSK), and works on Windows NT 4, Windows 2000, Windows XP, Server 2003 and Windows 9x. • Ctrl2cap This is a kernel-mode driver that demonstrates keyboard input filtering just above the keyboard class driver in order to turn caps-locks into control keys. Filtering at this level allows conversion and hiding of keys before NT even "sees" them. Ctrl2cap also shows how to use NtDisplayString() to print messages to the initialization blue-screen.
6. Miscellaneous Utilities • RegDelNull Scan for and delete Registry keys that contain embedded null-characters that are otherwise undeletable by standard Registry-editing tools. • RegJump Jump to the registry path you specify in Regedit. • Strings Search for ANSI and UNICODE strings in binary images. • ZoomIt Presentation utility for zooming and drawing on the screen.
PsTools
• PsExec - execute processes remotely • PsFile - shows files opened remotely • PsGetSid - display the SID of a computer or a user • PsInfo - list information about a system • PsKill - kill processes by name or process ID • PsList - list detailed information about processes • PsLoggedOn - see who's logged on locally and via resource sharing (full source is included) • PsLogList - dump event log records • PsPasswd - changes account passwords • PsService - view and control services • PsShutdown - shuts down and optionally reboots a computer • PsSuspend - suspends processes • PsUptime - shows you how long a system has been running since its last reboot (PsUptime's functionality has been incorporated into PsInfo)
Process Monitor
Process Explorer
BgInfo
Autoruns
The End.

Recomendados

Linux forensics
Linux forensicsLinux forensics
Linux forensics
Santosh Khadsare
 
CNIT 152: 13 Investigating Mac OS X Systems
CNIT 152: 13 Investigating Mac OS X SystemsCNIT 152: 13 Investigating Mac OS X Systems
CNIT 152: 13 Investigating Mac OS X Systems
Sam Bowne
 
CNIT 152: 12 Investigating Windows Systems (Part 2 of 3)
CNIT 152: 12 Investigating Windows Systems (Part 2 of 3)CNIT 152: 12 Investigating Windows Systems (Part 2 of 3)
CNIT 152: 12 Investigating Windows Systems (Part 2 of 3)
Sam Bowne
 
Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windows
dkaya
 
CNIT 152: 12b Windows Registry
CNIT 152: 12b Windows RegistryCNIT 152: 12b Windows Registry
CNIT 152: 12b Windows Registry
Sam Bowne
 
Remnux tutorial-1 Statically Analyse Portable Executable(PE) Files
Remnux tutorial-1 Statically Analyse Portable Executable(PE) FilesRemnux tutorial-1 Statically Analyse Portable Executable(PE) Files
Remnux tutorial-1 Statically Analyse Portable Executable(PE) Files
Rhydham Joshi
 
CNIT 152 13 Investigating Mac OS X Systems
CNIT 152 13 Investigating Mac OS X SystemsCNIT 152 13 Investigating Mac OS X Systems
CNIT 152 13 Investigating Mac OS X Systems
Sam Bowne
 
Ch22
Ch22Ch22
Ch22
guestaf6c9b
 

Recomendados

Linux forensics
Linux forensicsLinux forensics
Linux forensics
Santosh Khadsare
 
CNIT 152: 13 Investigating Mac OS X Systems
CNIT 152: 13 Investigating Mac OS X SystemsCNIT 152: 13 Investigating Mac OS X Systems
CNIT 152: 13 Investigating Mac OS X Systems
Sam Bowne
 
CNIT 152: 12 Investigating Windows Systems (Part 2 of 3)
CNIT 152: 12 Investigating Windows Systems (Part 2 of 3)CNIT 152: 12 Investigating Windows Systems (Part 2 of 3)
CNIT 152: 12 Investigating Windows Systems (Part 2 of 3)
Sam Bowne
 
Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windows
dkaya
 
CNIT 152: 12b Windows Registry
CNIT 152: 12b Windows RegistryCNIT 152: 12b Windows Registry
CNIT 152: 12b Windows Registry
Sam Bowne
 
Remnux tutorial-1 Statically Analyse Portable Executable(PE) Files
Remnux tutorial-1 Statically Analyse Portable Executable(PE) FilesRemnux tutorial-1 Statically Analyse Portable Executable(PE) Files
Remnux tutorial-1 Statically Analyse Portable Executable(PE) Files
Rhydham Joshi
 
CNIT 152 13 Investigating Mac OS X Systems
CNIT 152 13 Investigating Mac OS X SystemsCNIT 152 13 Investigating Mac OS X Systems
CNIT 152 13 Investigating Mac OS X Systems
Sam Bowne
 
Ch22
Ch22Ch22
Ch22
guestaf6c9b
 
OSCh20
OSCh20OSCh20
OSCh20
Joe Christensen
 
OSCh19
OSCh19OSCh19
OSCh19
Joe Christensen
 
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Sam Bowne
 
Chapter 10
Chapter 10Chapter 10
Chapter 10
cclay3
 
Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS - Part 1Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS - Part 1
Rhydham Joshi
 
Malware Analysis and Defeating using Virtual Machines
Malware Analysis and Defeating using Virtual MachinesMalware Analysis and Defeating using Virtual Machines
Malware Analysis and Defeating using Virtual Machines
intertelinvestigations
 
Investigating Hackers' Tools
Investigating Hackers' ToolsInvestigating Hackers' Tools
Investigating Hackers' Tools
Israel Umana
 
REMnux tutorial-2: Extraction and decoding of Artifacts
REMnux tutorial-2: Extraction and decoding of ArtifactsREMnux tutorial-2: Extraction and decoding of Artifacts
REMnux tutorial-2: Extraction and decoding of Artifacts
Rhydham Joshi
 
CNIT 152 12. Investigating Windows Systems (Part 3)
CNIT 152 12. Investigating Windows Systems (Part 3)CNIT 152 12. Investigating Windows Systems (Part 3)
CNIT 152 12. Investigating Windows Systems (Part 3)
Sam Bowne
 
Daemons
DaemonsDaemons
Daemons
christina555
 
CNIT 152 12 Investigating Windows Systems (Part 2)
CNIT 152 12 Investigating Windows Systems (Part 2)CNIT 152 12 Investigating Windows Systems (Part 2)
CNIT 152 12 Investigating Windows Systems (Part 2)
Sam Bowne
 
Windows Kernel-
Windows Kernel-Windows Kernel-
Windows Kernel-
Parth Desai
 
Volatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident ResponseVolatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident Response
Takahiro Haruyama
 
Mac Memory Analysis with Volatility
Mac Memory Analysis with VolatilityMac Memory Analysis with Volatility
Mac Memory Analysis with Volatility
Andrew Case
 
SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012
Rian Yulian
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows System
Conferencias FIST
 
LINUX Device Drivers
LINUX Device DriversLINUX Device Drivers
LINUX Device Drivers
Partha Bhattacharya
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source Forensics
CTIN
 
Hunting Mac Malware with Memory Forensics
Hunting Mac Malware with Memory ForensicsHunting Mac Malware with Memory Forensics
Hunting Mac Malware with Memory Forensics
Andrew Case
 
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Andrew Case
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
GIBIN JOHN
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)
Sam Bowne
 

Más contenido relacionado

La actualidad más candente

Volatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident ResponseVolatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident Response
Takahiro Haruyama
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows System
Conferencias FIST
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source Forensics
CTIN
 

La actualidad más candente (20)

OSCh20
OSCh20OSCh20
OSCh20
 
OSCh19
OSCh19OSCh19
OSCh19
 
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
 
Chapter 10
Chapter 10Chapter 10
Chapter 10
 
Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS - Part 1Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS - Part 1
 
Malware Analysis and Defeating using Virtual Machines
Malware Analysis and Defeating using Virtual MachinesMalware Analysis and Defeating using Virtual Machines
Malware Analysis and Defeating using Virtual Machines
 
Investigating Hackers' Tools
Investigating Hackers' ToolsInvestigating Hackers' Tools
Investigating Hackers' Tools
 
REMnux tutorial-2: Extraction and decoding of Artifacts
REMnux tutorial-2: Extraction and decoding of ArtifactsREMnux tutorial-2: Extraction and decoding of Artifacts
REMnux tutorial-2: Extraction and decoding of Artifacts
 
CNIT 152 12. Investigating Windows Systems (Part 3)
CNIT 152 12. Investigating Windows Systems (Part 3)CNIT 152 12. Investigating Windows Systems (Part 3)
CNIT 152 12. Investigating Windows Systems (Part 3)
 
Daemons
DaemonsDaemons
Daemons
 
CNIT 152 12 Investigating Windows Systems (Part 2)
CNIT 152 12 Investigating Windows Systems (Part 2)CNIT 152 12 Investigating Windows Systems (Part 2)
CNIT 152 12 Investigating Windows Systems (Part 2)
 
Windows Kernel-
Windows Kernel-Windows Kernel-
Windows Kernel-
 
Volatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident ResponseVolatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident Response
 
Mac Memory Analysis with Volatility
Mac Memory Analysis with VolatilityMac Memory Analysis with Volatility
Mac Memory Analysis with Volatility
 
SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows System
 
LINUX Device Drivers
LINUX Device DriversLINUX Device Drivers
LINUX Device Drivers
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source Forensics
 
Hunting Mac Malware with Memory Forensics
Hunting Mac Malware with Memory ForensicsHunting Mac Malware with Memory Forensics
Hunting Mac Malware with Memory Forensics
 
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
 

Similar a Вячеслав Кабак "Microsoft Sysinternals-Useful Utilities"

Concepts of Malicious Windows Programs
Concepts of Malicious Windows ProgramsConcepts of Malicious Windows Programs
Concepts of Malicious Windows Programs
Natraj G
 
operating system calls input and output by (rohit malav)
operating system calls input and output by (rohit malav)operating system calls input and output by (rohit malav)
operating system calls input and output by (rohit malav)
Rohit malav
 

Similar a Вячеслав Кабак "Microsoft Sysinternals-Useful Utilities" (20)

Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)
 
INVESTIGATING UNIX SYSTEMS.pptx
INVESTIGATING UNIX SYSTEMS.pptxINVESTIGATING UNIX SYSTEMS.pptx
INVESTIGATING UNIX SYSTEMS.pptx
 
Concepts of Malicious Windows Programs
Concepts of Malicious Windows ProgramsConcepts of Malicious Windows Programs
Concepts of Malicious Windows Programs
 
CNIT 121: 12 Investigating Windows Systems (Part 2 of 3)
CNIT 121: 12 Investigating Windows Systems (Part 2 of 3)CNIT 121: 12 Investigating Windows Systems (Part 2 of 3)
CNIT 121: 12 Investigating Windows Systems (Part 2 of 3)
 
system management -shell programming by gaurav raikar
system management -shell programming by gaurav raikarsystem management -shell programming by gaurav raikar
system management -shell programming by gaurav raikar
 
system management -shell programming by Gaurav raikar
system management -shell programming by Gaurav raikarsystem management -shell programming by Gaurav raikar
system management -shell programming by Gaurav raikar
 
Operating system
Operating systemOperating system
Operating system
 
Windows forensic
Windows forensicWindows forensic
Windows forensic
 
Computer system software
Computer system softwareComputer system software
Computer system software
 
operating system calls input and output by (rohit malav)
operating system calls input and output by (rohit malav)operating system calls input and output by (rohit malav)
operating system calls input and output by (rohit malav)
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System Forensics
 
Basics of Linux Commands, Git and Github
Basics of Linux Commands, Git and GithubBasics of Linux Commands, Git and Github
Basics of Linux Commands, Git and Github
 
Windows internals
Windows internalsWindows internals
Windows internals
 
Intrusion Discovery Cheat Sheet for Linux
Intrusion Discovery Cheat Sheet for LinuxIntrusion Discovery Cheat Sheet for Linux
Intrusion Discovery Cheat Sheet for Linux
 
Lec 01_Linux System Administration (1).pptx
Lec 01_Linux System Administration (1).pptxLec 01_Linux System Administration (1).pptx
Lec 01_Linux System Administration (1).pptx
 
File000125
File000125File000125
File000125
 
How to Audit Linux - Gene Kartavtsev, ISACA MN
How to Audit Linux - Gene Kartavtsev, ISACA MNHow to Audit Linux - Gene Kartavtsev, ISACA MN
How to Audit Linux - Gene Kartavtsev, ISACA MN
 
Introduction to System Calls
Introduction to System CallsIntroduction to System Calls
Introduction to System Calls
 
Operating System 2.pptx
Operating System 2.pptxOperating System 2.pptx
Operating System 2.pptx
 

Más de EPAM Systems

“Xcore (library) for android platform” by Uladzimir Klyshevich
“Xcore (library) for android platform” by Uladzimir Klyshevich“Xcore (library) for android platform” by Uladzimir Klyshevich
“Xcore (library) for android platform” by Uladzimir Klyshevich
EPAM Systems
 
"Как общаться эффективнее" by Natallia Kapatsevich
"Как общаться эффективнее" by Natallia Kapatsevich"Как общаться эффективнее" by Natallia Kapatsevich
"Как общаться эффективнее" by Natallia Kapatsevich
EPAM Systems
 
"Connections: Что общего у Шотландии и Дональда Трампа?" by Yevgeniy Rozenblat
"Connections: Что общего у Шотландии и Дональда Трампа?" by Yevgeniy Rozenblat "Connections: Что общего у Шотландии и Дональда Трампа?" by Yevgeniy Rozenblat
"Connections: Что общего у Шотландии и Дональда Трампа?" by Yevgeniy Rozenblat
EPAM Systems
 
ДмитрийРадченко, "Brief introduction to dundas"
ДмитрийРадченко, "Brief introduction to dundas"ДмитрийРадченко, "Brief introduction to dundas"
ДмитрийРадченко, "Brief introduction to dundas"
EPAM Systems
 
Абрамович Максим, "Rad studio xe4"
Абрамович Максим, "Rad studio xe4"Абрамович Максим, "Rad studio xe4"
Абрамович Максим, "Rad studio xe4"
EPAM Systems
 
Miniq 11: Time management by Anton Zolotarev & Andrei Artisheuski
Miniq 11: Time management by Anton Zolotarev & Andrei ArtisheuskiMiniq 11: Time management by Anton Zolotarev & Andrei Artisheuski
Miniq 11: Time management by Anton Zolotarev & Andrei Artisheuski
EPAM Systems
 
Reporting куда как-зачем by Anton Stoliar
Reporting куда как-зачем by Anton StoliarReporting куда как-зачем by Anton Stoliar
Reporting куда как-зачем by Anton Stoliar
EPAM Systems
 
Pool and billiards by Olga Nikolaeva
Pool and billiards by Olga NikolaevaPool and billiards by Olga Nikolaeva
Pool and billiards by Olga Nikolaeva
EPAM Systems
 
The Way of Creating Presentations: Just do it!
The Way of Creating Presentations: Just do it!The Way of Creating Presentations: Just do it!
The Way of Creating Presentations: Just do it!
EPAM Systems
 
E-mail Communication: How and Why
E-mail Communication: How and WhyE-mail Communication: How and Why
E-mail Communication: How and Why
EPAM Systems
 
николай фролов, “Gamification“
николай фролов, “Gamification“николай фролов, “Gamification“
николай фролов, “Gamification“
EPAM Systems
 
Real time bidding by Danil Melnikov
Real time bidding by Danil MelnikovReal time bidding by Danil Melnikov
Real time bidding by Danil Melnikov
EPAM Systems
 
Никита Манько “Code review”
Никита Манько “Code review”Никита Манько “Code review”
Никита Манько “Code review”
EPAM Systems
 
Чурюканов Вячеслав, “Code simple, but not simpler”
Чурюканов Вячеслав, “Code simple, but not simpler”Чурюканов Вячеслав, “Code simple, but not simpler”
Чурюканов Вячеслав, “Code simple, but not simpler”
EPAM Systems
 
Демидюк Павел , “Continuous integration with the real traffic light in m&e of...
Демидюк Павел , “Continuous integration with the real traffic light in m&e of...Демидюк Павел , “Continuous integration with the real traffic light in m&e of...
Демидюк Павел , “Continuous integration with the real traffic light in m&e of...
EPAM Systems
 
Agile retrospectives by nick frolov miniq
Agile retrospectives by nick frolov miniqAgile retrospectives by nick frolov miniq
Agile retrospectives by nick frolov miniq
EPAM Systems
 
Other way to travel by Anna Lukyanenka
Other way to travel by Anna LukyanenkaOther way to travel by Anna Lukyanenka
Other way to travel by Anna Lukyanenka
EPAM Systems
 
Computer as a musical instrument by Sergey Moiseychik
Computer as a musical instrument by Sergey MoiseychikComputer as a musical instrument by Sergey Moiseychik
Computer as a musical instrument by Sergey Moiseychik
EPAM Systems
 
Антон Золотарев, Екатерина Невельская "По следам SQA days"
Антон Золотарев, Екатерина Невельская "По следам SQA days"Антон Золотарев, Екатерина Невельская "По следам SQA days"
Антон Золотарев, Екатерина Невельская "По следам SQA days"
EPAM Systems
 
Сергей Семашко "End to end test: cheap and effective"
Сергей Семашко "End to end test: cheap and effective"Сергей Семашко "End to end test: cheap and effective"
Сергей Семашко "End to end test: cheap and effective"
EPAM Systems
 

Más de EPAM Systems (20)

“Xcore (library) for android platform” by Uladzimir Klyshevich
“Xcore (library) for android platform” by Uladzimir Klyshevich“Xcore (library) for android platform” by Uladzimir Klyshevich
“Xcore (library) for android platform” by Uladzimir Klyshevich
 
"Как общаться эффективнее" by Natallia Kapatsevich
"Как общаться эффективнее" by Natallia Kapatsevich"Как общаться эффективнее" by Natallia Kapatsevich
"Как общаться эффективнее" by Natallia Kapatsevich
 
"Connections: Что общего у Шотландии и Дональда Трампа?" by Yevgeniy Rozenblat
"Connections: Что общего у Шотландии и Дональда Трампа?" by Yevgeniy Rozenblat "Connections: Что общего у Шотландии и Дональда Трампа?" by Yevgeniy Rozenblat
"Connections: Что общего у Шотландии и Дональда Трампа?" by Yevgeniy Rozenblat
 
ДмитрийРадченко, "Brief introduction to dundas"
ДмитрийРадченко, "Brief introduction to dundas"ДмитрийРадченко, "Brief introduction to dundas"
ДмитрийРадченко, "Brief introduction to dundas"
 
Абрамович Максим, "Rad studio xe4"
Абрамович Максим, "Rad studio xe4"Абрамович Максим, "Rad studio xe4"
Абрамович Максим, "Rad studio xe4"
 
Miniq 11: Time management by Anton Zolotarev & Andrei Artisheuski
Miniq 11: Time management by Anton Zolotarev & Andrei ArtisheuskiMiniq 11: Time management by Anton Zolotarev & Andrei Artisheuski
Miniq 11: Time management by Anton Zolotarev & Andrei Artisheuski
 
Reporting куда как-зачем by Anton Stoliar
Reporting куда как-зачем by Anton StoliarReporting куда как-зачем by Anton Stoliar
Reporting куда как-зачем by Anton Stoliar
 
Pool and billiards by Olga Nikolaeva
Pool and billiards by Olga NikolaevaPool and billiards by Olga Nikolaeva
Pool and billiards by Olga Nikolaeva
 
The Way of Creating Presentations: Just do it!
The Way of Creating Presentations: Just do it!The Way of Creating Presentations: Just do it!
The Way of Creating Presentations: Just do it!
 
E-mail Communication: How and Why
E-mail Communication: How and WhyE-mail Communication: How and Why
E-mail Communication: How and Why
 
николай фролов, “Gamification“
николай фролов, “Gamification“николай фролов, “Gamification“
николай фролов, “Gamification“
 
Real time bidding by Danil Melnikov
Real time bidding by Danil MelnikovReal time bidding by Danil Melnikov
Real time bidding by Danil Melnikov
 
Никита Манько “Code review”
Никита Манько “Code review”Никита Манько “Code review”
Никита Манько “Code review”
 
Чурюканов Вячеслав, “Code simple, but not simpler”
Чурюканов Вячеслав, “Code simple, but not simpler”Чурюканов Вячеслав, “Code simple, but not simpler”
Чурюканов Вячеслав, “Code simple, but not simpler”
 
Демидюк Павел , “Continuous integration with the real traffic light in m&e of...
Демидюк Павел , “Continuous integration with the real traffic light in m&e of...Демидюк Павел , “Continuous integration with the real traffic light in m&e of...
Демидюк Павел , “Continuous integration with the real traffic light in m&e of...
 
Agile retrospectives by nick frolov miniq
Agile retrospectives by nick frolov miniqAgile retrospectives by nick frolov miniq
Agile retrospectives by nick frolov miniq
 
Other way to travel by Anna Lukyanenka
Other way to travel by Anna LukyanenkaOther way to travel by Anna Lukyanenka
Other way to travel by Anna Lukyanenka
 
Computer as a musical instrument by Sergey Moiseychik
Computer as a musical instrument by Sergey MoiseychikComputer as a musical instrument by Sergey Moiseychik
Computer as a musical instrument by Sergey Moiseychik
 
Антон Золотарев, Екатерина Невельская "По следам SQA days"
Антон Золотарев, Екатерина Невельская "По следам SQA days"Антон Золотарев, Екатерина Невельская "По следам SQA days"
Антон Золотарев, Екатерина Невельская "По следам SQA days"
 
Сергей Семашко "End to end test: cheap and effective"
Сергей Семашко "End to end test: cheap and effective"Сергей Семашко "End to end test: cheap and effective"
Сергей Семашко "End to end test: cheap and effective"
 

Último

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 

Вячеслав Кабак "Microsoft Sysinternals-Useful Utilities"

  • 3. 1. File and Disk utilities AccessEnum This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions. Contig Wish you could quickly defragment your frequently used files? Use Contig to optimize individual files, or to create new files that are contiguous. Disk2vhd Disk2vhd simplifies the migration of physical systems into virtual machines (p2v). DiskExt Display volume disk-mappings. DiskMon This utility captures all hard disk activity or acts like a software disk activity light in your system tray. DiskView Graphical disk sector utility. Disk Usage (DU) View disk usage by directory. EFSDump View information for encrypted files.
  • 4. 1. File and Disk utilities FindLinks FindLinks reports the file index and any hard links (alternate file paths on the same volume) that exist for the specified file. A file's data remains allocated so long as at it has at least one file name referencing it. Junction Create Win2K NTFS symbolic links. LDMDump Dump the contents of the Logical Disk Manager"s on-disk database, which describes the partitioning of Windows 2000 Dynamic disks. MoveFile Schedule file rename and delete commands for the next reboot. This can be useful for cleaning stubborn or in-use malware files. NTFSInfo Use NTFSInfo to see detailed information about NTFS volumes, including the size and location of the Master File Table (MFT) and MFT-zone, as well as the sizes of the NTFS meta-data files. PageDefrag Defragment your paging files and Registry hives! PendMoves See what files are scheduled for delete or rename the next time the system boots.
  • 5. 1. File and Disk utilities Process Monitor Monitor file system, Registry, process, thread and DLL activity in real-time. PsFile See what files are opened remotely. PsTools The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more. ShareEnum Scan file shares on your network and view their security settings to close security holes. Sigcheck Dump file version information and verify that images on your system are digitally signed. Streams Reveal NTFS alternate streams. Sync Flush cached data to disk. VolumeID Set Volume ID of FAT or NTFS drives.
  • 6. 2. Networking Utilities • AD Explorer Active Directory Explorer is an advanced Active Directory (AD) viewer and editor. • AD Insight AD Insight is an LDAP (Light-weight Directory Access Protocol) real-time monitoring tool aimed at troubleshooting Active Directory client applications. • AdRestore Undelete Server 2003 Active Directory objects. • PipeList Displays the named pipes on your system, including the number of maximum instances and active instances for each pipe. • PsFile See what files are opened remotely. • PsTools The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more. • ShareEnum Scan file shares on your network and view their security settings to close security holes. • TCPView Active socket command-line viewer. • Whois See who owns an Internet address.
  • 7. 3. Process utilities • Autoruns See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings. • Handle This handy command-line utility will show you what files are open by which processes, and much more. • ListDLLs List all the DLLs that are currently loaded, including where they are loaded and their version numbers. Version 2.0 prints the full path names of loaded modules. • PortMon Monitor serial and parallel port activity with this advanced monitoring tool. It knows about all standard serial and parallel IOCTLs and even shows you a portion of the data being sent and received. Version 3.x has powerful new UI enhancements and advanced filtering capabilities. • ProcDump This new command-line utility is aimed at capturing process dumps of otherwise difficult to isolate and reproduce CPU spikes. It also serves as a general process dump creation utility and can also monitor and generate process dumps when a process has a hung window or unhandled exception. • Process Explorer Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process. • Process Monitor Monitor file system, Registry, process, thread and DLL activity in real-time. • PsExec Execute processes remotely.
  • 8. 3. Process utilities • PsGetSid Displays the SID of a computer or a user. • PsKill Terminate local or remote processes. • PsList Show information about processes and threads. • PsService View and control services. • PsSuspend Suspend and resume processes. • PsTools The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more. • ShellRunas Launch programs as a different user via a convenient shell context-menu entry. • VMMap See a breakdown of a process's committed virtual memory types as well as the amount of physical memory (working set) assigned by the operating system to those types. Identify the sources of process memory usage and the memory cost of application features.
  • 9. 4. Security utilities • AccessChk This tool shows you the accesses the user or group you specify has to files, Registry keys or Windows services. • AccessEnum This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions. • Autologon Bypass password screen during logon. • Autoruns See what programs are configured to startup automatically when your system boots and you log in. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings. • LogonSessions List active logon sessions • Process Explorer Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process. • PsExec Execute processes with limited-user rights.
  • 10. 4. Security utilities • PsLoggedOn Show users logged on to a system. • PsLogList Dump event log records. • PsTools The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more. • RootkitRevealer Scan your system for rootkit-based malware • SDelete Securely overwrite your sensitive files and cleanse your free space of previously deleted files using this DoD-compliant secure delete program. • ShareEnum Scan file shares on your network and view their security settings to close security holes. • ShellRunas Launch programs as a different user via a convenient shell context-menu entry. • Sigcheck Dump file version information and verify that images on your system are digitally signed.
  • 11. 5. System Information Utilities • Autoruns See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings. • ClockRes View the resolution of the system clock, which is also the maximum timer resolution. • Coreinfo Coreinfo is a command-line utility that shows you the mapping between logical processors and the physical processor, NUMA node, and socket on which they reside, as well as the cache’s assigned to each logical processor. • Handle This handy command-line utility will show you what files are open by which processes, and much more. • LiveKd Use Microsoft kernel debuggers to examine a live system. • LoadOrder See the order in which devices are loaded on your WinNT/2K system. • LogonSessions List the active logon sessions on a system.
  • 12. 5. System Information Utilities • PendMoves Enumerate the list of file rename and delete commands that will be executed the next boot. • Process Explorer Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process. • Process Monitor Monitor file system, Registry, process, thread and DLL activity in real-time. • ProcFeatures This applet reports processor and Windows support for Physical Address Extensions and No Execute buffer overflow protection. • PsInfo Obtain information about a system. • PsLoggedOn Show users logged on to a system • PsTools The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.
  • 13. 5. System Information Utilities RAMMap An advanced physical memory usage analysis utility that presents usage information in different ways on its several different tabs. WinObj The ultimate Object Manager namespace viewer is here.
  • 14. 6. Miscellaneous Utilities • DebugView Another first from Sysinternals: This program intercepts calls made to DbgPrint by device drivers and OutputDebugString made by Win32 programs. It allows for viewing and recording of debug session output on your local machine or across the Internet without an active debugger. • Desktops This new utility enables you to create up to four virtual desktops and to use a tray interface or hotkeys to preview what’s on each desktop and easily switch between them. • Hex2dec Convert hex numbers to decimal and vice versa. • PsLogList Dump event log records. • PsTools The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.
  • 15. 6. Miscellaneous Utilities • AD Explorer Active Directory Explorer is an advanced Active Directory (AD) viewer and editor • AdRestore Restore tombstoned Active Directory objects in Server 2003 domains. • Autologon Bypass password screen during logon. • BgInfo This fully-configurable program automatically generates desktop backgrounds that include important information about the system including IP addresses, computer name, network adapters, and more. • BlueScreen This screen saver not only accurately simulates Blue Screens, but simulated reboots as well (complete with CHKDSK), and works on Windows NT 4, Windows 2000, Windows XP, Server 2003 and Windows 9x. • Ctrl2cap This is a kernel-mode driver that demonstrates keyboard input filtering just above the keyboard class driver in order to turn caps-locks into control keys. Filtering at this level allows conversion and hiding of keys before NT even "sees" them. Ctrl2cap also shows how to use NtDisplayString() to print messages to the initialization blue-screen.
  • 16. 6. Miscellaneous Utilities • RegDelNull Scan for and delete Registry keys that contain embedded null-characters that are otherwise undeletable by standard Registry-editing tools. • RegJump Jump to the registry path you specify in Regedit. • Strings Search for ANSI and UNICODE strings in binary images. • ZoomIt Presentation utility for zooming and drawing on the screen.
  • 18. PsExec - execute processes remotely • PsFile - shows files opened remotely • PsGetSid - display the SID of a computer or a user • PsInfo - list information about a system • PsKill - kill processes by name or process ID • PsList - list detailed information about processes • PsLoggedOn - see who's logged on locally and via resource sharing (full source is included) • PsLogList - dump event log records • PsPasswd - changes account passwords • PsService - view and control services • PsShutdown - shuts down and optionally reboots a computer • PsSuspend - suspends processes • PsUptime - shows you how long a system has been running since its last reboot (PsUptime's functionality has been incorporated into PsInfo)
  • 20.
  • 22.
  • 24.
  • 26.