Академический Документы
Профессиональный Документы
Культура Документы
Sysinternals Suit
What is Sysinternals Suit and what does it contain?
The Sysinternals utilities offer a powerful, convenient way to knock out all kinds of Windows
tasks.
Sysinternals has been around for quite some time and was acquired by Microsoft in 2006.
These are great little tools for getting some heavy-hitting Windows things done and
sometimes done better than when using the built-in tools for a task. The entire suite of
products is available free for download.
Windows Sysinternals is a part of the Microsoft TechNet website which offers technical
resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft
Windows environment.Originally, the Sysinternals website (formerly known as ntinternals)
was created in 1996 and was operated by the company Winternals Software LP.
Here below is the screenshot of the different utilities in the Sysinternal suit.
Figure 1
Figure 2
2. Accessenum:
While the flexible security model employed by Windows NT-based systems allows full
control over security and file permissions, managing permissions so that users have
appropriate access to files, directories and Registry keys can be difficult. There's no builtin way to quickly view user accesses to a tree of directories or keys. AccessEnum gives
ii
you a full view of your file system and Registry security settings in seconds, making it
the ideal tool for helping you for security holes and lock down permissions where
necessary. Below is the screenshot of its usage.
Figure 3
3. Autoruns:
Simply run Autoruns and it shows you the currently configured auto-start applications as
well as the full list of Registry and file system locations available for auto-start
configuration. Autostart locations displayed by Autoruns include logon entries, Explorer
add-ons, Internet Explorer add-ons including Browser Helper Objects (BHOs), Appinit
DLLs, image hijacks, boot execute images, Winlogon notification DLLs, Windows
Services and Winsock Layered Service Providers. Switch tabs to view autostarts from
different categories.
iii
Figure 4
4. Bginfo:
When you run BGInfo it shows you the appearance and content of its default desktop
background. If left untouched it will automatically apply these settings and exit after its
10 second count-down timer expires.
Selecting any button or menu item will disable the timer, allowing you to customize the
layout and content of the background information. By placing BGInfo in
your Startup folder, you can ensure that the system information being displayed is up to
date each time you boot. Once you've settled on the information to be displayed, use the
command-line option /timer:0 to update the display without showing the dialog box.
iv
Figure 5
5. Clockres:
Ever wondered what the resolution of the system clock was, or perhaps the maximum
timer resolution that your application could obtain? The answer lies in a simple function
named GetSystemTimeAdjustment, and the ClockRes applet performs the function and
shows you the result. See " Inside Windows NT High Resolution Timers" for information
on increasing the resolution.
Figure 6
6. Contig:
Contig is a utility that defragments a specified file or files. Use it to optimize execution of
your frequently used files. Contig is a single-file defragmenter that attempts to make files
contiguous on disk. Its perfect for quickly optimizing files that are continuously
becoming fragmented, or that you want to ensure are in as few fragments as possible.
Usage:
Contig.exe [-a] [-s] [-q] [-v] [existing file]
or Contig.exe [-f] [-q] [-v] [drive:]
or Contig.exe [-v] [-l] -n [new file] [new file length]
Figure 7
7. Coreinfo:
Coreinfo is a command-line utility that shows you the mapping between logical
processors and the physical processor, NUMA node, and socket on which they reside, as
vi
Figure 8
8. Disk2vhd:
Disk2vhd is a utility that creates VHD (Virtual Hard Disk - Microsoft's Virtual Machine
disk format) versions of physical disks for use in Microsoft Virtual PC or Microsoft
Hyper-V virtual machines (VMs). The difference between Disk2vhd and other physicalto-virtual tools is that you can run Disk2vhd on a system thats online. Disk2vhd uses
Windows' Volume Snapshot capability, introduced in Windows XP, to create consistent
point-in-time snapshots of the volumes you want to include in a conversion. You can
even have Disk2vhd create the VHDs on local volumes, even ones being converted
(though performance is better when the VHD is on a disk different than ones being
converted). It will create one VHD for each disk on which selected volumes reside. It
preserves the partitioning information of the disk, but only copies the data contents for
vii
volumes on the disk that are selected. This enables you to capture just system volumes
and exclude data volumes.
Figure 9
9. Diskext:
DiskExt demonstrates returns information about what disks the partitions of a volume are
located on and where on the disk the partitions are located. Information regarding the SID
of the disk partition offsets and length of the partition.
viii
Figure 10
10. Hex2Dec:
You can convert hex to decimal and vice versa with this simple command-line utility.
Usage: hex2dec [hex|decimal]
Include x or 0x as the prefix of the number to specify a hexadecimal value.
e.g. To translate 1233 decimal to hexadecimal: hex2dec 1233
e.g. To translate 0x1233 decimal to hexadecimal: hex2dec 0x1233
ix
Figure 11
11. Junction:
Junction not only allows you to create NTFS junctions, it allows you to see if files or
directories are actually reparse points. Reparse points are the mechanism on which NTFS
junctions are based, and they are used by Windows' Remote Storage Service (RSS), as
well as volume mount points. For example, if the directory E:\test\1.txt specified D:\test
as its target, then an application accessing E:\test\1.txt would in reality be accessing
D:\test. Directory symbolic links are known as NTFS junctions in Windows.
Figure 12
12. Diskview:
DiskView shows you a graphical map of your disk, allowing you to determine where a
file is located or, by clicking on a cluster, seeing which file occupies it. Double-click to
get more information about a file to which a cluster is allocated.
Figure 13
13. ListDLLs:
ListDLLs is a utility that reports the DLLs loaded into processes. You can use it to list all
DLLs loaded into all processes, into a specific process, or to list the processes that have a
particular DLL loaded. ListDLLs can also display full version information for DLLs,
including their digital signature, and can be used to scan processes for unsigned DLLs.
xi
Usage
listdlls [-r] [-v | -u] [processname|pid]
listdlls [-r] [-v] [-d dllname]
Figure 14
xii