Tour of the Sysinternals Tools

1. Introducion & Licensing

Free for personal and corporate use
License required for redistribution

2. Process & Thread Tools

Prcess Explorer

"Super Task Manager"

 

PsTools:

PsList	list processes	pslist, pslist /s, pslist /t
PsKill	kill processes
PsSuspend	suspend processes
PsExec	execute a command	psexec \\remote cmd
PsService	control services
PsInfo	display system information psinfo
PsLogList	process event logs
PsLoggedOn	who is logged on

 

3. System Information Tools

BgInfo	create useful system information backgrounds
ProcFeatures	processor hardware features
LoadOrder	show load order of drivers and services
PendMoves	list pending file operations
Portmon	serial port monitor

 

Developer tools

DebugView	view debug messages
Winobj	view object manager namespace
LiveKd	live kernel debugger

 

4. File & Disk Tools

Filemon	monitors file system I/O
Diskmon	monitor disk I/O
Diskview	view disk sector usage
Du	display disk usage
Contig	file level defragmenter
PageDefrag	system file defragmenter

 

Other file system tools

Junction	manipulate symbolic links
Sync flush	cached disk data
Streams	show alternate NTFS stream

 

5. Registry Tools

 

Regmon	registry monitor
Regjump	jump to any registry location	regjump hklm\system\currentcontrolset

 

6. Security Tools

Malware tools

Autoruns	list autostart programs
Sigcheck	check digital signatures
RootketRevealer	look for hidden files/registry keys

 

Permissions tools

AccessEnum	list access rights to files and registry keys
ShareEnum	list share permissions and rights

 

Other security tools

SDelete	secure file delete
NewSID	generate security IDs(for disk cloning)

 

7. Networking Tools

TCP/IP tools

TCPView	view TCP and UDP endpoints
Whois	list internet registration ownership
AdRestore	undelete AD objects

转载于:https://www.cnblogs.com/systemlover/p/3495723.html