Sysinternals Suite

By Mark Russinovich

Updated: June 4, 2009

Introduction

The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault.

The Suite is a bundling of the following selected Sysinternals Utilities:

AccessChk AccessEnum AdExplorer AdRestore Autologon Autoruns BgInfo CacheSet ClockRes Contig Coreinfo Ctrl2Cap DebugView Desktops DiskExt DiskMon DiskView Disk Usage (DU) EFSDump FileMon Handle Hex2dec

Junction LDMDump ListDLLs LiveKd LoadOrder LogonSessions NewSid NTFSInfo PageDefrag PendMoves PipeList PortMon ProcessExplorer Process Monitor ProcFeatures PsExec PsFile PsGetSid PsInfo PsKill PsList PsLoggedOn

PsLogList PsPasswd PsService PsShutdown PsSuspend RegDelNull RegJump RegMon RootkitRevealer SDelete ShareEnum ShellRunas SigCheck Streams Strings Sync TCPView VMMap VolumeID WhoIs WinObj ZoomIt

http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

Save A List of Files to a Text File by Extension

dir *.ext /s /b > files.txtThis command line will create a file called files.txt. When you open this file, there will be a complete list of all the files in that directory and all subdirectories with the .ext extension. You can then open up this text file in any text editor and work this the information.By changing the ext part, you can select different files. For example, if you wanted to list all of the PDF documents, you would type:

dir *.pdf /s /b > files.txt

Get Your IP Address Information

ipconfig /all This will retrieve a pile of information about your network connection and IP information. From this command, you can get:

• Host Name
• Primary DNS Suffix
• Node Type
• IP Routing Enabled
• WINS Proxy Enabled
• DNS Suffix Search List
• Connection-specific DNS Suffix
• Network Adapter Description
• Physical (MAC) Address
• DHCP Enabled
• IP Address
• Subnet Mask
• Default Gateway
• DNS Servers

Get Installed Driver Information

driverquery

It can be very useful when troubleshooting to know what drivers are installed on a system. This command will give you a complete listing of the drivers and when they were installed.

Copy Files Via Infrared Port

irftp filename.ext

This will fire up the Wireless Link dialog so that you can copy the specified file via an infrared port.

Find Files Opened By Network Users

openfiles /query

If you are running a system and you want to know who has files open on your computer, this command will provide you a list of those users and the files that they have open.

Note: If you get an error saying The system global flag ‘maintain objects list’ needs to be enabled to see local opened files, you can fix this issue by typing openfiles /local on. You will have to reboot the system but it will resolve the issue.

Monitor Port Activity

netstat -a 30

This will show you all of the TCP/IP ports that are being used on your system and what they are connecting to (or being connected from). It will continue to monitor these ports and refresh the information every 30 seconds. You can change the refresh rate by changing the number at the end of the command.

Recover Information From A Corrupt File

recover filename.ext

If you have a disk with damaged sectors, you can attempt to recover as much information as possible from the damaged file. Data that is not damaged can be retrieved but data in damaged sectors will be lost.

Defragment Remote Computer

rexec remotePC defrag C: /F


This command used the rexec command to force a defragment of the C: drive on the computer named remotePC. You can use whatever you want to for the command (I just used defrag C: /F as an example). This is very useful for remote maintenance.

Retrieve Detailed System Information

systeminfo

//
//

With this command, you can retrieve the following information:

• Host Name
• OS Name
• OS Version
• OS Manufacturer
• OS Configuration
• OS Build Type
• Registered Owner
• Registered Organization
• Product ID
• Original Install Date
• System Up Time
• System Manufacturer
• System Model
• System type
• Processor(s)
• BIOS Version
• Windows Directory
• System Directory
• Boot Device
• System Locale
• Input Locale
• Time Zone
• Total Physical Memory
• Available Physical Memory
• Virtual Memory Max Size
• Virtual Memory Available
• Virtual Memory In Use
• Page File Location(s)
• Domain
• Logon Server
• Hotfix(s)
• NetWork Card(s)

Automatically Defragment C: Daily

schtasks /create /tn "Defrag C" /tr "defrag c: /f" /sc daily /st 23:00:00 /ru "System"

This will set your computer to automatically perform a complete defrag of the C: drive each day at 11:00:00 PM (23:00:00). It does this by creating a scheduled task called Defrag C. It will run this command under the computer’s system account.

Map A Drive Letter to a Folder

subst W: C:\windows
Sometimes, your directory structure can get pretty deep and complicated. You can simplify this a bit by mapping a drive letter to commonly used folders. In the example that I have given, this will create a drive letter W: and map it to the C:\windows directory. Then, whenever you go into My Computer, you will see a W: drive and when you browse to it, it will automatically take you to the contents of the C:\windows folder.

You can do this with any unused drive letter and any folder that exists on your system.

List All Tasks Running On The Computer

tasklist

It’s always good to know what is running on your system. This is the command line version of the processes tab in Taks Manager.

Kill A Program

taskkill /im programname.exe /f

If, when using the tasklist command, you discover that there is something running you just want killed. This is the way to do it! Just note the program name and use it in place of programname.exe.

Reboot a Remote Computer

shutdown -r -f -m \\remotePC -c "System will be rebooted in 20 seconds"

The Microsoft Office 2003 Resource Kit Downloads page contains a comprehensive set of information and tools designed to help you deploy, support, and maintain Microsoft Office 2003.

http://www.microsoft.com/office/orkarchive/2003ddl.htm

RUNDLL y RUNDLL32 son dos utilidades suministrado con Windows 95/98 y NT.
Se puede llamar a funciones DLL desde la línea de comandos, que nos permite crear archivos de proceso por lotes muy potente.

Yo voy a poner algunos ejemplos, practicos, que sirvan para XP.De momento usaré la librería shell32.

Empezaremos, por mostrar el Panel de Control(Control.exe)

rundll32.exe shell32.dll,Control_RunDLL

Seguimos por un cpl.file

Accesibilidad

Propiedades accesibilidad:Pestaña teclado
rundll32.exe shell32.dll,Control_RunDLL access.cpl,,1
Propiedades accesibilidad:Pestaña sonido
rundll32.exe shell32.dll,Control_RunDLL access.cpl,,2
Propiedades accesibilidad:Pestaña pantalla
rundll32.exe shell32.dll,Control_RunDLL access.cpl,,3
Propiedades accesibilidad:Pestaña ratón
rundll32.exe shell32.dll,Control_RunDLL access.cpl,,4
Propiedades accesibilidad:Pestaña general
rundll32.exe shell32.dll,Control_RunDLL access.cpl,,5

Añadir o eliminar programas (APPWIZ.CPL)

Añadir o eliminar programas (Instalar/Desinstalar):
rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,1
Añadir o eliminar programas (Windows Inicio):
rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,2
Añadir o eliminar programas (Desde disco):
rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,3

Opciones de pantalla (Desk.cpl)

Propiedades: (Fondo):
rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,0
Propiedades: (Salva Pantallas):
rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,1
Propiedades: (Apariencia):
rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,2
Propiedades: (Ajustes):
rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,3

Internet Settings (INETCPL.CPL)
Propiedades Internet (General):
rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,0
Propiedades Internet (Seguridad):
rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,1
Propiedades Internet (Contenido):
rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,2
Propiedades Internet (Conexion):
rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,3
Propiedades Internet (Programas):
rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,4
Propiedades Internet (Avanzado):
rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,5

Configuración Regional y de Idioma (INTL.CPL)
Configuración Regional y de Idioma (Ajustes regionales):
rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,0
Configuración Regional y de Idioma (Idioma):
rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,1
Configuración Regional y de Idioma (Opciones Avanzadas):
rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,2
Configuración Regional y de Idioma (Tiempo):
rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,3
Configuración Regional y de Idioma (Fecha):
rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,4
Configuración Regional y de Idioma (Hora Local):
rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,5

Opciones de Joystick   (JOY.CPL)
Propiedades de Joystick (Joystick):
rundll32.exe shell32.dll,Control_RunDLL joy.cpl

Opciones de Ratón/Teclado/Impresoras/Fuentes  (MAIN.CPL)
Propiedades del ratón:
rundll32.exe shell32.dll,Control_RunDLL main.cpl   @0
Propiedades del teclado:
rundll32.exe shell32.dll,Control_RunDLL main.cpl   @1
Propiedades de Impresoras:
rundll32.exe shell32.dll,Control_RunDLL main.cpl   @2
Fuentes:
rundll32.exe shell32.dll,Control_RunDLL main.cpl   @3

Opciones Multimedia   (MMSYS.CPL)
Propiedades multimedia (Audio):
rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,0
Propiedades multimedia (Video):
rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,1
Propiedades multimedia (MIDI):
rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,2
Propiedades multimedia (CD Music):
rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,3
Propiedades multimedia (Avanzado):
rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,4
Propiedades sonido:
rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl   @1

ODBC Ajustes (ODBCCP32.CPL)
ODBC Data Source Administrator (General):
rundll32.exe shell32.dll,Control_RunDLL odbccp32.cpl

Este es bastante interesante Pero si tienes XP no te funcionará, esto se iguala a control userpasswords2.

Opciones de contraseña   (PASSWORD.CPL)
Propiedades contraseña (Cambiar contraseña):
rundll32.exe shell32.dll,Control_RunDLL password.cpl

runas /noprofile /env /savecred /user:dominio\user “archivo ejecutable con el path”

Así quedó la linea de subtes inaugurada el Martes 22 de Diciembre de 2008.

Viajé ese dia y tomé estas fotos.

Almuerzo con mi madre luego de pasar un rato con mi sobrina Mathilde. Lugar muy recomendable para los que gustan del buen comer (en Buenos Aires, Argentina). Precios accesibles. Vale la pena.

Queda en: Caseros 3399 – Parque Patricios – Buenos Aires.

http://www.nodevice.com/

Wi-Fi Tools

Us vs. Them Products Application Deployments Guides Library Careers

Free Site Survey 800.947.7871

• Webinars
• Wi-Fi Posters

There are several tools that exist to help IT administrators with their networks. We have assembled several cool Wi-Fi tools we found to be of great value in planning, deploying, and managing Wi-Fi networks. Check them out:

Xirrus Wi-Fi Monitor Gadgets, Widgets, and Desklets

Xirrus has created a collection of easy-to-use tools to help you more effectively use and manage your Wi-Fi networks. The Xirrus Wi-Fi Monitor allows you to monitor your surrounding Wi-Fi environment and status of your Wi-Fi connection in real time – all directly from your desktop.

The Xirrus Wi-Fi Monitor is useful for both IT managers and end users, and is available as a Gadget for Windows Vista, a Yahoo! Widget for Windows XP and MacOS, and a Desklet for Linux. A radar-like display graphically displays available Wi-Fi networks and their range. Detailed information is available about surrounding Wi-Fi networks. A Glossary section helps you make sense of all the Wi-Fi terms. Nine different color skins are available to customize the Wi-Fi Monitor’s look for your desktop.

Applications for the Xirrus Wi-Fi Monitor include:

• Searching for Wi-Fi networks
• Verifying Wi-Fi coverage
• Locating Wi-Fi devices
• Displaying laptop Wi-Fi settings
• Detecting rogue APs
• Aiming Wi-Fi antennas
• Education on Wi-Fi

Gadget for Windows Vista
Download Vista Gadget v1.1
Download Vista Gadget Guide v1.1

Yahoo! Widget for Windows XP (requires Yahoo! widget framework – download here)
Download XP Widget v1.1
Download XP Widget Guide v1.1

Yahoo! Widget for Apple Mac OS X (requires Yahoo! widget framework – download here)
Download OS X Widget v1.01
Download OS X Widget Guide v1.01

Desklet for Linux (requires Desklet framework – download here)
Download Desklet v1.0
Download Desklet for Linux Guide v1.0

BgInfo v4.0

BGInfo automatically displays relevant information about a Windows computer on the desktop’s background, such as the computer name, IP address, service pack version, and more. You can edit any field as well as the font and background colors, and can place it in your startup folder so that it runs every boot, or even configure it to display as the background for the logon screen.

For more information on BgInfo v4.0, click here.

Iperf

Iperf is an easy to use and very popular tool that every IT professional should have that measures maximum throughput. Iperf provides you the data to tune TCP and UDP characteristics. Iperf reports throughput, delay jitter, and datagram loss in easy to understand tables and graphs. You can run Iperf from and command line or a GUI interface.

Iperf is copyrighted by the University of Illinois, except for the gnu_getopt.c, gnu_getopt_long.c, gnu_getopt.h files, and inet_aton.c, which are under the GNU General Public License.

Iperf 2.0.2 installer for Windows – Provided by Ted Fines (fines@macalester.edu) at Macalester College, St. Paul, MN.

To download iPerf, click here:kperf_setup.exe

OmniPeek

Use OmniPeek Personal to analyze traffic from a local network segment allowing you to not only view “top talkers”, but also drill down to see which nodes are communicating, which protocols and sub-protocols are being transmitted, and which traffic characteristics are affecting network performance.

For more information on OmniPeek, click here.

PingTest Tool

Ping Test Tool is a handy, powerful, visual ping utility and IP Scanner for IT professionals to check network connections. Ping Test Tool is a graphical ping utility that lets you watch the states of the network and test the connection speeds of various locations. It can save IP addresses and host names and its intuitive interface shows the route, hosts, packet loss percentage, min/max/average response times, etc.

To download PingTest, click here:

http://www.tucows.com/get/501817_201691

Qcheck

Qcheck is a must have and handy tool for any IT professional. It does much more than the traditional “ping” command. As a comparison, here is a summary of the benefits of using Qcheck:

Qcheck vs. Ping	Qcheck	Ping
Tests the response time of traffic on IP networks.
Emulates real application flows across the network to test connectivity and performance.
Tests network throughput.
Tests whether a network can support multimedia traffic.
Tests a network link using the application flows generated by streaming multimedia applications.
Determines at what rate streaming traffic is received and how much packet loss occurs.
Tests the connectivity between your own computer and another computer.
Supports a variety of protocols and can test network performance using TCP, UDP, IPX, and SPX networks.
Shows a workstation’s physical memory, operating system levels and CPU utilization.
Runs traceroute between any two workstations on your network, regardless of their locations.

To get Qcheck and use it:

Install Qcheck on the computer you’ll use to run the Qcheck console. Qcheck runs on any computer running Windows 2000, NT or XP.

Install an Ixia Performance Endpoint (or Qcheck itself, which has the endpoint built in) on any other computers. (You can download Performance Endpoint software free from Ixia!)

Based on the parameters you select, the Qcheck console will instruct any two endpoints to run a test and return the results to you at the Qcheck console.

• For a response time test, Qcheck returns the minimum, maximum and average number of seconds it took to complete a transaction.
• For a throughput test, Qcheck returns the amount of data per second that was successfully sent between the two endpoints.
• For a streaming test, Qcheck returns the rate at which the streaming data was received by the second endpoint and the amount of packet loss that occurred.
• For a traceroute test, Qcheck returns the number of hops, average hop latency, and the address and names of the host at each hop.

TCPView

TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows NT, 2000 and XP TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.

TCPView works on Windows NT/2000/XP and Windows 98/Me. You can use TCPView on Windows 95 if you get the Windows 95 Winsock 2 Update from Microsoft.

For more information on TCPView, click here.

WireShark

WireShark® is a network protocol analyzer, and is the de facto standard across many industries and educational institutions. It is the continuation of a Ethereal that started in 1998.

For more on Wireshark or to download the software, follow these links: click here.

Veriwave WLAN Capacity Calculator

The VeriWave WLAN Capacity calculator determines expected performance of your 802.11 and 802.11n network. Plug in parameters such as number of users, channel bandwidth, and rates to see how your wireless system stacks up.

To download the Veriwave WLAN Capacity Calculator, click here.

Gracias Javier Arce por la contribución…