Windows系统工具扩展包


    可以在系统中集成一些工具.
    包括 PsTools(PsPing…),whois,Process Monitor,TCPView,Autoruns,Autologon 等等.


  • 使用方法
    1. 下载工具包.
    2. 提取解压对应文件.
    3. 将对应的.exe文件复制到
      %WINDIR%\System32
      文件夹中.
    4. 通过命令行运行对应的命令.


  • PsTools
    • PsExec – execute processes remotely
    • PsFile – shows files opened remotely
    • PsGetSid – display the SID of a computer or a user
    • PsInfo – list information about a system
    • PsPing – measure network performance
    • PsKill – kill processes by name or process ID
    • PsList – list detailed information about processes
    • PsLoggedOn – see who’s logged on locally and via resource sharing (full source is included)
    • PsLogList – dump event log records
    • PsPasswd – changes account passwords
    • PsService – view and control services
    • PsShutdown – shuts down and optionally reboots a computer
    • PsSuspend – suspends processes
    • PsUptime – shows you how long a system has been running since its last reboot (PsUptime’s functionality has been incorporated into PsInfo)

    详细页面
    https://technet.microsoft.com/en-us/sysinternals/pstools
    工具下载
    https://download.sysinternals.com/files/PSTools.zip


  • Whois
    • Usage: whois [-v] domainname [whois.server]
      -v Print whois information for referrals

    详细页面
    https://technet.microsoft.com/en-us/sysinternals/whois
    工具下载
    https://download.sysinternals.com/files/WhoIs.zip


  • Process Monitor
    • Process Monitor includes powerful monitoring and filtering capabilities, including:

    • More data captured for operation input and output parameters
    • Non-destructive filters allow you to set filters without losing data
    • Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation
    • Reliable capture of process details, including image path, command line, user and session ID
    • Configurable and moveable columns for any event property
    • Filters can be set for any data field, including fields not configured as columns
    • Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data
    • Process tree tool shows relationship of all processes referenced in a trace
    • Native log format preserves all data for loading in a different Process Monitor instance
    • Process tooltip for easy viewing of process image information
    • Detail tooltip allows convenient access to formatted data that doesn’t fit in the column
    • Cancellable search
    • Boot time logging of all operations

    详细页面
    https://technet.microsoft.com/en-US/sysinternals/processmonitor.aspx
    工具下载
    https://download.sysinternals.com/files/ProcessMonitor.zip


  • TCPView
    • TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.

    详细页面
    https://technet.microsoft.com/en-us/sysinternals/tcpview
    工具下载
    https://download.sysinternals.com/files/TCPView.zip


  • Autoruns
    • This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and when you start various built-in Windows applications like Internet Explorer, Explorer and media players. These programs and drivers include ones in your startup folder, Run, RunOnce, and other Registry keys. Autoruns reports Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond other autostart utilities.

    详细页面
    https://technet.microsoft.com/en-us/sysinternals/bb963902
    工具下载
    https://download.sysinternals.com/files/Autoruns.zip


  • Autologon
    • Autologon enables you to easily configure Windows’ built-in autologon mechanism. Instead of waiting for a user to enter their name and password, Windows uses the credentials you enter with Autologon, which are encrypted in the Registry, to log on the specified user automatically.

    详细页面
    https://technet.microsoft.com/en-us/sysinternals/autologon
    工具下载
    https://download.sysinternals.com/files/AutoLogon.zip

发表评论

电子邮件地址不会被公开。 必填项已用*标注