Sysinternals

https://technet.microsoft.com/en-us/sysinternals/bb847944
 * licensing FAQ


 * What's new: docs.microsoft.com

Utility List in book
category	utility	exe file	Description Process Explorer	Process Explorer	procexp	A task manager replacement. Autoruns	Autoruns	Autoruns	Tool to manage things that start automatically with your computer Process Monitor	Process Monitor	procmon	logs the file system activity, registry, network, process, thread and image activity in real time ProcDump	ProcDump	ProcDump	generates memory dumps PsTools	PsExec	PsExec PsTools	PsFile	PsFile PsTools	PsGetSid	PsGetSid PsTools	PsInfo	PsInfo PsTools	PsKill	PsKill PsTools	PsList	PsList PsTools	PsLoggedOn	PsLoggedOn PsTools	PsLogList	PsLogList	saves event log records PsTools	PsPasswd	PsPasswd PsTools	PsService	PsService PsTools	PsShutdown	PsShutdown PsTools	PsSuspend	PsSuspend Process and diagnostic utilities	VMMap	VMMap Process and diagnostic utilities	DebugView	DebugView Process and diagnostic utilities	LiveKd	LiveKd Process and diagnostic utilities	ListDLLs	ListDLLs Process and diagnostic utilities	Handle	Handle Security utilities	SigCheck	SigCheck Security utilities	AccessChk	AccessChk Security utilities	Sysmon	Sysmon Security utilities	AccessEnum	AccessEnum Security utilities	ShareEnum	ShareEnum Security utilities	ShellRunAs	ShellRunAs Security utilities	Autologon	Autologon Security utilities	LogonSessions	LogonSessions Security utilities	Sdelete	Sdelete Active Directory Utilities	AdExplorer	AdExplorer Active Directory Utilities	AdInsight	AdInsight Active Directory Utilities	AdRestore	AdRestore Desktop utilities	BgInfo	BgInfo Desktop utilities	Desktops	Desktops Desktop utilities	ZoomIt	ZoomIt File utilities	Strings	Strings	Searches files for text (ASCII or Unicode) File utilities	Streams	Streams File utilities	Junction	Junction File utilities	FindLinks	FindLinks File utilities	DU	DU File utilities	PendMove	PendMove File utilities	MoveFile	MoveFile Disk utilities	Disk2Vhd	Disk2Vhd Disk utilities	Sync	Sync	empties disk cache and writes to disk Disk utilities	DiskView	DiskView Disk utilities	Contig	Contig Disk utilities	DiskExt	DiskExt Disk utilities	LDMDump	LDMDump Disk utilities	VolumeID	VolumeID Network and communication utilities	PsPing	PsPing	Measures one-way and round-trip times for TCP or UDP packets, bandwidth and latency Network and communication utilities	TCPView	TCPView Network and communication utilities	Whois	Whois System information utilities	RAMMap	RAMMap System information utilities	RU	RU System information utilities	CoreInfo	CoreInfo System information utilities	WinObj	WinObj System information utilities	LoadOrder	LoadOrder System information utilities	PipeList	PipeList	Lists the listening named pipe System information utilities	ClockRes	ClockRes Miscellaneous utilities	RegJump	RegJump	Open the registry to the specified location Miscellaneous utilities	Hex2Dec	Hex2Dec Miscellaneous utilities	RegDelNull	RegDelNull Miscellaneous utilities	Bluescreen Screen Saver	Bluescreen Screen Saver Miscellaneous utilities	Ctrl2Cap	Ctrl2Cap	The app that started it all. Makes the Caps Lock key a Control key

Tool-list
exe files	name	flag	Notes accesschk.exe	accesschk	1 accesschk64.exe	accesschk64	0 AccessEnum.exe	AccessEnum	1 ADExplorer.exe	ADExplorer	1 ADInsight.exe	ADInsight	1 adrestore.exe	adrestore	1 Autologon.exe	Autologon	1 autoruns.exe	autoruns	1 Autoruns64.exe	Autoruns64	0 autorunsc.exe	autorunsc	0	Sysinternals Autoruns v13.81 - Autostart program viewer autorunsc64.exe	autorunsc64	0 Bginfo.exe	Bginfo	1 Bginfo64.exe	Bginfo64	0 Cacheset.exe	Cacheset	0	GUI to set cache Clockres.exe	Clockres	1 Clockres64.exe	Clockres64	0 Contig.exe	Contig	1 Contig64.exe	Contig64	0 Coreinfo.exe	Coreinfo	1 ctrl2cap.exe	ctrl2cap	1 Dbgview.exe	Dbgview	0	Version 4.81 DebugView is an application that lets you monitor debug output on your local system, or any computer on the network that you can reach via TCP/IP. DEFRAG.EXE	DEFRAG	0	Usage: DEFRAG.EXE Desktops.exe	Desktops	1 disk2vhd.exe	disk2vhd	1 diskext.exe	diskext	1 diskext64.exe	diskext64	0 Diskmon.exe	Diskmon	0	GUI to monitor disk activity DiskView.exe	DiskView	1 du.exe	du	1 du64.exe	du64	0 efsdump.exe	efsdump	0	EFS Information Dumper v1.02 FindLinks.exe	FindLinks	1 FindLinks64.exe	FindLinks64	0 handle.exe	handle	1 handle64.exe	handle64	0 hex2dec.exe	hex2dec	1 hex2dec64.exe	hex2dec64	0 junction.exe	junction	1 junction64.exe	junction64	0 ldmdump.exe	ldmdump	1 Listdlls.exe	Listdlls	1 Listdlls64.exe	Listdlls64	0 livekd.exe	livekd	1 livekd64.exe	livekd64	0 LoadOrd.exe	LoadOrd	0	Load order for drivers and services LoadOrd64.exe	LoadOrd64	0 LoadOrdC.exe	LoadOrdC	0	command line version of loadord LoadOrdC64.exe	LoadOrdC64	0 logonsessions.exe	logonsessions	1 logonsessions64.exe	logonsessions64	0 movefile.exe	movefile	1 movefile64.exe	movefile64	0 notmyfault.exe	notmyfault	0	see notmyfaultc notmyfault64.exe	notmyfault64	0 notmyfaultc.exe	notmyfaultc	0	Sysinternals NotMyfault v4.01 - Driver Bug Test Program notmyfaultc64.exe	notmyfaultc64	0 ntfsinfo.exe	ntfsinfo	0	NtfsInfo v1.2 - NTFS Information Dump ntfsinfo64.exe	ntfsinfo64	0 pagedfrg.exe	pagedfrg	0 pendmoves.exe	pendmoves	0	PendMoves v1.3 - Lists pending delayed movefile operations pendmoves64.exe	pendmoves64	0 pipelist.exe	pipelist	1 pipelist64.exe	pipelist64	0 portmon.exe	portmon	0 procdump.exe	procdump	1 procdump64.exe	procdump64	0 procexp.exe	procexp	1 procexp64.exe	procexp64	0 Procmon.exe	Procmon	1 psexec.exe	psexec	1 PsExec64.exe	PsExec64	0 psfile.exe	psfile	1 psfile64.exe	psfile64	0 psgetsid.exe	psgetsid	1 PsGetsid64.exe	PsGetsid64	0 Psinfo.exe	Psinfo	1 PsInfo64.exe	PsInfo64	0 pskill.exe	pskill	1 pskill64.exe	pskill64	0 pslist.exe	pslist	1 pslist64.exe	pslist64	0 psloggedon.exe	psloggedon	1 PsLoggedon64.exe	PsLoggedon64	0 psloglist.exe	psloglist	1 pspasswd.exe	pspasswd	1 pspasswd64.exe	pspasswd64	0 psping.exe	psping	1 psping64.exe	psping64	0 psservice.exe	psservice	1 PsService64.exe	PsService64	0 psshutdown.exe	psshutdown	1 pssuspend.exe	pssuspend	1 pssuspend64.exe	pssuspend64	0 RAMMap.exe	RAMMap	1 RegDelNull.exe	RegDelNull	1 RegDelNull64.exe	RegDelNull64	0 Reghide.exe	Reghide	0	Creates a registry key that can not be opened with Regedit/Regedit32 regjump.exe	regjump	1 RootkitRevealer.exe	RootkitRevealer	0	scans the registry and local volumes looking for rootkits. ru.exe	ru	1 ru64.exe	ru64	0 sdelete.exe	sdelete	1 sdelete64.exe	sdelete64	0 ShareEnum.exe	ShareEnum	1 ShellRunas.exe	ShellRunas	1 sigcheck.exe	sigcheck	1 sigcheck64.exe	sigcheck64	0 streams.exe	streams	1 streams64.exe	streams64	0 strings.exe	strings	1 strings64.exe	strings64	0 sync.exe	sync	1 sync64.exe	sync64	0 Sysmon.exe	Sysmon	1 Sysmon64.exe	Sysmon64	0 tcpvcon.exe	tcpvcon	0	TCPView v3.01 - TCP/UDP endpoint viewer Tcpview.exe	Tcpview	1 Testlimit.exe	Testlimit	0	Testlimit v5.24 - test Windows limits Testlimit64.exe	Testlimit64	0 vmmap.exe	vmmap	1 Volumeid.exe	Volumeid	1 Volumeid64.exe	Volumeid64	0 whois.exe	whois	1 whois64.exe	whois64	0 Winobj.exe	Winobj	1 ZoomIt.exe	ZoomIt	1

Top 10 tool list from techtarget
PsExec: Remotely executes processes * PsFile: Shows files opened remotely * PsGetSid: Displays the computer's security identifier * PsPing: Measures network performance * PsInfo: Displays basic information about the system * PsKill: Terminates a running process * PsList: Lists detailed information about running processes * PsLoggedOn: Shows who is logged onto the system, both locally and through resource sharing * PsLogList: Dumps event log records * PsPassword: Changes account passwords * PsService: A command-line utility for viewing and controlling system services * PsShutdown: Forces a reboot or a shutdown of the system * PsSuspend: Suspends a running process
 * AccessChk
 * AutoRuns
 * BgInfo
 * Disk2vhd
 * Handle
 * Process Explorer
 * PsPing
 * PsTools -


 * ShellRunas
 * TCPView