Pagine

Tool Sysinternal

Sysinternals Suite


http://technet.microsoft.com/en-gb/sysinternals/bb842062


Segno alcune utility interessanti si Sysinternal:


Disk2vhd
Disk2vhd simplifies the migration of physical systems into virtual machines (p2v).
MoveFile
Schedule file rename and delete commands for the next reboot. This can be useful for cleaning stubborn or in-use malware files.
PageDefrag

Defragment your paging files and Registry hives!
ShareEnum

Scan file shares on your network and view their security settings to close security holes.
AdRestore
Undelete Server 2003 Active Directory objects.



PsTools
The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.




TCPView
Active socket command-line viewer.
Whois
See who owns an Internet address.
Autoruns
See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.



ShellRunas
Launch programs as a different user via a convenient shell context-menu entry.



PsGetSid
Displays the SID of a computer or a user.



Process Monitor
Monitor file system, Registry, process, thread and DLL activity in real-time.



Autologon
Bypass password screen during logon.



RootkitRevealer
Scan your system for rootkit-based malware



Desktops
This new utility enables you to create up to four virtual desktops and to use a tray interface or hotkeys to preview what’s on each desktop and easily switch between them.



Hex2dec
Convert hex numbers to decimal and vice versa.



trings
Search for ANSI and UNICODE strings in binary images.


Sysinternal Live


Nonostante si possano lanciare direttamente da rete senza doverli scaricaricare, ad esempio il programma Autoruns.exe può essere lanciato con il comando:


a volte può essere utile avere una copia in locale di tutti i programmi e poterla sincronizzare a intervalli regolari.

Per far questo possiamo usare il programma Robocopy e un piccolo file batch

Iniziamo creando una directory che conterrà tutti i programmmi, ad esempio:

c:\Program Files (x86)\Sysinternals Suite

dopodichè apriamo il notepad e inseriamo queste righe:

@echo off
set path=c:\Program Files (x86)\Sysinternals Suite
%windir%\system32\robocopy \\live.sysinternals.com\Tools "%path%" /w:0 /r:0 /log+:"%path%\Update.log"

infine salviamo il file come Update.cmd nella directory appena creata.

Possiamo provare anche a lanciarlo e dopo qualche secondo dovremmo vedere i files che vengono scaricati e alla fine un log dell’operazione del file Update.log.