[General]
SoftwareCount=74
GroupCount=7
Name=Sysinternals Suite

[Group0]
name=File and Disk Utilities

[Group1]
name=Networking Utilities

[Group2]
name=Process Utilities

[Group3]
name=Security Utilities

[Group4]
name=System Information Utilites

[Group5]
name=Miscellaneous Utilities

[Group6]
name=All Utilities
ShowAll=1

[Software0]
exe=accesschk.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx
group=3
Name=AccessChk
AppName=AccessChk
ShortDesc=Shows accesses the user or group has to files, Registry keys or Windows services
LongDesc=As a part of ensuring that they've created a secure environment Windows administrators often need to know what kind of accesses specific users or groups have to resources including files, directories, Registry keys, global objects and Windows services. AccessChk quickly answers these questions with an intuitive interface and output.

[Software1]
exe=AccessEnum.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx
group=3
Name=AccessEnum
AppName=AccessEnum
ShortDesc=Shows who has what access to directories, files and Registry keys on your systems
LongDesc=While the flexible security model employed by Windows NT-based systems allows full control over security and file permissions, managing permissions so that users have appropriate access to files, directories and Registry keys can be difficult. AccessEnum gives you a full view of your file system and Registry security settings in seconds, making it the ideal tool for helping you for security holes and lock down permissions where necessary.

[Software2]
exe=ADExplorer.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb963907.aspx
group=1
Name=ADExplorer
AppName=ADExplorer
ShortDesc=Advanced Active Directory (AD) viewer and editor
LongDesc=Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object's schema, and execute sophisticated searches that you can save and re-execute. AD Explorer also includes the ability to save snapshots of an AD database for off-line viewing and comparisons. When you load a saved snapshot, you can navigate and explorer it as you would a live database. If you have two snapshots of an AD database you can use AD Explorer's comparison functionality to see what objects, attributes and security permissions changed between them.

[Software3]
exe=ADInsight.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897539.aspx
group=1
Name=ADInsight
AppName=ADInsight
ShortDesc=LDAP (Light-weight Directory Access Protocol) real-time monitoring tool
LongDesc=ADInsight is an LDAP (Light-weight Directory Access Protocol) real-time monitoring tool aimed at troubleshooting Active Directory client applications. Use its detailed tracing of Active Directory client-server communications to solve Windows authentication, Exchange, DNS, and other problems.

[Software4]
exe=adrestore.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb963906.aspx
group=1
Name=ADRestore
AppName=ADRestore
ShortDesc=Undeletes Server 2003 Active Directory objects
LongDesc=Windows Server 2003 introduces the ability to restore deleted ("tombstoned") objects. This simple command-line utility enumerates the deleted objects in a domain and gives you the option of restoring each one.

[Software5]
exe=Autologon.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb963905.aspx
group=3
Name=Autologon
AppName=Autologon
ShortDesc=Bypasses password screen during logon
LongDesc=Autologon enables you to easily configure Windows’ built-in autologon mechanism. Instead of waiting for a user to enter their name and password, Windows uses the credentials you enter with Autologon, which are encrypted in the Registry, to log on the specified user automatically.

[Software6]
exe=autoruns.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
group=4
Name=Autoruns
AppName=Autoruns
ShortDesc=Shows what programs are configured to run during system bootup or login
LongDesc=This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.

[Software7]
exe=autorunsc.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
group=4
Name=Autoruns Command-line
AppName=Autoruns Command-line
ShortDesc=Shows what programs are configured to run during system bootup or login. Command-line version
LongDesc=This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.

[Software8]
exe=Bginfo.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897557.aspx
group=5
Name=BGInfo
AppName=BGInfo
ShortDesc=Displays relevant information about a Windows computer on the desktop background
LongDesc=How many times have you walked up to a system in your office and needed to click through several diagnostic windows to remind yourself of important aspects of its configuration, such as its name, IP address, or operating system version? If you manage multiple computers you probably need BGInfo. It automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more. You can edit any field as well as the font and background colors, and can place it in your startup folder so that it runs every boot, or even configure it to display as the background for the logon screen.

[Software9]
exe=Cacheset.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897561.aspx
group=0
Name=CacheSet
AppName=CacheSet
ShortDesc=Allows to control the Cache Manager's working set size
LongDesc=CacheSet is an applet that allows you to manipulate the working-set parameters of the system file cache. Unlike CacheMan, CacheSet runs on all versions of NT and will work without modifications on new Service Pack releases. In addition to providing you the ability to control the minimum and maximum working set sizes, it also allows you to reset the Cache's working set, forcing it to grow as necessary from a minimal starting point. Also unlike CacheMan, changes made with CacheSet have an immediate effect on the size of the Cache.

[Software10]
exe=Clockres.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897568.aspx
group=4
Name=ClockRes
AppName=ClockRes
ShortDesc=Views resolution of the system clock
LongDesc=Ever wondered what the resolution of the system clock was, or perhaps the maximum timer resolution that your application could obtain The answer lies in a simple function named GetSystemTimeAdjustment, and the ClockRes applet performs the function and shows you the result.

[Software11]
exe=Contig.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897428.aspx
group=0
Name=Contig
AppName=Contig
ShortDesc=Optimizes individual files or creates new files that are contiguous
LongDesc=Contig is a single-file defragmenter that attempts to make files contiguous on disk. Its perfect for quickly optimizing files that are continuously becoming fragmented, or that you want to ensure are in as few fragments as possible. Contig can be used to defrag an existing file, or to create a new file of a specified size and name, optimizing its placement on disk. Contig uses standard Windows defragmentation APIs so it won't cause disk corruption, even if you terminate it while its running.

[Software12]
exe=Coreinfo.exe
url=http://technet.microsoft.com/en-us/sysinternals/cc835722.aspx
group=4
Name=Coreinfo
AppName=Coreinfo
ShortDesc=Shows CPU caps and memory topology
LongDesc=Coreinfo is a command-line utility that shows you the mapping between logical processors and the physical processor, NUMA node, and socket on which they reside, as well as the cache’s assigned to each logical processor. It uses the Windows’ GetLogicalProcessorInformation function to obtain this information and prints it to the screen, representing a mapping to a logical processor with an asterisk e.g. ‘*’. Coreinfo is useful for gaining insight into the processor and cache topology of your system.

[Software13]
exe=ctrl2cap.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897578.aspx
group=5
Name=Ctrl2Cap
AppName=Ctrl2Cap
ShortDesc=Kernel-mode driver that demonstrates keyboard input filtering just above the keyboard class driver in order to turn caps-locks into control keys
LongDesc=Ctrl2Cap is a kernel-mode device driver that filters the system's keyboard class driver in order to convert caps-lock characters into control characters. Install Ctrl2Cap running the command "ctrl2cap /install" from the directory into which you've unzipped the Ctrl2Cap files. To uninstall type "ctrl2cap /uninstall".

[Software14]
exe=Dbgview.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx
group=5
Name=DebugView
AppName=DebugView
ShortDesc=Monitors debug output on your local system or any computer on the network
LongDesc=DebugView is an application that lets you monitor debug output on your local system, or any computer on the network that you can reach via TCP/IP. It is capable of displaying both kernel-mode and Win32 debug output, so you don't need a debugger to catch the debug output your applications or device drivers generate, nor do you need to modify your applications or drivers to use non-standard debug output APIs.

[Software15]
exe=Desktops.exe
url=http://technet.microsoft.com/en-us/sysinternals/cc817881.aspx
group=5
Name=Desktops
AppName=Desktops
ShortDesc=Organizes your applications on up to four virtual desktops
LongDesc=Desktops allows you to organize your applications on up to four virtual desktops. Read email on one, browse the web on the second, and do work in your productivity software on the third, without the clutter of the windows you're not using. After you configure hotkeys for switching desktops, you can create and switch desktops either by clicking on the tray icon to open a desktop preview and switching window, or by using the hotkeys.

[Software16]
exe=diskext.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb896648.aspx
group=0
Name=DiskExt
AppName=DiskExt
ShortDesc=Displays volume disk-mappings
LongDesc=DiskExt demonstrates the use of the IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS command that returns information about what disks the partitions of a volume are located on (multipartition disks can reside on multiple disks) and where on the disk the partitions are located.

[Software17]
exe=Diskmon.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb896646.aspx
group=0
Name=DiskMon
AppName=DiskMon
ShortDesc=Captures all hard disk activity
LongDesc=DiskMon is an application that logs and displays all hard disk activity on a Windows system. You can also minimize DiskMon to your system tray where it acts as a disk light, presenting a green icon when there is disk-read activity and a red icon when there is disk-write activity.

[Software18]
exe=DiskView.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb896650.aspx
group=0
Name=DiskView
AppName=DiskView
ShortDesc=Views disk usage by directory
LongDesc=DiskView shows you a graphical map of your disk, allowing you to determine where a file is located or, by clicking on a cluster, seeing which file occupies it. Double-click to get more information about a file to which a cluster is allocated.

[Software19]
exe=du.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb896651.aspx
group=0
Name=DiskUsage
AppName=DiskUsage
ShortDesc=Reports disk space usage for the specified directory
LongDesc=Du (disk usage) reports the disk space usage for the directory you specify. By default it recurses directories to show the total size of a directory and its subdirectories.

[Software20]
exe=efsdump.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb896735.aspx
group=0
Name=EFSDump
AppName=EFSDump
ShortDesc=Views encrypted files information
LongDesc=Windows 2000 introduces the Encrypting File System (EFS) so that users can protect their sensitive data. Several new APIs make their debut to support this factility, including one-QueryUsersOnEncryptedFile-that lets you see who has access to encrypted files. This applet uses the API to show you what accounts are authorized to access encrypted files.

[Software21]
exe=handle.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb896655.aspx
group=2
Name=Handle
AppName=Handle
ShortDesc=Shows what files are open by which processes
LongDesc=Handle is a utility that displays information about open handles for any process in the system. You can use it to see the programs that have a file open, or to see the object types and names of all the handles of a program.

[Software22]
exe=hex2dec.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb896736.aspx
group=5
Name=Hex2dec
AppName=Hex2dec
ShortDesc=Converts a hexadecimal number to decimal and vice versa
LongDesc=Tired of running Calc everytime you want to convert a hexadecimal number to decimal? Now you can convert hex to decimal and vice versa with this simple command-line utility.

[Software23]
exe=junction.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb896768.aspx
group=0
Name=Junction
AppName=Junction
ShortDesc=Creates NTFS symbolic links
LongDesc=Windows 2000 and higher supports directory symbolic links, where a directory serves as a symbolic link to another directory on the computer. For example, if the directory D:\SYMLINK specified C:\WINNT\SYSTEM32 as its target, then an application accessing D:\SYMLINK\DRIVERS would in reality be accessing C:\WINNT\SYSTEM32\DRIVERS. Directory symbolic links are known as NTFS junctions in Windows. Unfortunately, Windows comes with no tools for creating junctions—you have to purchase the Win2K Resource Kit, which comes with the linkd program for creating junctions. Junction not only allows you to create NTFS junctions, it allows you to see if files or directories are actually reparse points. Reparse points are the mechanism on which NTFS junctions are based, and they are used by Windows' Remote Storage Service (RSS), as well as volume mount points.

[Software24]
exe=ldmdump.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897413.aspx
group=0
Name=LDMDump
AppName=LDMDump
ShortDesc=Dumps contents of Logical Disk Manager on-disk database
LongDesc=Windows 2000 introduces a new type of disk partitioning scheme that is managed by a component called the Logical Disk Manager (LDM). Windows 2000 introduces a new type of disk partitioning scheme that is managed by a component called the Logical Disk Manager (LDM).LDMDump is a utility that lets you examine exactly what is stored in a disk's copy of the system LDM database. LDMDump shows you the contents of the LDM database private header, table-of-contents, and object database (where partition, component and volume definitions are stored), and then summarizes its finding with partition table and volume listings.

[Software25]
exe=Listdlls.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb896656.aspx
group=2
Name=ListDLLs
AppName=ListDLLs
ShortDesc=Lists all the DLLs that are currently loaded, including where they are loaded and their version numbers
LongDesc=Unlike tlist, however, ListDLLs is able to show you the full path names of loaded modules - not just their base names. In addition, ListDLLs will flag loaded DLLs that have different version numbers than their corresponding on-disk files (which occurs when the file is updated after a program loads the DLL), and can tell you which DLLs were relocated because they are not loaded at their base address.

[Software26]
exe=livekd.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897415.aspx
group=4
Name=LiveKd
AppName=LiveKd
ShortDesc=Uses Microsoft kernel debuggers to examine a live system
LongDesc=LiveKd allows you to run the Kd and Windbg Microsoft kernel debuggers, which are part of the Debugging Tools for Windows package, locally on a live system. Execute all the debugger commands that work on crash dump files to look deep inside the system. See the Debugging Tools for Windows documentation and our book for information on how to explore a system with the kernel debuggers. While the latest versions of Windbg and Kd have a similar capability on Windows XP and Server 2003, LiveKD enables more functionality, such as viewing thread stacks with the !thread command, than Windbg and Kd's own live kernel debugging facility.

[Software27]
exe=LoadOrd.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897416.aspx
group=4
Name=LoadOrder
AppName=LoadOrder
ShortDesc=Shows order in which devices are loaded on Windows system
LongDesc=This applet shows you the order that a Windows NT or Windows 2000 system loads device drivers. Note that on Windows 2000 plug-and-play drivers may actually load in a different order than the one calculated, because plug-and-play drivers are loaded on demand during device detection and enumeration.

[Software28]
exe=logonsessions.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb896769.aspx
group=3
Name=LogonSessions
AppName=LogonSessions
ShortDesc=Lists active logon sessions
LongDesc=If you think that when you logon to a system there's only one active logon session, this utility will surprise you. It lists the currently active logon sessions and, if you specify the -p option, the processes running in each session.

[Software29]
exe=movefile.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897556.aspx
group=0
Name=MoveFile
AppName=MoveFile
ShortDesc=Schedules file rename and delete commands for the next reboot
LongDesc=There are several applications, such as service packs and hotfixes, that must replace a file that's in use and is unable to. Windows therefore provides the MoveFileEx API to rename or delete a file and allows the caller to specify that they want the operation to take place the next time the system boots, before the files are referenced.

[Software30]
exe=newsid.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx
group=0
Name=NewSID
AppName=NewSID
ShortDesc=Changes computer SID
LongDesc=Many organizations use disk image cloning to perform mass rollouts of Windows. This technique involves copying the disks of a fully installed and configured Windows computer onto the disk drives of other computers. These other computers effectively appear to have been through the same install process, and are immediately available for use. While this method saves hours of work and hassle over other rollout approaches, it has the major problem that every cloned system has an identical Computer Security Identifier (SID). This fact compromises security in Workgroup environments, and removable media security can also be compromised in networks with multiple identical computer SIDs. NewSID is a program we developed that changes a computer's SID. It is free and is a Win32 program, meaning that it can easily be run on systems that have been previously cloned.

[Software31]
exe=ntfsinfo.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897424.aspx
group=0
Name=NTFSInfo
AppName=NTFSInfo
ShortDesc=Views detailed information about NTFS volumes
LongDesc=NTFSInfo is a little applet that shows you information about NTFS volumes. Its dump includes the size of a drive's allocation units, where key NTFS files are located, and the sizes of the NTFS metadata files on the volume.

[Software32]
exe=pagedfrg.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897426.aspx
group=0
Name=PageDefrag
AppName=PageDefrag
ShortDesc=Defragments paging files and Registry hives
LongDesc=One of the limitations of the Windows NT/2000 defragmentation interface is that it is not possible to defragment files that are open for exclusive access. Thus, standard defragmentation programs can neither show you how fragmented your paging files or Registry hives are, nor defragment them. Paging and Registry file fragmentation can be one of the leading causes of performance degradation related to file fragmentation in a system. PageDefrag uses advanced techniques to provide you what commercial defragmenters cannot: the ability for you to see how fragmented your paging files and Registry hives are, and to defragment them. In addition, it defragments event log files and Windows 2000/XP hibernation files (where system memory is saved when you hibernate a laptop).

[Software33]
exe=pendmoves.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897556.aspx
group=0
Name=PendMoves
AppName=PendMoves
ShortDesc=Shows what files are scheduled for delete or rename the next time the system boots
LongDesc=There are several applications, such as service packs and hotfixes, that must replace a file that's in use and is unable to. Windows therefore provides the MoveFileEx API to rename or delete a file and allows the caller to specify that they want the operation to take place the next time the system boots, before the files are referenced. Session Manager performs this task by reading the registered rename and delete commands from the HKLM\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations value.

[Software34]
exe=pipelist.exe
url=http://technet.microsoft.com/en-us/sysinternals/dd581625.aspx
group=4
Name=PipeList
AppName=PipeList
ShortDesc=Displays the named pipes on your system
LongDesc=Did you know that the device driver that implements named pipes is actually a file system driver? In fact, the driver's name is NPFS.SYS, for "Named Pipe File System". What you might also find surprising is that its possible to obtain a directory listing of the named pipes defined on a system.

[Software35]
exe=portmon.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb896644.aspx
group=2
Name=Portmon
AppName=Portmon
ShortDesc=Monitors serial and parallel port activity
LongDesc=Portmon is a utility that monitors and displays all serial and parallel port activity on a system. It has advanced filtering and search capabilities that make it a powerful tool for exploring the way Windows works, seeing how applications use ports, or tracking down problems in system or application configurations.

[Software36]
exe=procdump.exe
url=http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx
group=2
Name=ProcDump
AppName=ProcDump
ShortDesc=Captures process dumps to isolate and reproduce CPU spikes
LongDesc=ProcDump is a command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during a spike that an administrator or developer can use to determine the cause of the spike. ProcDump also includes hung window monitoring (using the same definition of a window hang that Windows and Task Manager use), unhandled exception monitoring and can generate dumps based on the values of system performance counters. It also can serve as a general process dump utility that you can embed in other scripts.

[Software37]
exe=procexp.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
group=2
Name=ProcessExplorer
AppName=ProcessExplorer
ShortDesc=Finds out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more
LongDesc=Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded. The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

[Software38]
exe=ProcFeatures.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897554.aspx
group=4
Name=ProcFeatures
AppName=ProcFeatures
ShortDesc=Reports processor and Windows support for Physical Address Extensions and No Execute buffer overflow protection
LongDesc=ProcessorFeatures is a no-frills applet that uses the Windows IsProcessorFeaturePresent API to determine if the processor and Windows supports various features such as No-Execute pages, Physical Address Extensions (PAE), and a real-time cycle counter.

[Software39]
exe=Procmon.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
group=2
Name=ProcessMonitor
AppName=ProcessMonitor
ShortDesc=Monitors file system, Registry, process, thread and DLL activity in real-time
LongDesc=Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

[Software40]
exe=psexec.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
group=2
Name=PsExec
AppName=PsExec
ShortDesc=Executes processes remotely
LongDesc=PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software. PsExec's most powerful uses include launching interactive command-prompts on remote systems and remote-enabling tools like IpConfig that otherwise do not have the ability to show information about remote systems.

[Software41]
exe=psfile.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897552.aspx
group=1
Name=PsFile
AppName=PsFile
ShortDesc=Shows what files are opened remotely
LongDesc=PsFile is a command-line utility that shows a list of files on a system that are opened remotely, and it also allows you to close opened files either by name or by a file identifier.

[Software42]
exe=psgetsid.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx
group=3
Name=PsGetSid
AppName=PsGetSid
ShortDesc=Displays the SID of a computer or a user
LongDesc=PsGetsid allows you to translate SIDs to their display name and vice versa. It works on builtin accounts, domain accounts, and local accounts.

[Software43]
exe=Psinfo.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897550.aspx
group=4
Name=PsInfo
AppName=PsInfo
ShortDesc=Obtains information about system
LongDesc=PsInfo is a command-line tool that gathers key information about the local or remote Windows NT/2000 system, including the type of installation, kernel build, registered organization and owner, number of processors and their type, amount of physical memory, the install date of the system, and if its a trial version, the expiration date.

[Software44]
exe=pskill.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb896683.aspx
group=2
Name=PsKill
AppName=PsKill
ShortDesc=Terminates local or remote processes
LongDesc=Windows NT/2000 does not come with a command-line 'kill' utility. You can get one in the Windows NT or Win2K Resource Kit, but the kit's utility can only terminate processes on the local computer. PsKill is a kill utility that not only does what the Resource Kit's version does, but can also kill processes on remote systems. You don't even have to install a client on the target computer to use PsKill to terminate a remote process.

[Software45]
exe=pslist.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb896682.aspx
group=2
Name=PsList
AppName=PsList
ShortDesc=Shows information about processes and threads
LongDesc=PsList shows information about processes on local or remote systems. Like Windows NT/2K's built-in PerfMon monitoring tool, PsList uses the Windows NT/2K performance counters to obtain the information it displays.

[Software46]
exe=psloggedon.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897545.aspx
group=3
Name=PsLoggedOn
AppName=PsLoggedOn
ShortDesc=Shows users logged on to a system
LongDesc=You can determine who is using resources on your local computer with the "net" command ("net session"), however, there is no built-in way to determine who is using the resources of a remote computer. In addition, NT comes with no tools to see who is logged onto a computer, either locally or remotely. PsLoggedOn is an applet that displays both the locally logged on users and users logged on via resources for either the local computer, or a remote one. If you specify a user name instead of a computer, PsLoggedOn searches the computers in the network neighborhood and tells you if the user is currently logged on.

[Software47]
exe=psloglist.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx
group=3
Name=PsLogList
AppName=PsLogList
ShortDesc=Dumps event log records
LongDesc=The Resource Kit comes with a utility, elogdump, that lets you dump the contents of an Event Log on the local or a remote computer. PsLogList is a clone of elogdump except that PsLogList lets you login to remote systems in situations your current set of security credentials would not permit access to the Event Log, and PsLogList retrieves message strings from the computer on which the event log you view resides.

[Software48]
exe=pspasswd.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897543.aspx
group=3
Name=PsPasswd
AppName=PsPasswd
ShortDesc=Local and remote password changer
LongDesc=Systems administrators that manage local administrative accounts on multiple computers regularly need to change the account password as part of standard security practices. PsPasswd is a tool that lets you change an account password on the local or remote systems, enabling administrators to create batch files that run PsPasswd against the computers they manage in order to perform a mass change of the administrator password.

[Software49]
exe=psservice.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897542.aspx
group=2
Name=PsService
AppName=PsService
ShortDesc=Views and controls services
LongDesc=PsService is a service viewer and controller for Windows. Like the SC utility that's included in the Windows NT and Windows 2000 Resource Kits, PsService displays the status, configuration, and dependencies of a service, and allows you to start, stop, pause, resume and restart them. Unlike the SC utility, PsService enables you to logon to a remote system using a different account, for cases when the account from which you run it doesn't have required permissions on the remote system. PsService includes a unique service-search capability, which identifies active instances of a service on your network. You would use the search feature if you wanted to locate systems running DHCP servers, for instance.

[Software50]
exe=psshutdown.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897541.aspx
group=3
Name=PsShutdown
AppName=PsShutdown
ShortDesc=Shutdowns, logoffs and power manages local and remote systems
LongDesc=PsShutdown is a command-line utility similar to the shutdown utility from the Windows 2000 Resource Kit, but with the ability to do much more. In addition to supporting the same options for shutting down or rebooting the local or a remote computer, PsShutdown can logoff the console user or lock the console (locking requires Windows 2000 or higher). PsShutdown requires no manual installation of client software.

[Software51]
exe=pssuspend.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897540.aspx
group=2
Name=PsSuspend
AppName=PsSuspend
ShortDesc=Suspends and resumes processes
LongDesc=PsSuspend lets you suspend processes on the local or a remote system, which is desirable in cases where a process is consuming a resource (e.g. network, CPU or disk) that you want to allow different processes to use. Rather than kill the process that's consuming the resource, suspending permits you to let it continue operation at some later point in time.

[Software52]
exe=RegDelNull.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897448.aspx
group=5
Name=RegDelNull
AppName=RegDelNull
ShortDesc=Scans for and deletes Registry keys that contain embedded null-characters
LongDesc=This command-line utility searches for and allows you to delete Registry keys that contain embedded-null characters and that are otherwise undeleteable using standard Registry-editing tools. Note: deleting Registry keys may cause the applications they are associated with to fail.

[Software53]
exe=regjump.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb963880.aspx
group=5
Name=RegJump
AppName=RegJump
ShortDesc=Jumps to the specified registry path in Regedit
LongDesc=This little command-line applet takes a registry path and makes Regedit open to that path. It accepts root keys in standard (e.g. HKEY_LOCAL_MACHINE) and abbreviated form (e.g. HKLM).

[Software54]
exe=RootkitRevealer.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
group=3
Name=RootkitRevealer
AppName=RootkitRevealer
ShortDesc=Scans your system for rootkit-based malware
LongDesc=RootkitRevealer is an advanced rootkit detection utility. It runs on Windows XP (32-bit) and Windows Server 2003 (32-bit), and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys). If you use it to identify the presence of a rootkit please let us know!

[Software55]
exe=sdelete.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx
group=0
Name=SDelete
AppName=SDelete
ShortDesc=Securely overwrites files and cleanses free space of previously deleted files
LongDesc=The only way to ensure that deleted files, as well as files that you encrypt with EFS, are safe from recovery is to use a secure delete application. Secure delete applications overwrite a deleted file's on-disk data using techiques that are shown to make disk data unrecoverable, even using recovery technology that can read patterns in magnetic media that reveal weakly deleted files. You can use SDelete both to securely delete existing files, as well as to securely erase any file data that exists in the unallocated portions of a disk (including files that you have already deleted or encrypted).

[Software56]
exe=ShareEnum.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx
group=1
Name=ShareEnum
AppName=ShareEnum
ShortDesc=Scans file shares on network and views their security settings
LongDesc=An aspect of Windows NT/2000/XP network security that's often overlooked is file shares. A common security flaw occurs when users define file shares with lax security, allowing unauthorized users to see sensitive files. There are no built-in tools to list shares viewable on a network and their security settings, but ShareEnum fills the void and allows you to lock down file shares in your network.

[Software57]
exe=ShellRunas.exe
url=http://technet.microsoft.com/en-us/sysinternals/cc300361.aspx
group=2
Name=ShellRunas
AppName=ShellRunas
ShortDesc=Launches programs as a different user via a convenient shell context-menu entry
LongDesc=The command-line Runas utility is handy for launching programs under different accounts, but it’s not convenient if you’re a heavy Explorer user. ShellRunas provides functionality similar to that of Runas to launch programs as a different user via a convenient shell context-menu entry.

[Software58]
exe=sigcheck.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897441.aspx
group=0
Name=Sigcheck
AppName=Sigcheck
ShortDesc=Dumps file version information and verify that image is digitally signed
LongDesc=Verify that images are digitally signed and dump version information with this simple command-line utility.

[Software59]
exe=streams.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx
group=0
Name=Streams
AppName=Streams
ShortDesc=Reveals NTFS alternate streams
LongDesc=The NTFS file system provides applications the ability to create alternate data streams of information. Streams will examine the files and directories (note that directories can also have alternate data streams) you specify and inform you of the name and sizes of any named streams it encounters within those files.

[Software60]
exe=strings.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897439.aspx
group=5
Name=Strings
AppName=Strings
ShortDesc=Searches for ANSI and UNICODE strings in binary images
LongDesc=Working on NT and Win2K means that executables and object files will many times have embedded UNICODE strings that you cannot easily see with a standard ASCII strings or grep programs. Strings just scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters.

[Software61]
exe=sync.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897438.aspx
group=0
Name=Sync
AppName=Sync
ShortDesc=Flushes cached data to disk
LongDesc=Sync directs the operating system to flush all file system data to disk in order to insure that it is stable and won't be lost in case of a system failure. Otherwise, any modified data present in the cache would be lost.

[Software62]
exe=tcpvcon.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
group=1
Name=TCPView Command-line
AppName=TCPView Command-line
ShortDesc=Active sockets command-line viewer
LongDesc=TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.

[Software63]
exe=Tcpview.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
group=1
Name=TCPView
AppName=TCPView
ShortDesc=Active sockets viewer
LongDesc=TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.

[Software64]
exe=vmmap.exe
url=http://technet.microsoft.com/en-us/sysinternals/dd535533.aspx
group=4
Name=VMMap
AppName=VMMap
ShortDesc=Process virtual and physical memory analysis utility
LongDesc=VMMap is a process virtual and physical memory analysis utility. It shows a breakdown of a process's committed virtual memory types as well as the amount of physical memory (working set) assigned by the operating system to those types. Besides graphical representations of memory usage, VMMap also shows summary information and a detailed process memory map. Powerful filtering and refresh capabilities allow you to identify the sources of process memory usage and the memory cost of application features.

[Software65]
exe=Volumeid.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897436.aspx
group=0
Name=VolumeID
AppName=VolumeID
ShortDesc=Sets Volume ID of FAT or NTFS drives
LongDesc=While WinNT/2K and Windows 9x's built-in Label utility lets you change the labels of disk volumes, it does not provide any means for changing volume ids. This utiltity, VolumeID, allows you to change the ids of FAT and NTFS disks (floppies or hard drives).

[Software66]
exe=whois.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897435.aspx
group=1
Name=Whois
AppName=Whois
ShortDesc=Shows who owns an Internet address
LongDesc=Whois performs the registration record for the domain name or IP address that you specify.

[Software67]
exe=Winobj.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb896657.aspx
group=4
Name=WinObj
AppName=WinObj
ShortDesc=Object Manager namespace viewer
LongDesc=WinObj is a 32-bit Windows NT program that uses the native Windows NT API (provided by NTDLL.DLL) to access and display information on the NT Object Manager's namespace. Winobj may seem similar to the Microsoft SDK's program of the same name, but the SDK version suffers from numerous significant bugs that prevent it from displaying accurate information (e.g. its handle and reference counting information are totally broken). In addition, our WinObj understands many more object types. Finally, Version 2.0 of our WinObj has user-interface enhancements, knows how to open device objects, and will let you view and change object security information using native NT security editors.

[Software68]
exe=ZoomIt.exe
url=http://technet.microsoft.com/en-us/sysinternals/bb897434.aspx
group=5
Name=ZoomIt
AppName=ZoomIt
ShortDesc=Presentation utility for zooming and drawing on the screen
LongDesc=ZoomIt is screen zoom and annotation tool for technical presentations that include application demonstrations. ZoomIt runs unobtrusively in the tray and activates with customizable hotkeys to zoom in on an area of the screen, move around while zoomed, and draw on the zoomed image.

[Software69]
exe=disk2vhd.exe
url=http://technet.microsoft.com/en-us/sysinternals/ee656415
group=0
Name=Disk2vhd
AppName=Disk2vhd
ShortDesc=Simplifies migration of physical systems into virtual machines (p2v)
LongDesc=Disk2vhd is a utility that creates VHD (Virtual Hard Disk - Microsoft's Virtual Machine disk format) versions of physical disks for use in Microsoft Virtual PC or Microsoft Hyper-V virtual machines (VMs).

[Software70]
exe=RamMap.exe
url=http://technet.microsoft.com/en-us/sysinternals/ff700229
group=4
Name=RAMMap
AppName=RAMMap
ShortDesc=Advanced physical memory usage analysis utility
LongDesc=RAMMap is an advanced physical memory usage analysis utility for Windows Vista and higher. Use RAMMap to gain understanding of the way Windows manages memory, to analyze application memory usage, or to answer specific questions about how RAM is being allocated. RAMMap’s refresh feature enables you to update the display and it includes support for saving and loading memory snapshots.

[Software71]
exe=FindLinks.exe
url=http://technet.microsoft.com/en-us/sysinternals/ff700229
group=0
Name=FindLinks
AppName=FindLinks
ShortDesc=File index and any hard links reporter
LongDesc=FindLinks reports the file index and any hard links (alternate file paths on the same volume) that exist for the specified file. A file's data remains allocated so long as at it has at least one file name referencing it.

[Software72]
exe=psping.exe
url=http://technet.microsoft.com/en-us/sysinternals/jj729731
group=1
Name=PsPing
AppName=PsPing
ShortDesc=PsPing is a command-line utility for measuring network performance
LongDesc=PsPing is a command-line utility for measuring network performance. In addition to standard ICMP ping functionality, it can report the latency of connecting to TCP ports, the latency of TCP round-trip communication between systems, and the TCP bandwidth available to a connection between systems. Besides obtaining min, max, and average values in 0.01ms resolution, you can also use PsPing to generate histograms of the results that are easy to import into spreadsheets.

[Software73]
exe=ru.exe
url=http://technet.microsoft.com/en-us/sysinternals/dn194428
group=5
Name=RegistryUsage
AppName=RegistryUsage
ShortDesc=Registry usage reports the registry space usage for the registry key you specify
LongDesc=Ru (registry usage) reports the registry space usage for the registry key you specify. By default it recurses subkeys to show the total size of a key and its subkeys.