Argobox Digital Garden

SysInternals Suite

4 min read

Here are the top 20 most important and commonly used Sysinternals tools:

  1. Process Explorer - Advanced task manager and process monitoring tool.
  2. Process Monitor - Real-time file, registry, process and network monitoring.
  3. Autoruns - View and manage auto-starting programs.
  4. Handle - View and close open handles to troubleshoot locked files.
  5. PsExec - Remotely execute processes on other systems.
  6. PsKill - Terminate processes remotely based on criteria.
  7. PsList - Get detailed information on processes.
  8. TcpView - See detailed information on current TCP/IP connections.
  9. AccessChk - View file/folder access permissions and ACLs.
  10. Sysmon - Advanced system activity monitoring and logging.
  11. ProcDump - Dump process memory for analysis.
  12. VMMap - Analyze virtual memory usage and leaks.
  13. RAMMap - Analyze system memory usage and problems.
  14. LiveKd - Use kernel debugger on live system.
  15. PsService - View and control Windows services.
  16. Sigcheck - Scan for verified digital signatures of files.
  17. Streams - Reveal NTFS alternate data streams.
  18. PsTools - Collection of command line utilities.
  19. Autologon - Bypass Windows login screen.
  20. SDelete - Securely delete files and wipe free space.

This covers the most essential troubleshooting, monitoring, administrative and security tools that Sysinternals offers. These utilities are extremely valuable for power users, IT professionals and administrators.

Process Management (18 tools):

  • Process Explorer - Advanced task manager and process monitoring tool
  • Process Monitor - Real-time file system, registry and network monitoring
  • Autoruns - Shows auto-start programs and services
  • PsList - Lists detailed information about processes
  • PsKill - Remotely kill processes by name or other criteria
  • PsService - Views and controls services
  • PsSuspend - Suspends and resumes processes
  • PsShutdown - Shuts down or reboots computer
  • PsExec - Executes processes on remote systems
  • PsLogList - Dump event log records
  • PsInfo - Lists information about a system
  • PsTools - Collection of command-line admin tools
  • PsPasswd - Changes account passwords
  • PsLoadedModules - See modules loaded for a process
  • Ntfsdump - Dump file record segments
  • PsGetSid - Displays the SID of a process
  • PsPing - Measures network latency and loss
  • LogonSessions - List details on interactive logon sessions

Networking (5 tools):

  • TcpView - Detailed TCP/UDP connection listing
  • PsPing - Network connectivity and latency testing
  • AD Explorer - Active Directory browser and editor
  • WhoIs - See who owns an IP address or domain
  • ShareEnum - Scan file shares on network

Security (8 tools):

  • Sigcheck - File version and signature verification
  • AccessChk - View file/folder permissions
  • RegJump - Registry navigation and bookmarks
  • RootkitRevealer - Detect and analyze rootkits
  • SDelete - Secure file deletion
  • Handle - View and close open handles
  • ListDLLs - List DLLs loaded in processes
  • EULAview - View and accept/decline EULAs

System Information (15 tools):

  • LiveKd - Use live kernel debugger on live system
  • Sysmon - Advanced system activity monitoring
  • Autologon - Bypass login screen during boot
  • PendMoves - Shows file rename operations
  • VMMap - Details on virtual memory usage
  • RAMMap - Analyze system memory usage
  • Coreinfo - CPU info and configuration
  • CacheSet - Control cache parameters
  • ClockRes - View and set clock resolution
  • Ctrl2Cap - Redirect ctrl+printscreen to capture screen
  • Desktops - Create up to 4 virtual desktops
  • Hex2dec - Convert hex to decimal
  • PsTools - Collection of command-line admin tools
  • PsInfo - Lists information about a system
  • ZoomIt - Full screen zoom and draw

File System (15 tools):

  • Junction - Create NTFS junctions
  • Handle - View open handles and close them
  • PsFile - Shows detailed file information
  • Streams - Reveal NTFS alternate streams
  • MoveFile - Move/unlock locked files
  • PageDefrag - Defragment memory mapped files
  • NTFSInfo - Show NTFS volume info and files
  • DiskView - Graphical disk sector utility
  • Contig - Defragment files and directories
  • Strings - Search for ANSI and UNICODE strings
  • Sync - Flush cached data to disk
  • DiskMon - Monitor disk activity
  • Du - Calculate disk usage
  • Junction - Create junction points
  • VolumeID - Set volume ID/serial #

Disk Management (11 tools):

  • Disk2vhd - Virtualize disks by converting to VHDs
  • DiskExt - Extend Volume, Partition, Disk
  • DiskMon - Monitor disk activity
  • Junction - Create NTFS junctions
  • SDelete - Secure file deletion
  • RAMMap - Analyze system memory usage
  • VMMap - Details on virtual memory usage
  • DiskView - Graphical disk sector utility
  • Contig - Defragment files and directories
  • PageDefrag - Defrag memory mapped files
  • VolumeID - Set volume ID/serial #

Graph View