"The path of the elite windoze xp warrior" (*)

windoze warrior image, real dimensions: 628 * 728, use opera and learn how to turn images off on the fly
Back to Intro    Back to the Classrooms
    
The path of the elite windoze xp warrior
(and the unconventional use of some simple tools)

by Various Authors, collated by fravia+
Updated in June 2006, version .05
Woah, bet you did not know you had already on your own harddisk -or could quickly have- all this stuff at your command & disposal. Useful for wardriving, anonymity purposes, or simply to have a fast running box despite the ballast of the overbloated and bigbrotherish windoze operating system.
Yessir! And the funny thing is that plenty of the following commands and tricks will be available on any box you'll happen to put your hands on, from Trivandrum to Lissabon, and in any "shoddy" webcafé :-)

Ok, let's be serious now: you should use GNU/Linux, by all means. A debian Ubuntu distribution will be the easiest step for people switching from windoze. And yet we will see here how even a windoze box -if you are compelled to use it- can "deliver" :-)
For instance, after having installed windoze's "support tools", open a dosbox and try e.g.: "filever /SE c:\"... See what I mean?
And if you don't have the "support tools" yet, just try e.g. the arp -a arp -s sequence described below.

And now read what follows and try out all the various commands now and again, later, once every five-six months or so, "lest you forget the things which your eyes have seen" ... "and teach them to your children and to your children's children." (Deuteronomy 4:9)
[A few definitions you must know]
[Programs you already have on your box anyhow]
[Programs you may install using windoze "support tools" (on the cd)]
[Programs you may find on the web]



How to install windoze's support tools

The problem with most of these tools is that they are not installed by default in windows xp.
Simply put your windows xp installation disk in your dvd/cd drive (should you have lost your legit copy and if your local laws and costumes allow it, you may easily find a copy of windoze on the web), browse to support/tools and double click setup.
As ususal with this bigbrotherish operating system, "Microsoft Help Center Service" will immediately try to connect to crl.microsoft.com (131.107.115.28) to report anyone installing the advanced tools, so block this sniffing attempt with your firewall and/or with proxomitron.


A few definitions you must know
(skip if you really think you know)



IP: "Internet Protocol"

IP is the most popular network protocol in the world.
Data travels over an IP-based network in the form of packets; each IP packet includes both a header (that specifies source, destination, and other information about the data) and the message data itself. IP supports the notion of unique addressing for computers on a network. Current IP (IPv4) addresses contain four bytes (32 bits), sufficient to address most computers on the Internet. My INTERNAL IP at the moment is 192.168.0.2 (coz my router is 192.168.0.1 :-) but when visiting the internet, of course I will have what my provider will give me (check yours here)
IP supports protocol layering (OSI model, IP is layer three: network). Popular higher-level protocols like HTTP (HyperTtext Transfer Protocol), TCP (Transmission Control Protocol, OSI layer four, transport: is responsible for ensuring that a message is divided into the packets and for reassembling the packets back into the complete message at the other end. In fact IP, alone, can only deliver individual packets), and UDP (User Datagram Protocol, OSI layer four, transport: its packets may be dropped with no retries, it is used for games and videoconferences) are built directly on top of IP. Likewise, IP can travel over several different lower-level data link interfaces like Ethernet and ATM.

IP is a best-effort packet delivery system. This means that (a) it delivers each packet individually and independently, (b) it offers no guarantee that a packet will be delivered and (c) it offers no mechanism for monitoring the success or failure of a packet delivery.

DHCP: "Dynamic Host Configuration Protocol"

DHCP allows a computer to join an IP-based network without having a pre-configured IP address. DHCP is a protocol that assigns unique IP addresses to devices, then releases and renews these addresses as devices leave and re-join the network. ISPs (providers) and wireless home-routers often use DHCP.


MAC Address ("Media Access Control address")


The MAC address is a 12-digit, hexadecimal number which is burned into all network interface cards (NICs). This address uniquely identifies a specific card and it is ultimately used for all communications to and from the device. Although other people and even computer communication protocols will refer to a computer by different names or techniques, ultimately these other means are always reduced to the MAC address. The MAC address can be thought of as analogous to the standard postal address of a home or business: without a correct address, no mail can be delivered to the location.
The first three octets (in transmission order) identify the organization which issued the identifier (see well-known MAC address list: http://www.ethereal.com/distribution/manuf.txt), and are known as the Organisational Unique Identifier (OUI). The following three octets are assigned by that organization in nearly any manner they please, subject to the constraint of uniqueness.

The format of a MAC address is not important and may differ depending where you see it.
The important information in the MAC address is just the 12 hexadecimal digits.
The punctuation is just there to make it more readable; it does not have any bearing on the MAC address itself
Possible, valid, MAC Addresses
00904b32228e
00:06:28:2d:0e:1b
00-07-4e-b4-51-e5
0002.8a7a.f259
You can change it if needs be: although physical MAC addresses are permanent by design, several mechanisms allow modification, or "spoofing", of the MAC address that is reported by the operating system. This can be useful for privacy reasons, for instance when connecting to a Wi-Fi hotspot that has installed some nasty MAC address filters.
See mac_spoofing_per_hand.htm
Also try the command getmac.



PORTS & SOCKETS & SERVICES (TCP & UDP)


Ports are identified with a number between 0 and 65536. Each sockets based application identifies itself with a unique protocol port number.

Port numbers at the client side are dynamically assigned by the operating system when a service is requested. However, port numbers for well known server side applications are pre-assigned by IANA and don't usually change.

A socket is the endpoint for a network communication. By designating the IP address of a destination host, the type of service (TCP or UDP) and the port to be used, we create a socket.

TCP services
(TCP guarantees delivery, whereas UDP does not)
TCP PORT
EXPLANATION
21 FTP (File Transfer Protocol) control
25 SMTP (Simple Mail Transfer Protocol)
53 DNS (Domain Name System (or Service or Server))
389 LDAP (Lightweight Directory Access Protocol)


UDP services
UDP PORT
EXPLANATION
15 NETSTAT: What the current network status is
53 DOMAIN (Domain Name server)
69 TFTP (Trivial File Transfer Protocol)
137 NETBIOS-NS (NBNS) (NETBIOS name service)
also known as Windows Internet Name Service (WINS)
(ancient protocol, inferior in almost every aspect to the IP protocol)
138 NETBIOS-DGM (DATAGRAM)
The Datagram service is used receive broadcasts of SMB packets via UDP. This service receives a lot of legitimate traffic from other Windows machines on the LAN as they broadcast their names and services.
Attackers use seldom this service, and only when they are trying to add their machine to the windows network.
138 SNMP (Simple Network Management Protocol)


Why do both TCP and UDP exist, instead of just one or the other?
They supply different services. Most applications are implemented to use only one or the other. The programmer chooses the protocol that best meets his needs. If you need a reliable stream delivery service, TCP might be best. If you need a datagram service, UDP might be best. If you need efficiency over long-haul circuits, TCP might be best. If you need efficiency over fast networks with short latency, UDP might be best.

Programs you already have on your box anyhow

Searchers, seekers, wanderers... wizards and lamers alike... all travellers, when navigating the deep deep web, possess the following programs. They will always be on the box you are using, even in a webcafé. Do you really know how to use them? :-)
I have selected only those commands that seem to me to have some real use. If you want a complete explanation of ALL windows commands, just use a webbit like this or this one...

Diagnostic commands: arp, hostname, Ipconfig , lpq, nbtstat, netstat , pathping, ping, route, tracert
Connectivity commands: finger, ftp, lpr, rcp, rexec, rsh, telnet, and tftp
Other useful commands: cipher, cmd, color F1, comp, driverquery, fc, findstr, fsutil, getmac, mmc, mountvol, net (net start, net stop...), netsh, netsh diag, nslookup, ntsd, systeminfo, taskkill & tasklist, tree,


net config rdr ?



Please note that all passwords used by Windows networking services are usually encrypted. However, the ftp, ftpsvc, rexec, and telnet commands rely on clear-text password authentication by the remote computer. hence clear-text passwords are not encrypted before being sent over the network evey time you (or somebody else :-) use such commands.



ipconfig
"Displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings. Used without parameters, ipconfig displays the IP address, subnet mask, and default gateway for all adapters"

Syntax

ipconfig [/all] [/renew [Adapter]] [/release [Adapter]] [/flushdns] [/displaydns] [/registerdns] [/showclassid Adapter] [/setclassid  Adapter [ClassID]]

Most useful in order to find out your ow MAC addresses: fire a windows dos box (run --> cmd) and just enter ipconfig /all, also useful to check that your ISP hasen't moved the DNS servers again.

It is the command-line equivalent to the winipcfg command, There's no more a graphic winipcfg command in windoze xp, but there's an equivalent: use Network Connections to view and renew an IP address. To do this, open Network Connections, right-click a network connection, click Status, and then click the Support tab.

Note that Physical address == Adapter Address == the Media Access Control (MAC) address of that network card.





hostname
Find out who you are. nomen est omen. No syntax.





pathping
The PathPing tool detects packet loss over multiple-hop paths.
Run a PathPing analysis to a remote host to verify that the routers on the way to the destination are operating correctly. To do this, type the following command:
pathping [IP address of remote host]

Syntax

pathping [-n] [-h MaximumHops] [-g HostList] [-p Period] [-q NumQueries [-w Timeout] [-T] [-R] [TargetName]





ping
Testing connections
The ping command helps to verify IP-level connectivity. When troubleshooting, you can use ping to send an ICMP ( Internet Control Message Protocol) echo request to a target host name or IP address. Use ping whenever you need to verify that a host computer can connect to the TCP/IP network and network resources. You can also use ping to isolate network hardware problems and incompatible configurations.

It is usually best to verify that a route exists between the local computer and a network host by first using the ping command and the IP address of the network host to which you want to connect. Try pinging the IP address of the target host to see if it responds, as follows:
ping IP_address

Syntax

ping [-t] [-a] [-n Count] [-l Size] [-f] [-i TTL] [-v TOS] [-r Count] [-s Count] [{-j HostList | -k HostList}] [-w Timeout] [TargetName]

You should perform the following steps when using ping:
Ping the loopback address to verify that TCP/IP is installed and configured correctly on the local computer.

ping 127.0.0.1
Ping the IP address of the local computer to verify that it was added to the network correctly.

ping IP_address_of_local_host
Ping the IP address of the default gateway to verify that the default gateway is functioning and that you can communicate with a local host on the local network.

ping IP_address_of_default_gateway
Ping the IP address of a remote host to verify that you can communicate through a router.

ping IP_address_of_remote_host


The ping command uses Windows Sockets-style name resolution to resolve a computer name to an IP address, so if pinging by address succeeds, but pinging by name fails, then the problem lies in address or name resolution, not network connectivity.

Here an example, pinging searchlores:
ping -n 2 -l 1450 66.228.199.2 
Pinging 66.228.199.2 with 1450 bytes of data:

Reply from 66.228.199.2: bytes=1450 time=226ms TTL=234
Reply from 66.228.199.2: bytes=1450 time=218ms TTL=234

Ping statistics for 66.228.199.2:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 218ms, Maximum = 226ms, Average = 222ms




netstat
"Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, netstat displays active TCP connections."

Syntax

netstat [-a] [-e] [-n] [-o] [-p Protocol] [-r] [-s] [Interval]

Most useful command is netstat -an. Use it to see what sockets are defined on a host. A socket can either be LISTENING or ESTABLISHED. Note that if the port is not listening and not yet established, the port number is shown as an asterisk (*).





arp (Address Resolution Protocol)
The question is: "When sending out an IP packet, how is the destination address determined?"
ARP (Address Resolution Protocol) is used to translate IP addresses to destination (Ethernet) addresses.
If the payload of a frame or packet contains IP data, then the MAC address is mapped to the IP address using the Address Resolution Protocol (ARP).
"This diagnostic command displays and modifies the IP-to-Ethernet or Token Ring physical address translation tables used by the Address Resolution Protocol (ARP)."
In other words: IT ALLOWS YOU TO CHANGE (SPOOF) YOUR IP ON A NETWORK (wireless or not)

Syntax

arp [-a [InetAddr] [-N IfaceAddr]] [-g [InetAddr] [-N IfaceAddr]] [-d InetAddr [IfaceAddr]] [-s InetAddr EtherAddr [IfaceAddr]]

arp -s: Adds an entry in the ARP cache to associate the IP address inet_addr with the physical address ether_addr. The physical address is given as 6 hexadecimal bytes separated by hyphens. The IP address is specified using dotted decimal notation. The entry is static. It will not be automatically removed from the cache after the timeout expires and will not exist after a reboot of your computer.

Example: arp -a
Interface: 192.168.0.2 --- 0x20003
  Internet Address      Physical Address      Type
  192.168.0.1           00-c0-02-b6-d4-b2     dynamic
And now you could, for instance, change the above IP address 192.168.0.1 to 192.168.0.8:
arp -s 192.168.0.8 00-c0-02-b6-d4-b2
Now reissue the arp -a command and check that you have done it :-)

The ARP table is necessary because the IP address and Ethernet address are selected independently; you can not use an algorithm to translate an IP address to its destination hardware (ethernet) address.





tftp Trivial File Transfer Protocol
Transfers files to and from a remote computer.

Syntax

tftp [-i] [Host] [{get | put}] [Source] [Destination]


Useful to get config files, connecting to your ISP's TFTP server...
Go to control panel, & right click Network Connections,then click Explore, or Properties, right click the network card that is connected to your modem, & Select properties. Now select/highlight "Internet Protocol (TCP/IP)", & click properties. Set the "IP address" to "config file server's Address", the "sub net mask" to Server's Sub net, "Default Gateway" to the Modem's "LAN" side IP Address "192.168.100.1", & leave the "DNS" section enpty.
Click START > Run, & type: cmd. At DOS promt, type: cd c:\ Hit Enter.
Type: tftp -i (ISP's Config File Server's IP Address) GET (Config File Name) (C:\Config File Name)
eg:
tftp -i 91.241.194.129 GET vmic3.cfg C:\vmic3.cfg
or
tftp -i 91.241.194.129 GET isjr9aw.bin C:\isjr9aw.bin






ipxroute Displays and modifies information about the routing tables used by the IPX protocol (IPX is a datagram (connectionless) service protocol, the network protocol used by the few remaining NetWare computers -netware is Novell's alternative to Micropoft NT- that allows individual packets to be sent to and received from user processes. It does not support the concept of a connection or reliable delivery. However, guaranteed services (like SPX: Sequence Packet Exchange) can be built on top of IPX. IPX is used in situations where a guaranteed service is not required or where an occasional lost packet is not critical). Used without parameters, ipxroute displays the default settings for packets that are sent to unknown, broadcast, and multicast addresses.



Programs you may install using windoze "support tools" (on the cd)


I am assuming here that you are using windows XP. I am not saying that you should use windows xp, in fact you should use gnu/linux, I am just assuming that you are using windows xp.
If you want to work seriously with it you'll need windows xp-pro sp2 (easy to find on the web if you don't feel like throwing even more money out of the gates). And -once you have it- you should by all means install the complete set of support tools. Some hidden gems among these HUNDRED small programs that have been first published with the old "Microsoft Windows 2000 Resource Kit".
Here is how you install them: 
To install Windows Support Tools: 
1.	Insert the Windows XP CD-ROM in the drive.	
2.	Double-click My Computer, right-click the CD-ROM drive, and then click Explore.	
3.	Go to Support\Tools, and then double-click Setup.exe. 	
4.	When the Windows Support Wizard starts, click Next. 	
5.	Click I agree on the End User License Agreement.	
6.	Type your name and organization and click Next.	
7.	Click either the Typical or Complete installation type, and then click Next.	
8.	Verify the installation location, and then click Install.	
The Windows Support Tools are installed to the folder specified in step eight and a Windows Support 
Tools folder is added to the Program Files folder on the Start menu.


What you also should do:
1. Click Start, and then click Help and Support
2. Click the link to "Use Tools" to view your computer information and diagnose problems
click on windows support tools
click on windows xp support tools
click on alphabetical list of tools.

The following is a list of all Support Tools in Service Pack 2 (definitions and useful usage examples will follow, anyway some documentation can be found in doc format in the C:\Program Files\Support Tools subdir. For most command-line tools, you may type /? (for example, apmstat /?) at the command prompt for syntax help):

acldiag.exe
ACL Diagnostics: Detects and displays the permission problems found in the Access Control Lists of objects in Active Directory

activate.exe
This tool is developed to automatically activate Windows XP Professional. The auto_product_activate.exe is supposed to run after the operating system installation is complete and activate it silently for the user.

addiag.exe
Command-line tool that helps evaluate the current status of locally installed software, as well as programs available via Intellimirror.

adprop.dll
Windows Active Directory Admin Property Pages

adsiedit.msc
Active Directory Service Interfaces (ADSI) editor, GUI tool: a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. Network administrators can use ADSI for common administrative tasks such as adding, deleting, and moving objects with a directory service. Attributes for each object viewed can be changed or deleted.
Allows you to see the DisplaySpecifiers for the various classes.

apimon.exe

apmstat.exe
Only for ACPI boxes, advanced Power Management Status: Gives information about advanced power management features in older notebook computers

bindiff.exe
Binary File Difference Finder: Allows you to compare two binary files and view their differences

bitsadmin.exe
BITS Administration Utility: Adminsters the Background Intelligent Transfer Service which controls background file transfers for Internet Information Services
Allows administrators to manage the Background Intelligent Transfer Service (BITS), a background file transfer service and queue manager in Windows XP. Requests to BITS are submitted by an application and the files can be transferred in a throttled manner such that the interactive user is not affected by the bandwidth consumed. Requests are placed in a queue until the files are transferred, at which time the requesting application is invoked and notified of the completion.

browstat.exe
Browser Status: Displays network browser status, quite powerful tool :-)

cabarc.exe
Cabinet Tool: Creates, views and extracts compressed .CAB files

clonepr.dll
Clone Principal: Dynamic link library, clones windows NT 4.0 users and groups to allow migration to a Windows Server 2003 forest

depends.exe
Dependancy Walker: Allows you to view all the dependencies of a file. You are able to check which DLLs are dependant on others. This can be very useful when investigating a problem related to a missing file. When you want to troubleshoot those mysterious "Entry point not found" error messages, this tool is essential. Try it out by yourself as soon as you read this :-)

dfsutil.exe
Distributed File System (DFS) Utility: Manages DFS, limits clients to targets within the same site and enables windows server 2003 based DFS servers to select remote targets

dhcploc.exe
Dhcploc.exe displays the names of all DHCP servers that are active on a given subnet. This tool can also detect unauthorized DHCP servers and, if it finds one, either beep or send an alert.

diruse.exe
The Directory Disk Usage utility is a command-line tool that displays directory size information. Diruse.exe lets you determine the amount of disk space that directories and subdirectories use and can quickly give you an idea of what happened to all that storage space you used to have. The diruse.exe tool also displays compression information for compressed NTFS directories.

dmdiag.exe
Disk Manager Diagnostics: Provides detailed diagnostic information about hard disk drives

dnscmd.exe
The DNS Server Troubleshooting Tool lets you perform all your important DNS management tasks from a command-shell script. You can use dnscmd.exe to create and change zones and resource records and to force replication between the DNS server and its cache or the physical DNS data files.

dsacls.exe

dsastat.exe
Directory Services Utility: Compare and contrast two directory trees in the same domain or across different domains

dskprobe.exe
Diskprobe: Allows you to edit the disk sector information directly. This powerful file-system editor can read and write information to the Windows file system in sector mode. You can use Disk Probe for a variety of tasks, including saving and restoring the Master Boot Record (MBR) and recovering information from deleted files. Disk Probe is a REAL low-level tool, so you need to exercise care when playing with it in a webcafe :-)

dumpchk.exe
Enables administrators to verify that a crash dump (user mode:user.dmp or kernel mode:memory.dmp) has been created correctly. It also provides options for performing some dump file analysis without using a debugger.

dupfinder.exe
duplicate file finder. GUI. This is one of the most useful utilities within the Support Tools pack... I bet you didn't know you already had it inside your windoze xp :-)
Rename files first to something like ".dup" (do not delete them until you'r sure)

efsinfo.exe
Encrypting File System Information: Provides information about files that have been encrypted using Go to the C: drive in the command prompt and type "efsinfo", a list of all the files and their encryption related information will be displayed.

exctrlst.exe
Extensible Performance Counter List: Displays information about the programs that use the regsitry to provide performance counters

extract.exe

filever.exe
File Version: States version information of a file or folder
Anyone working in Recovery Console mode who can't boot into Windows XP will find this tool useful. It will enable you to view file details normally only visible while Windows is running. For example, running the tool on an application's main executable file will give you details of that program's exact version number.

The syntax and parameters you'll need for File Version are as follows

Syntax
filever [/s] [/v] [/e] [/x] [/b] [/a] [/d] [[drive:][path][filename]]

Parameters
/s Displays the files in a specified folder and all sub folders
/v Details of file version info
/e Display on .exe files
/x Displays the short file name for files longer than 8 characters
/b Uses bare format (no dir listing)
/a Do not display file attributes
/d Do not display file date and time
/a Do not display file attributes



ftonline.exe
Fault Tolerance Disk Mounter: Mounts Windows NT 4.0 fault tolerance disk sets

getsid.exe
Get Security ID: Checks if a user account database is corrupt by comparing the SIDs of the account on two domain controllers

gflags.exe
Global Flags Editor: Allows you to edit global registry settings or flags that are in use by the kernel

httpcfg.exe
HTTP Configuration Utility: Manages the HTTP Application Programming Interface

iadstools.dll

ipseccmd.exe

ksetup.exe
Kerberos Setup: Configures Windows Server 2003 clients to use an MIT Kerberos Server

ktpass.exe
Kerberos Keytab Setup: Configures a non-windows 2003 kerberos service to be a security principle in Windows Server 2003

ldp.exe
LDP Tool, GUI, Performs Lightweight Directory Access Protocol operations. Quite a complex syntax, though.

memsnap.exe
Memory Profiling Tool: Allows you to save a list of the memory resources being used by all processes. (Use ultraedit to open the automatically created file memsnap.log)

movetree.exe
The Movetree program is a command-line program you can use to move AD objects, such as organizational units (OUs) and users, between domains in an AD forest. When you use Movetree with AD users, the tool moves only the AD objects—Movetree doesn't move associated profiles and logon scripts. This capability can be useful for consolidating domains or correcting mistakes that you might have made when you built your AD structure.

msicuu.exe
Windows Installer Cleanup Utility: Removes excess registry entries from a faulty installation. Msicuu.exe displays a dialog box that lets you select available Windows Installer (.msi) files to clean up. This utility helps you fix problems if the Windows Installer installation, rollback, or uninstallation process fails. Unfortunately, this tool works only with Windows Installer files, not with all setup files.

msizap.exe
A command-line tool similar to msicuu.exe. Unfortunately, this tool works only with Windows Installer files, not with all setup files.

netcap.exe
Network Monitor Capture Utility: Acts as a packet sniffer by using Network Monitor to capture packets and log them to a file :-)

netdiag.exe
The Network Connectivity Tester is a command-line program that can help you determine the cause of various network problems. Netdiag.exe can display information about your system's TCP/IP configuration, the network adapter, the network protocol bindings, your network's DNS server, and even hotfixes that are installed on your system. Troubleshoots network connectivity by running various tests on your configuration and displaying the results. This tool does not require any extra parameters, which allows the administrator to instruct a user to run this command, pass on the results and allow them to be analyzed.

netdom.exe
The netdom.exe Windows Support Tool lets you work with Windows domains and trusts. You can use netdom.exe to add and remove computer accounts from a domain, reset computer account passwords, move servers among domains, and establish one- and two-way trusts between Windows domains. Because netdom.exe is a command-line tool, it can add powerful capabilities to your administrative scripts. Netdom is a useful addition to any seeker's scripting library.

netset.exe

nltest.exe
Nltest.exe is the Swiss Army knife of the Windows Support Tools. You can use nltest.exe to list your domain controllers (DCs) and sites, test the status of a trust relationship between Windows domains, display user account information, force user account synchronization, and shut down a system, to mention just some of the tool's capabilities.

ntdetect.chk

ntfrsapi.dll

ntfrsutl.exe
File Replication Utility: Displays the status of the NT file replication service onto the screen of dumps it in a file

pfmon.exe

pmon.exe

poolmon.exe
Poolmon: Helps to detect memory leaks by displaying detailed information about the allocation of memory. As soon as you type "poolmon" from the command prompt, various kind of data will be shown. This includes the total amount of memory in the system and the memory available, amongst others. You have to enable tagging through gflags first.

pptpclnt.exe
PPTP Ping (pptpsrv.exe and pptpclnt.exe). This client/server tool lets you verify a PPTP connection. First, you must run the pptpsrv.exe component on the server. Then, you run the pptpclnt.exe component on the client. By using TCP port 1723 (PPTP) and the Generic Routing Encapsulation (GRE) protocol to bounce a data packet between the PPTP server and the client, PPTP Ping verifies that a PPTP connection is possible.

pptpsrv.exe
PPTP Ping (pptpsrv.exe and pptpclnt.exe). This client/server tool lets you verify a PPTP connection. First, you must run the pptpsrv.exe component on the server. Then, you run the pptpclnt.exe component on the client. By using TCP port 1723 (PPTP) and the Generic Routing Encapsulation (GRE) protocol to bounce a data packet between the PPTP server and the client, PPTP Ping verifies that a PPTP connection is possible.

pstat.exe

pviewer.exe
Process Viewer: Allows you to change a process priority or kill a process. This can be described as more advanced version of the "process viewer" available in the task manager. With this tool you are able to set the priority of the thread and process or kill a process altogether. Pressing on the memory detail button will bring up a window displaying in-depth information as to where the memory of the process is going.

rasdiag.exe
(RAS Diagnostics Tool) Collects diagnostic information about remote services and places that information in a file. Administrators can use this tool to work with Product Support Services to troubleshoot remote connection issues by taking a snapshot of the configuration data and capturing an attempted remote connection.

remote.exe
Remote Command Line: Runs command line programs on remote computers using only named pipes. Remote has both a client and a server component. To use Remote, first start the server component by running remote /s, then connect to the server by running remote /c from the client.

replmon.exe
Active Directory Replication Monitor, GUI, Allows the control of Active Directory replication information

rsdiag.exe
Remote Storage Diagnostics Utility: Queries and reports on remote storage databases

rsdir.exe
Remote Storage File Analysis Utility: Displays information form files in remote storage

sdcheck.exe
Security Descriptor Check Utility: Displays access controls on an object

search.vbs
Active Directory Search Tool: A script used to search an LDAP (Lightweight Directory Access Protocol) directory

setspn.exe

setx.exe

showaccs.exe

showperf.exe

sidhist.vbs

sidwalk.exe

sidwalk.msc

snmputilg.exe

spcheck.exe
Service Pack Check: Creates a file containing a list of the service pack versions of important system files. This tool requires you to have the spcheck.ini file in the directory in which you are going to execute the command. If you do not have this file available, then you may download it from the Microsoft website. Type "spcheck" and a report will be created and dumped into the current directory. You will then have to go to the file and open it with ultraedit. The report contains a list of important system files and which service pack they have installed, or list those missing.

timezone.exe

tracefmt.exe

tracelog.exe

tracepdb.exe

vfi.exe
Thsi is a sort of windoze 'touch'
You can launch this program by typing vfi at the command prompt. It's ideal for finding specific file information. Choose the file you want to know more about by clicking on File > Add a file. Browse to the location, select and click on Open. Each important item has its own column heading making it easy to compare sets of files in one go. You'll be able to see file size, creation date, modification date and version numbers. It's also possible to use the program to display the contents of a particular folder, or change the creation date of a file. Click the Touch button on the toolbar and select a new date and time

whoami.exe
Evident.

windiff.exe
File and Directory Comparison: Compares ASCII text files or folders

wsremote.exe

xcacls.exe
Sets and displays files ACLs



Programs you may find on the web



Changing volume serial number
There are 2 Serial numbers on a hard drive:
1 A Volume Serial number that can be changed,using for instance volumeid.exe or WinHex and checking out sector 0
2 A Hard drive serial number stored on the EEPROM (that cannot be easily changed per software)

A most useful tool for checking the enormous amount of data every box is leaking is Belarc advisor. Use it, by all means, and get -rightly- scared.



All this is terribly in fieri. Your suggestions, addenda, corrections and critics would be appreciated.
Petit image

(c) 1952-2032: [fravia+], all rights reserved

Ok, "The path of the elite windoze xp warrior" sounds rather ridicolous, and yet, and yet there are some surprises deep into the guts of windows. And the fact that this operating system is used all over the world -as crappy and overbloated as it is- will open, for those that take the time to learn and acquire knowledge, quite some possibilities to "surprise" those that do not, or maybe their own system administrators... hehe.