[NT Utils Logo] [Menu] Last Updated September 1, 1997 Monitoring Tools List all the DLLs that are currently loaded, [Image]ListDLLs including where they are loaded and their version numbers. Version 2.0 prints the full path names of loaded modules. [Image]NTHandle This handy utility will show you what files are open by which processes, and much more. This is a Gui/device driver combo that uses a new technique we've developed, kernel-mode system call hooking, to watch all registry-related activity. An article on [Image]NTRegmon kernel-mode system call hooking with full source to NTRegmon appeared in Dr. Dobb's Journal in the January 1997 issue. Version 3.0 includes numerous enhancements. Full Source is included. This is an NT Gui/device driver program that layers itself above all the file systems on a system in order that it can watch all file [Image]NTFilemon system activity. Check out the February issue of Dr. Dobb's Journal for an article on NT File System organization. Version 3.0 includes numerous enhancements. Full source is included. This is an NT Gui/device driver program that intercepts calls made to DbgPrint by device DebugMon drivers. It allows for viewing and recording of debug session output without an active debugger. Courtesy of OSR. This is an NT Gui/device driver program that watches process and thread creation and deletion, as well as context swaps if running NTPMon on a multiprocessing or checked kernel. The many undocumented routines it uses will be documented in our forthcoming book on NT Internals. This is an example that will be included in our forthcoming book, Windows NT Internals. Unlike Winobj the Winobj that ships with the SDK, this one actually works! Use it to explore the NT object manager name space and see information on specific objects. Performance Tools Cacheman allows you to change a slew of NT's Cacheman file system caching parameters on the fly. Change the min and max sizes, lengthen the write-back delay and more. Updated for SP3. NT doesn't allow access to internal performance settings like execution quanta, which have different values on Workstation and Server. NTFrob Here's an applet that will let you "frob" the foreground and background quanta on a system for experimentation, or for your liking. This update works on NT 4.0 SP 3. Utilities Finally, the utility that NT system administrators have been waiting for. With NTRecover you can access a dead x86 NT system's disks from a good system over a serial NTRecover connection. You can then salvage data off of the drives using native NT commands and utilities. With the write-version you can even run chkdsk on the dead system's drives! The read-only version is freeware. NTLocksmith is an add-on program to NTRecover that allows for the changing of passwords on systems where the administrative password has NTLocksmith been lost. It works 100% of the time, and if you've forgotten the password to your machine, you can gain entry within minutes using NTLocksmith. The home site for NTFSDOS, a read-only NTFS file system driver for DOS, Windows 3.x and NTFSDOS Windows 95. This latest NTFSDOS update fixes a few bugs, improves performance in large directories, and allows better control over drive letter mapping. It works just like recycle bin, but tracks [Image]NTUndelete files deleted from the command prompt or from inside of programs in case you need to recover them. Download a free trial version! Force NT to flush all modified file system data NTSync to disk, insuring that it will be safe in the face of a crash. This is a kernel-mode driver that demonstrates keyboard input filtering just above the keyboard class driver in order to turn caps-locks into control keys. Filtering at this Ctrl2cap level allows conversion and hiding of keys before NT even "sees" them. Full source is included. Ctrl2cap also shows how to use HalDisplayString() to print messages to the initialization blue-screen. Miscellaneous OSRBSOD Its arrived! The BlueScreen screen saver (courtesy of our friends at OSR)! A growing collection of little utilities you might find useful, including an NT UNICODE Miscellaneous string search program, and a caps-lock to control mapper, among others. An NT auto-logon configurator that can be used to enable and disable autologon.