Windows Server

How to use SysInternals Live Tools

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. This simply allows you to easily access any of their utilities for free over the internet in your command prompt

Here are some quick description of some of the tools
Autorun: This is the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and when you start various built-in Windows applications like Internet Explorer, Explorer, and media players. These programs and drivers include ones in your startup folder, Run, RunOnce, and other Registry keys.
Diskmon: This analyzes hard disk access
Procmon: This shows all access to registry, files, and network in real-time.
Tcpview: This examines the network connections of the PC and helps to detect Trojans and spyware.

For more information on SysInternal Tools and how some of the Sysinternals tools are used locally on your device, please see the following link.

There are few different ways to use this tool, firstly u can copy the following syntax into the windows search or run the command as shown below

\\live.sysinternals.com\tools
- Press Enter after works

This will launch file explorer with the available life tools as shown below.
– Note; You can as well map this drive below and use it subsequently.

Alternatively, you can decide to use a single tool out of the entire SysInternal suit. To achieve this, launch the “run” dialog window and enter the following syntax as shown below, i.e, \\live.sysinternals.com\tools\and click on ok.

\\live.sysinternals.com \tools \autoruns.exe

This will display a pop-up (Open File – Security Warning) as shown below,
– Click on Run

This will display the Autorun result as shown below.

Note: When this syntax is run this way, it means you can also run the tools directly at the prompt by entering the same command as above. A list of the SysInternal suit can be found at the following URL as shown below https://live.sysinternals.com/

<pre class="wp-block-syntaxhighlighter-code">12/19/2019 10:05 AM          668 about_this_site.txt
11/16/2017  2:27 PM       792208 accesschk.exe
11/16/2017  2:25 PM       409760 accesschk64.exe
 11/1/2006  2:06 PM       174968 AccessEnum.exe
 7/12/2007  6:26 AM        50379 AdExplorer.chm
11/14/2012 11:22 AM       479832 ADExplorer.exe
10/26/2015  4:06 PM       401616 ADInsight.chm
10/26/2015  4:15 PM      2425496 ADInsight.exe
 11/1/2006  2:05 PM       150328 adrestore.exe
12/29/2019  4:18 PM        &lt;dir&gt; ARM64
 8/27/2016 11:54 AM       138920 Autologon.exe
 6/28/2019  1:07 PM        50512 autoruns.chm
 6/28/2019  1:07 PM       761656 Autoruns.exe
 6/28/2019  1:10 PM       757328 Autoruns64.dll
 6/28/2019  1:06 PM       875592 Autoruns64.exe
 6/28/2019  1:11 PM       680016 autorunsc.exe
 6/28/2019  1:10 PM       776480 autorunsc64.exe
 9/19/2019 10:17 PM      3353464 Bginfo.exe
 9/19/2019 10:15 PM      4601208 Bginfo64.exe
 11/1/2006  2:06 PM       154424 Cacheset.exe
 5/27/2016  1:58 AM       139944 Clockres.exe
 5/27/2016  1:55 AM       154792 Clockres64.exe
 5/27/2016  2:05 AM       253600 Contig.exe
 5/27/2016  2:02 AM       268960 Contig64.exe
 8/18/2014 12:29 PM       892088 Coreinfo.exe
12/19/2019 10:06 AM      2181688 CPUSTRES.EXE
12/19/2019 10:06 AM      2862648 CPUSTRES64.EXE
 9/27/2006  6:04 PM        10104 ctrl2cap.amd.sys
 11/1/2006  2:05 PM       150328 ctrl2cap.exe
11/21/1999  6:20 PM         2864 ctrl2cap.nt4.sys
11/21/1999  7:46 PM         2832 ctrl2cap.nt5.sys
 5/21/2019  9:34 AM        68539 Dbgview.chm
 5/21/2019  9:34 AM       914992 Dbgview.exe
10/17/2012  6:28 PM       116824 Desktops.exe
12/17/2013 12:46 PM        40717 Disk2vhd.chm
 1/20/2014  3:16 PM      7134400 disk2vhd.exe
 6/12/2016  9:17 AM       143008 diskext.exe
 6/12/2016  9:14 AM       158376 diskext64.exe
 11/1/2006  2:06 PM       224056 Diskmon.exe
 12/8/2003 10:40 AM         9519 DISKMON.HLP
 3/24/2010  2:00 PM       580984 DiskView.exe
10/14/1999  2:45 PM        11728 DMON.SYS
 1/20/2018 11:12 AM       169072 du.exe
 1/20/2018 11:06 AM       191616 du64.exe
 11/1/2006  2:05 PM       146232 efsdump.exe
 9/28/2018  1:55 AM         7490 Eula.txt
12/19/2019 10:06 AM        &lt;dir&gt; files
 5/28/2016  8:28 AM       147112 FindLinks.exe
 5/28/2016  8:26 AM       169136 FindLinks64.exe
 6/13/2019  7:07 AM      1074224 handle.exe
 6/13/2019  7:06 AM       605952 handle64.exe
12/19/2019 10:06 AM           18 healthmonitoring.html
 6/12/2016  9:24 AM       150176 hex2dec.exe
 6/12/2016  9:21 AM       164520 hex2dec64.exe
12/19/2019 10:04 AM          703 iisstart.htm
12/19/2019 10:04 AM        99710 iisstart.png
 6/12/2016  9:39 AM       216736 junction.exe
 6/12/2016  9:36 AM       236200 junction64.exe
 11/1/2006  2:06 PM       154424 ldmdump.exe
 5/27/2016  2:30 AM       424096 Listdlls.exe
 5/27/2016  2:28 AM       220336 Listdlls64.exe
 5/16/2017 11:42 AM       641184 livekd.exe
 5/16/2017 11:35 AM       418976 livekd64.exe
 5/28/2016  8:43 AM       141472 LoadOrd.exe
 5/28/2016  8:42 AM       156840 LoadOrd64.exe
 5/28/2016  8:48 AM       173216 LoadOrdC.exe
 5/28/2016  8:47 AM       188584 LoadOrdC64.exe
 6/12/2016  9:57 AM       224952 logonsessions.exe
 6/12/2016  9:54 AM       249536 logonsessions64.exe
 6/12/2016 10:20 AM       139936 movefile.exe
 6/12/2016 10:15 AM       154792 movefile64.exe
 6/12/2019 11:42 AM       516664 notmyfault.exe
 6/12/2019 11:40 AM       652048 notmyfault64.exe
 6/12/2019 11:40 AM       514320 notmyfaultc.exe
 6/12/2019 11:38 AM       649272 notmyfaultc64.exe
 6/12/2016 10:29 AM       139432 ntfsinfo.exe
 6/12/2016 10:26 AM       158896 ntfsinfo64.exe
 11/1/2006  2:06 PM       215928 pagedfrg.exe
 7/23/2000  7:58 PM         8419 pagedfrg.hlp
 6/12/2016 10:19 AM       141480 pendmoves.exe
 6/12/2016 10:14 AM       156336 pendmoves64.exe
 6/12/2016 10:44 AM       213160 pipelist.exe
 6/12/2016 10:41 AM       234160 pipelist64.exe
 7/30/1999  4:28 PM          422 PORTMON.CNT
 1/13/2012  5:35 PM       451392 portmon.exe
 1/31/2000  9:20 AM        43428 PORTMON.HLP
 4/25/2017  4:43 AM       651424 procdump.exe
 4/25/2017  4:37 AM       341672 procdump64.exe
12/19/2019 10:06 AM        72154 procexp.chm
12/19/2019 10:06 AM      2798456 procexp.exe
12/19/2019 10:06 AM      1490296 procexp64.exe
12/19/2019 10:06 AM        63582 procmon.chm
12/19/2019 10:06 AM      2181504 Procmon.exe
12/19/2019 10:06 AM      1177168 Procmon64.exe
 6/28/2016 11:44 AM       339096 PsExec.exe
 6/28/2016 11:41 AM       374944 PsExec64.exe
 6/28/2016 11:35 AM       149664 psfile.exe
 6/28/2016 11:32 AM       168608 psfile64.exe
 1/23/2018  9:21 PM       297104 PsGetsid.exe
 1/23/2018  8:58 PM       329880 PsGetsid64.exe
  7/5/2016  5:32 PM       313496 PsInfo.exe
  7/5/2016  5:27 PM       351904 PsInfo64.exe
 6/28/2016 10:57 AM       284320 pskill.exe
 6/28/2016 10:52 AM       318624 pskill64.exe
 6/28/2016 10:44 AM       178848 pslist.exe
 6/28/2016 10:42 AM       202400 pslist64.exe
 6/28/2016  9:51 AM       151728 PsLoggedon.exe
 6/28/2016  9:49 AM       170160 PsLoggedon64.exe
  3/4/2019 11:54 AM       444984 psloglist.exe
  3/4/2019 11:52 AM       579128 psloglist64.exe
  7/5/2016  4:53 PM       149664 pspasswd.exe
  7/5/2016  4:50 PM       168616 pspasswd64.exe
 6/29/2016  3:58 AM       255648 psping.exe
 6/29/2016  3:55 AM       293032 psping64.exe
 6/28/2016  9:43 AM       188584 PsService.exe
 6/28/2016  9:41 AM       210608 PsService64.exe
 12/4/2006  5:53 PM       207664 psshutdown.exe
 6/28/2016 10:06 AM       289448 pssuspend.exe
 6/28/2016 10:01 AM       321704 pssuspend64.exe
 10/1/2012  9:23 AM        66582 Pstools.chm
 11/6/2007  9:17 AM           39 psversion.txt
 6/28/2019  2:28 PM       659728 RAMMap.exe
 12/7/2011 12:07 PM         7903 readme.txt
 5/28/2016 11:57 AM       149168 RegDelNull.exe
 5/28/2016 11:54 AM       164024 RegDelNull64.exe
 11/1/2006  1:05 PM       146232 Reghide.exe
 1/27/2016  8:34 PM       117920 regjump.exe
 12/7/2005  2:19 PM       102160 RootkitRevealer.chm
 11/1/2006  1:07 PM       334720 RootkitRevealer.exe
  7/5/2016  3:56 PM       142472 ru.exe
  7/5/2016  3:54 PM       160920 ru64.exe
11/15/2018  7:33 AM       235560 sdelete.exe
11/15/2018  7:33 AM       246528 sdelete64.exe
 11/1/2006  2:07 PM       260976 ShareEnum.exe
 2/27/2008  6:51 PM       103464 ShellRunas.exe
 8/29/2019 11:19 AM       817528 sigcheck.exe
 8/29/2019 11:18 AM      1128824 sigcheck64.exe
 5/28/2016 12:28 PM       135840 streams.exe
 5/28/2016 12:25 PM       153768 streams64.exe
  7/5/2016  6:33 PM       149152 strings.exe
  7/5/2016  6:30 PM       164008 strings64.exe
 6/12/2016  7:10 PM       143512 sync.exe
 6/12/2016  7:07 PM       158360 sync64.exe
12/10/2019  9:58 PM      3712376 Sysmon.exe
12/10/2019  9:55 PM      2018384 Sysmon64.exe
 7/28/2010  3:47 PM       199544 Tcpvcon.exe
  7/2/2010  4:03 PM        41074 tcpview.chm
 7/25/2011 12:40 PM       300832 Tcpview.exe
  9/2/2002  1:13 PM         7983 TCPVIEW.HLP
11/18/2016  7:40 AM       231584 Testlimit.exe
11/18/2016  7:38 AM       243888 Testlimit64.exe
12/19/2019 10:06 AM        &lt;dir&gt; tools
  6/4/2019  3:05 PM        51747 Vmmap.chm
  6/4/2019  3:05 PM      1307904 vmmap.exe
 6/12/2016  7:18 PM       233640 Volumeid.exe
 6/12/2016  7:15 PM       169648 Volumeid64.exe
12/11/2019  8:40 AM       398192 whois.exe
12/11/2019  8:39 AM       523128 whois64.exe
 2/14/2011 12:37 PM       729464 Winobj.exe
12/30/1999 11:26 AM         7653 WINOBJ.HLP
12/10/2019 10:11 PM      1060216 ZoomIt.exe</pre>

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x