Windows Resource kit tools

Universal Resource Consumer – Just an innocent stress program, v 0.1.0
Copyright (c) 1998, 1999, Microsoft Corporation

consume RESOURCE [-time SECONDS]

RESOURCE can be one of the following:


C:\resourcekit>Consume /?
Universal Resource Consumer – Just an innocent stress program, v 0.1.0
Copyright (c) 1998, 1999, Microsoft Corporation

consume RESOURCE [-time SECONDS]

RESOURCE can be one of the following:




confdisk /save    <SIF file to save configuration to>
confdisk /restore <SIF file to restore configuration from>


confdisk /save c:\asr.sif


Microsoft Diskraid version 5.2.3790
Copyright (c) 2003 Microsoft Corporation
On computer: MOG-IN-W01

Diskraid encountered a fatal error while initializing.  The following
information may help diagnose the error:

Error: 0x80040154
Location Code: 2


LINKSPEED { /S system | /DC } [/T value]

This command line tool displays the link speed to the remote system.

Parameter List:
/S     system     Specifies the machine name to which the link
speed is to be determined.

/DC               Specifies to determine the link speed to the
domain controller.

/T     value      Specifies the minimum threshold value looking
for. Must be specified in bytes.

LINKSPEED /S \\system
LINKSPEED /S /T 700000
LINKSPEED /S /T 700000
LINKSPEED /DC /T 5005005
Usage: Klist.exe <tickets | tgt | purge>


Monitors a process’ various memory usage and breaks the process into a
debugger when the given threshold value is exceeded.

Memmonitor.exe  —  Version: 1.05

Memmonitor.exe [-p <pid> | -pn <name> | -ps <svc>] [-wait] [-nodbg] [-int <secs>
[-WS <value>] [-PPool <value>] [-NPPool <value>] [-VM <value>]
-p  pid      : is the process ID (0 for current process)
-pn name     : is the name of the process (as shown in TaskManager or TLIST).
-ps svc      : is the name of a service (as known by Services Manager).
-wait        : means to wait for process if not already running.
-nodbg       : means no break to debugger (and no debugger required).
-assumedbg   : means assume the presence of a debugger (suppress check).
-int secs    : is the interval between checks, in seconds (default: 60).
-WS value    : sets the WorkingSet threshold limit (in K).
-PPool value : sets the PagedPool threshold limit (in K).
-NPPool value: sets the NonPagedPool threshold limit (in K).
-VM value    : sets the VM threshold limit (in K).

All arguments are optional, but one of -p, -pn, or -ps is needed.

MemTriage – System and pool snapshots. ( built by: dnsrv_dev(v-smgum))
Copyright (c) Microsoft Corporation. All rights reserved.

MemTriage -m  LOGFILE             Snapshot system and process information.
MemTriage -p  LOGFILE             Snapshot kernel pool information.
MemTriage -mp LOGFILE             Snapshot system, process, pool information.
MemTriage -h  PID LOGFILE         Snapshot process heap information.
MemTriage -t  RETRY -w MINUTES    Take R snapshot in every M minutes.
could be used together with -m, -p, -mp and -h.
MemTriage -a  LOGFILE <-pid PID>  Analyze a log for leaks. Specify PID if
it’s a heap snapshot
MemTriage -av LOGFILE             Same as ‘-a’ but generate a detailed report fi

The `-a’ option analyze the log file containing several snapshots of same
type (process or pool information) and prints resources for which there is an
increase everytime(most time) when a snapshot was taken

MemTriage -s  LOGFILE <-r RULEFILE> <-pid PID>

The ‘-s’ option analyzes a single snapshot based on rule file, if a rule file
is not specified, it will used the default rule file [MemTriage.ini]. Use ‘-pid’

option if the snapshot log is a heap snapshot

1. analyze a single system and process snapshot:
MemTriage -mp MemTriage.log
MemTriage -s MemTriage.log
2. analyze the heap snapshot for process 1283
MemTriage -h 1283 MemTriage.log
MemTriage -s MemTriage.log -r MyRule.ini -pid 1283
2. take 5 system and pool snapshots every 10 minutes and analyze them later
MemTriage -mp MemTriage.log -t 5 -w 10
MemTriage -a MemTriage.log


BUILTIN\Administrators    Special Access [A]
NT AUTHORITY\SYSTEM       Special Access [A]
CREATOR OWNER             Special Access [A]
BUILTIN\Users             Special Access [RX]
BUILTIN\Users             Special Access [a]
BUILTIN\Users             Special Access [w]

Displays the trustees assigned to a privilege (user right).
(c) 1999 Microsoft Corporation.

Usage: showpriv <privilegename>
where <privilegename> is a valid Windows NT privilege string.

Example: showpriv SeSecurityPrivilege

SeCreateTokenPrivilege                  SeAssignPrimaryTokenPrivilege
SeLockMemoryPrivilege                   SeIncreaseQuotaPrivilege
SeMachineAccountPrivilege               SeTcbPrivilege
SeSecurityPrivilege                     SeTakeOwnershipPrivilege
SeLoadDriverPrivilege                   SeSystemProfilePrivilege
SeSystemtimePrivilege                   SeProfileSingleProcessPrivilege
SeIncreaseBasePriorityPrivilege         SeCreatePagefilePrivilege
SeCreatePermanentPrivilege              SeBackupPrivilege
SeRestorePrivilege                      SeShutdownPrivilege
SeDebugPrivilege                        SeAuditPrivilege
SeSystemEnvironmentPrivilege            SeChangeNotifyPrivilege
SeRemoteShutdownPrivilege               SeUndockPrivilege
SeSyncAgentPrivilege                    SeEnableDelegationPrivilege


Usage: SRVINFO [[-?|-ns|-d|-v|-s] \\computer_name]

* -?: Show usage
* -ns: Do NOT show any service information
* -nf: Do NOT show any hotfix information
* -r: Show service internal names
* -d: Show service drivers and service
* -v: Get version info for Exchange, IIS, SQL
* -s: Show shares


usage: qgrep [-?BELOXlnzvxy][-e string][-f file][-i file][strings][files]

* -?: print this message
* -B: match pattern if at beginning of line
* -E: match pattern if at end of line
* -L: treat search strings literally (fgrep)
* -O: print seek offset before each matching line
* -X: treat search strings as regular expressions (grep)
* -l: print only file name if file contains match
* -n: print line number before each matching line
* -z: print matching lines in MSC error message format
* -v: print only lines not containing a match
* -x: print lines that match exactly (-BE)
* -y: treat upper and lower case as equivalent
* -e: treat next argument literally as a search string
* -f: read search strings from file named by next argument (- = stdin)
* -i: read file list from file named by next argument (- = stdin)

White space separates search strings unless the argument has a prefix of -e (for example, ‘qgrep “all out” x.y’ means find either “all” or “out” in x.y, while ‘qgrep -e “all out” x.y’ means find “all out.”

TAIL: lseeki64() failed 9



Attempting to create shadow copy of \\?\Volume{a7d61998-cc21-11db-8a87-806d61726

Shadow copy creation failed on \\?\Volume{a7d61998-cc21-11db-8a87-806d6172696f}\
Unexpected error. (Error: 0xc0000005)

C:\resourcekit>logtime “show”
LOGTIME.EXE v1.1 Copyright (C) Micorosft Corporation 1996
Written by Joseph Pagano.
02\26\2009 13:00:57.0869  show

compress.exe  compress the data


COMPRESS [-R] [-D] [-S] [ -Z | -ZX ] Source Destination
COMPRESS -R [-D] [-S] [ -Z | -ZX ] Source [Destination]

Compresses one or more files.

Parameter List:
-R           Rename compressed files.

-D           Update compressed files only if out of date.

-S           Suppress copyright information.

-ZX          LZX compression. This is default compression.

-Z           MS-ZIP compression.

Source       Source file specification. Wildcards may be

Destination  Destination file | path specification.
Destination may be a directory. If Source is
multiple files and -r is not specified,
Destination must be a directory.

COMPRESS temp.txt compressed.txt
COMPRESS -R *.exe *.dll compressed_dir

confdisk.exe   saving system configuration


confdisk /save    <SIF file to save configuration to>
confdisk /restore <SIF file to restore configuration from>


confdisk /save c:\asr.sif

C:\resourcekit>confdisk /save c:\asr.sif

C:\resourcekit>gpotool.exe /?

Group Policy Object verification tool

Usage: gpotool.exe [options]

/gpo:GPO[,GPO…] Preffered policies. Partial GUID and friendly name
match accepted. If not specified, process all policies in the
/domain:name    Specify the DNS name for the domain hosting the policies. If
not present, assume user’s domain.
/dc:DC[,DC…]  Preffered list of domain controllers. If not specified, find
all controllers in the domain.
/checkacl       Verify sysvol ACL. For faster processing, this step is skipped
by default.
/verbose        Display detailed information.

C:\resourcekit>rpcping.exe /?
rpcping [-t <protseq>] [-s <server_addr>] [-e <endpoint>
| -f <interface UUID>[,MajorVer]] [-u <security_package_id>]
[-a <authn_level>] [-i <#_iterations>] [-l <log_filename> [-p]]
[-r <report_results_interval>] [-v <verbose_level>]
[-N <server_princ_name>] [-I <auth_identity>] [-C <capabilities>]
[-T <identity_tracking>] [-M <impersonation_type>]
[-S <server_sid>] [-P <proxy_auth_identity>] [-F <RPCHTTP_flags>]
[-H <RPC/HTTP_authn_schemes>] [-o <binding_options>]
[-B <server_certificate_subject>] [-b] [-E] [-q]

Pings a server using RPC. Options are:

C:\resourcekit>rpcping -s
Completed 1 calls in 16 ms
62 T/S or  16.000 ms/T

C:\resourcekit>showacls.exe /?


showacls /s /u:domain\user filespec

/s  include sub-directories
/u  specify domain\user

C:\resourcekit>sonar.exe /?

C:\resourcekit>tail.exe /?
usage: TAIL [switches] [filename]*
switches: [-?] display this message
[-n] display last n lines of each file (default 10)
[-f filename] keep checking filename for new lines

C:\resourcekit>tail -2  “c:\test2.txt”


Posted on February 10, 2014, in Windows. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: