• Internet & Network
  • OpenPorts - The powerful OpenPorts reveals which processes are behind the TCP and UDP network ports on your system.
  • EnumIPs - Displays all local IP addresses, including broadcast and net mask details.
  • GetIP - Connects to the Internet to obtain your real Internet IP address.
  • IP List - Enumerates network interfaces, showing all bound IP addresses, their broadcast addresses, and their netmasks
  • ICMP Ping - Use ICMP Ping to determine if a machine is responding to standard requests.
  • Resolve - Resolve an IP address to it's DNS address, and vice versa. Also performs a reverse-resolve.
  • TraceRoute - TraceRoute uses specially-crafted ICMP Ping requests to trace a map of the computers between you and the target address. It is particularly useful to determine the ISP of the target.
  • Whois - Display information about Internet domains
  • SendMail - Send email (and even attach a file) using any SMTP server
  • HTTPGet - Download files from HTTP/FTP servers from the command line
• System
  • CmdLine - Another of our more popular console tools, CmdLine is a one-of-a-kind that can actually reveal the commandline parameters of processes.
  • DelayExec - DelayExec allows you to start programs in a pre-execution state of suspension, where the process is loaded but code isn't initially executed.
  • Procs - Complete process control - listing (with full paths and process IDs), terminating, and module enumeration.
  • Windows - Complete control over all parent and child windows, including listing and modification.
  • CPUInfo - Displays a variety of information about your processor(s). Multi-CPU support, and detects serial number, speed, name, features and more.
  • Adapters - Displays information about all network adapters. Details include MAC address, Description, IP addresses, DHCP info and more.
  • Drivers - Lists all drivers on the system. Full image paths and base addresses are shown.
  • MemDump - Also an MS-DOS-based tool, this allows you to view memory from 0000:0000 to FFFF:FFFF. For example, "memdump F000:FFF5, 8" will show your BIOS date - BIOS itself can be found at F000:0000.
  • BIOSDump - An MS-DOS-based tool that allows you to view BIOS (and extensions which it scans for) and also save as files.
  • ErrorDesc - If you've ever been frustrated by unhelpful error numbers like "Error #82 occurred" this tool can help. You simply give it the error number and it will query the operating system for a description about that error number. It also queries an internal database of over a thousand NTStatus error codes.
• User Info
  • WhoAmI - Displays the current computer name, current user name, IP addresses, and Administrator status.
  • IsAdmin - Displays the current user name and determines if the user has Administrator privileges.
• Passwords
  • PWReveal - Allows you to see the passwords behind most PassChar-protected text\editboxes in memory (allowing you to see behind the "*****" fields). There is also a stay-resident option, and a patch option that can actually remove the PassChar protection from such password-protecting boxes on the fly.
  • PassDump - PassDump is similar to (and based on) PWReveal, but with just one goal - PassDump simply dumps to the console the text from any PassChar-protected textboxes that it can find.
• File Tools
  • FolderMon - A powerful monitoring program that allows you to see all (or specific) file activity in a folder & subfolders or even an entire drive.
  • FindAll - A fast and powerful tool for searching the contents of files. Supports Unicode, case (in)sensitivity, subdirectory searching and more.
  • StrDump - Scan a file for text strings - a quick, useful way to avoid sifting through 'junk' data.
  • HexDump - Dump the contents of any file in traditional 'hex dump' format.
  • MD5 - Quickly and easily calculate strong 128-bit checksums from strings and files.
  • SHA-160 Hash - Calculates 160-bit checksums from files.
  • AdjustCR - File conversion. Replaces UNIX-style line-feeds with Windows-style carriage-return & line-feed
• Date & Time
  • CityTime - CityTime is the fastest and easiest way to check the time in another city. Over 200 major cities of the world are supported.
  • UpTime - See how long your computer has been running, accurate to the second.
  • DateDiff - Calculate the number of days between two dates - a common task finally made easy!

The above descriptions are quoted from Wayne's original announcements, the archived homepage, and the help text (for Whois). The descriptions are virtually verbatim, with only minor changes to categories. Sadly, Htm2Txt (mentioned in the second announcement) could not be located for inclusion in the archive.

/windows | May 21, 2013

/windows | May 17, 2013

"This may be the finest piece of word processing code ever written. I have never been as impressed with anything as I have with VDE 1.5... writing software in 100 percent assembly language still pays off in performance and reduced code size. It's an astonishing product, believe me. It's more than the perfect laptop word processor... I cannot give a higher recommendation for any product that I have seen in ten years... Top recommendation."

/windows | May 05, 2013

• Quicken 6 for Macintosh
• Quicken 6 for Windows
• Quicken 99 for Windows
• Quicken 2000 for Windows
• Quicken 2003 for Windows
• Quicken 2004 for Windows

/windows | Apr 24, 2013

mimikatz # privilege::debug
Demande d'ACTIVATION du privilège : SeDebugPrivilege : OK

mimikatz # sekurlsa::logonPasswords full
...
Utilisateur principal       : user
Domaine d'authentification  : domain
        kerberos :
         * Utilisateur  : user
         * Domaine      : domain
         * Mot de passe : pass
...

/windows | Apr 11, 2013

1. Schedule a SyncToy backup job (see "Schedule SyncToy" in the included help file for details)
2. Throw blat and grep into C:\Windows (or anywhere in your PATH)
3. Create a batch file (e.g., C:\scripts\email.bat) which contains something like this:
   schtasks /query /fo list /v | findstr /i "Result: TaskName: Last" | grep SyncToy -A 2 | blat -f admin@example.org -to user@example.org -s "SyncToy task result" -serverSMTP mail.example.org
4. Schedule email.bat to run daily. You'll start receiving emails that look something like this:
   TaskName:      SyncToy
   Last Run Time: 12:30:00, 4/2/2013
   Last Result:   0

C:\>schtasks /query /?
...
    /TN   taskname       Specifies the task name for which to
                         retrieve the information, else all of them.
...

C:\>schtasks /query /v /fo list /tn synctoy
ERROR: The system cannot find the path specified.

C:\>schtasks /query /v /fo list /tn "\Microsoft\Windows\SyncToy\synctoy"

Folder: \Microsoft\Windows\SyncToy
HostName:                             computername
TaskName:                             \Microsoft\Windows\SyncToy\synctoy
Next Run Time:                        4/3/2013 10:57:34 PM
Status:                               Ready
Logon Mode:                           Interactive only
Last Run Time:                        4/2/2013 11:01:39 PM
Last Result:                          0
Author:                               computername\user
Task To Run:                          "C:\Program Files\SyncToy 2.1\SyncToyCmd.exe" -R
...

/windows | Apr 02, 2013

C:\>rd "\\?\e:\dirname "

/windows | Mar 31, 2013

•  FSync 1.5 [116k] + Uni-directional folder mirroring. Target can be specified by drive letter, label, or serial number. Cannot backup locked or in-use files; combine with ShadowSpawn to work around.  
•  Drive SnapShot 1.42 [352k] + Disk imaging backup. Review  
• Bvckup 1.0.1.401 [478k] Delta copy folders in real time, manually, or at scheduled intervals.  

• Lazy Mirror 9.3.1.401 [687k] Folder mirroring with versioning and automatic archive purging.  

/windows | Mar 24, 2013

• hobocopy (open source) - "Uses the Volume Shadow Service (VSS) to 'snapshot' the disk before copying. It then copies from the snapshot rather than the 'live' disk." Several issues raised in these comments, including problems with incremental mode and attributes/ACL. The author has deprecated it in favor of:
• ShadowSpawn (open source) - "Works by making a shadow copy of your disk, making it available at a drive letter, then launching (spawning) another program that you specify. Probably the most common way to use ShadowSpawn is to use Robocopy make a copy of files that are currently in use."
• ShadowCopy (freeware) - Copies locked and open files via Volume Shadow Services.
• Backup of locked files using vshadow.exe and robocopy.exe (PDF) - Instructions from the University of Arkansas for backing up with VShadow and Robocopy.

/windows | Mar 24, 2013

Setup was unable to create a new system partition or locate an existing system partition. See the Setup log files for more information.

1. set target disk to be first in the hard drive boot order
2. set target disk as the primary boot device

• Windows 7 Installation Error: "Setup was unable to create a new system partition or locate an existing system partition."
• Error: "We couldn't create a new partition or locate an existing one. For more information, see the Setup log files." when you try to install Windows 8 (CP)

/windows | Mar 24, 2013