AllTools (zodiacon/alltools)

AllTools

https://github.com/zodiacon/alltools
Admin
AllTools is a comprehensive collection of stable Windows system utilities for process monitoring,...

Tokens:2,153
Snippets:35
Trust Score:10
Update:1 month ago
Show doc for...
Context Summary (auto-generated)
Raw
# AllTools

AllTools is a comprehensive collection of Windows system administration, debugging, and monitoring utilities developed by Pavel Yosifovich. These tools provide deep insights into Windows internals, including process management, kernel object inspection, ETW (Event Tracing for Windows) monitoring, PE file analysis, registry editing, and memory examination. The collection serves as an enhanced alternative to Microsoft's Sysinternals suite, offering modern WPF interfaces and additional functionality.

The tools are designed for Windows developers, system administrators, security researchers, and anyone who needs to understand or troubleshoot Windows system behavior at a low level. Each utility is standalone and focuses on a specific aspect of Windows internals, from viewing .NET process information to monitoring driver activity and analyzing executable file formats.

## Process and System Monitoring Tools

### ProcMonX

Process Monitor tool based on Event Tracing for Windows (ETW) that captures system activity including file system, registry, network, and process events in real-time.

```bash
# Launch ProcMonX to monitor system events
ProcMonX.exe

# ProcMonX v2 provides enhanced ETW-based monitoring
# Extract and run for the latest version
unzip ProcMonXv2.zip
./ProcMonX.exe
```

### System Explorer (SysExp)

Comprehensive system information tool that displays processes, threads, handles, kernel objects, and other system-level data in a unified interface.

```bash
# Launch System Explorer for complete system overview
SysExp.exe

# View process details including:
# - Thread information
# - Handle table
# - Memory regions
# - Loaded modules
```

### QSlice and QSliceX

Modern implementations of the classic QSlice tool for visualizing CPU usage across processes with real-time pie chart graphics.

```bash
# Launch QSlice for CPU usage monitoring
unzip QSlice.zip
./QSlice.exe

# QSliceX adds pie chart visualization
unzip QSliceX.zip
./QSliceX.exe
```

### CPUStress

Thread and CPU stress testing application for performance testing and thermal analysis of systems.

```bash
# Launch CPU stress testing tool
CPUStress.exe

# Features:
# - Create multiple threads with configurable activity levels
# - Set thread priorities and CPU affinity
# - Monitor CPU utilization during stress tests
```

## Kernel and Object Inspection Tools

### Object Explorer (ObjExp)

Explore Windows kernel objects and handles across the entire system, providing visibility into the Object Manager namespace.

```bash
# Launch Object Explorer
ObjExp.exe

# Browse object directories, view object properties,
# and examine handle tables for any process
```

### ObjDir

Command-line tool for exploring the Windows Object Manager namespace, displaying kernel objects organized in directory structures.

```bash
# List root object directory
ObjDir.exe

# Navigate object manager namespace:
# \Device - Device objects
# \Driver - Driver objects
# \BaseNamedObjects - Named synchronization objects
```

### Kernel Object View

View statistics about kernel objects and handles system-wide, including counts by type and per-process handle usage.

```bash
# Launch Kernel Object View
KernelObjectView.exe

# Displays:
# - Object type statistics
# - Handle counts per process
# - Object reference counts
```

### PoolMonX

Monitor kernel pool memory allocations and usage patterns for debugging memory leaks and analyzing kernel memory consumption.

```bash
# Launch Pool Monitor
PoolMonXv2.zip  # Extract and run
PoolMonX.exe

# Monitor pool tags, allocation sizes,
# and paged/non-paged pool usage
```

## PE File Analysis Tools

### PEExplorer and PEExplorerV2

PE (Portable Executable) file viewers for analyzing Windows executables, DLLs, and drivers including headers, sections, imports, and exports.

```bash
# Analyze a PE file with PEExplorer
PEExplorerV2.exe

# Or use the original version
unzip PEExplorer.0.6.3.zip
./PEExplorer.exe

# View:
# - DOS/NT Headers
# - Section table
# - Import/Export directories
# - Resources
# - Debug information
```

### Total PE

Another PE viewer implementation (work in progress) for examining executable file structures.

```bash
# Launch Total PE viewer
TotalPE.exe

# Or extract from archive
unzip TotalPE.zip
./TotalPE.exe
```

### PdbView

View and explore PDB (Program Database) symbol files used for debugging Windows applications.

```bash
# View PDB file contents
unzip PdbView.0.2.zip
./PdbView.exe

# Requires msdia140.dll and symsrv.dll (included)
# Browse symbols, types, and source file references
```

## .NET and CLR Tools

### CLR Explorer

View detailed information about .NET processes or analyze .NET dump files, including assemblies, AppDomains, and managed heap.

```bash
# 32-bit version
CLRExplorer.exe

# 64-bit version
CLRExplorer64.exe

# Analyze:
# - Loaded assemblies and modules
# - AppDomain information
# - Managed threads
# - GC heap statistics
```

### DotNetExp

.NET Explorer for examining .NET runtime information in running processes.

```bash
# 32-bit .NET Explorer
DotNetExp.exe

# 64-bit .NET Explorer
DotNetExp64.exe
```

## Registry and Configuration Tools

### Total Registry (TotalReg)

Advanced registry editor with undo/redo support, viewing the real registry including hidden keys and values.

```bash
# Launch Total Registry
TotalReg.exe

# Features:
# - View/edit registry keys and values
# - Undo/redo operations
# - Access hidden registry locations
# - Search functionality
```

### GFlagsX

Enhanced version of the Windows Global Flags (GFlags) debugging tool for configuring system and image file debugging options.

```bash
# Launch GFlagsX
unzip GFlagsX.0.82.zip
./GFlagsX.exe

# Configure:
# - System-wide flags
# - Image file execution options
# - Kernel flags
# - Pool tagging options
```

## Driver and ETW Monitoring Tools

### DriverMon

Monitor driver activity including IRP requests, callbacks, and driver communications.

```bash
# Extract and launch Driver Monitor
unzip DriverMon.zip
./DriverMon.exe

# Monitor driver load/unload events
# and driver I/O operations
```

### ETW Explorer

View ETW (Event Tracing for Windows) XML manifests for registered providers, essential for understanding available trace events.

```bash
# Launch ETW Explorer
unzip ETWExplorer.zip
./ETWExplorer.exe

# Browse registered ETW providers
# and their event definitions
```

### ETW Studio

Advanced ETW session management and event analysis tool.

```bash
# Launch ETW Studio
ETWStudio.exe

# Create and manage ETW sessions
# Capture and analyze ETW events
```

### Debug Print Tools

Monitor OutputDebugString and DbgPrint/DbgPrintEx calls from applications and drivers without requiring a kernel debugger.

```bash
# Monitor debug output
DbgPrint.exe

# Or use the archived version
unzip DebugPrint.zip
./DebugPrint.exe

# Captures debug messages from:
# - User-mode OutputDebugString calls
# - Kernel-mode DbgPrint calls
```

## Window and Desktop Tools

### WinSpy

Window spy utility for examining window properties and monitoring window messages, similar to Spy++.

```bash
# Launch WinSpy
WinSpy.exe

# Or extract from archive
unzip WinSpy.zip
./WinSpy.exe

# Features:
# - Window hierarchy browser
# - Window properties inspector
# - Message monitoring
```

### WindowTitleEx

Display HWND, Thread ID, and Process ID on window title bars for easy identification.

```bash
# Launch WindowTitleEx
WindowTitleEx.exe

# Shows HWND/TID/PID on windows
# Use tray icon to revert changes
```

### winsta

Display current session's window stations, desktops, and top-level visible windows.

```bash
# Show window stations and desktops
winsta.exe

# Lists:
# - Window stations in current session
# - Desktops per window station
# - Top-level windows with titles
```

## System Utility Tools

### Sysrun

Run any executable with the SYSTEM account without requiring a service installation.

```bash
# Run command prompt as SYSTEM
sysrun.exe cmd.exe

# Run any application with SYSTEM privileges
sysrun.exe notepad.exe
```

### BgInfo

WPF version of the Sysinternals BgInfo tool for displaying system information on the desktop background.

```bash
# Launch BgInfo
unzip BgInfo.zip
./BgInfo.exe

# Configure displayed system information
# and update desktop background
```

### Access Mask Decoder

Decode Windows access masks for common object types to understand permission bits.

```bash
# Launch Access Mask decoder
AccessMask.exe

# Decode access rights for:
# - Files and directories
# - Registry keys
# - Processes and threads
# - Synchronization objects
```

### Error Lookup

Look up error descriptions for Win32 (GetLastError) and NTSTATUS error codes.

```bash
# Launch Error Lookup
unzip ErrorLookup.zip
./ErrorLookup.exe

# Enter error code to get description
# Supports decimal and hexadecimal input
```

### BITS Manager

Manage Background Intelligent Transfer Service (BITS) jobs for file transfers.

```bash
# Launch BITS Manager
BitsMgr.exe

# View and manage BITS transfer jobs
# Monitor download/upload progress
```

## Memory and Device Tools

### MemMapView

View memory mappings of any process, including protected and minimal processes.

```bash
# Launch Memory Map Viewer
unzip MemMapView.zip
./MemMapView.exe

# View:
# - Virtual memory regions
# - Memory protection flags
# - Mapped files and sections
```

### Device Explorer (DevExp)

Explore Windows device objects and device tree.

```bash
# Launch Device Explorer
DevExp.exe

# Browse device objects and
# their properties
```

### Job Explorer

Explore Windows Job objects and their associated processes.

```bash
# Launch Job Explorer
JobExplorer.exe

# View job object limits,
# associated processes, and statistics
```

## Network and Platform Tools

### WFP Explorer

Explore the Windows Filtering Platform (WFP) configuration including filters, layers, and providers.

```bash
# Launch WFP Explorer
WFPExp.exe

# Browse:
# - WFP layers and sublayers
# - Filters and filter conditions
# - Providers and callouts
```

### WMI Explorer

Explore Windows Management Instrumentation (WMI) namespaces, classes, and instances.

```bash
# Launch WMI Explorer
WMIExp.exe

# Browse WMI:
# - Namespaces
# - Classes and properties
# - Query WMI data
```

### Metro Manager

List and launch installed Windows Runtime components and UWP/Metro applications.

```bash
# Launch Metro Manager
unzip MetroManager.zip
./MetroManager.exe

# View installed:
# - UWP applications
# - Windows Runtime components
```

## File System Tools

### NTFS Streams

Discover and examine NTFS alternate data streams (ADS) attached to files.

```bash
# Launch NTFS Streams viewer
unzip NtfsStreams.zip
./NtfsStreams.exe

# Find alternate data streams
# that may be hidden in NTFS files
```

### FSClass

Command-line tool to list file system filter classes registered on the system.

```bash
# List file system filter classes
FSClass.exe

# Shows filter manager altitude ranges
# and registered minifilters
```

### INF Studio

View and edit Windows INF (Setup Information) files used for driver and software installation.

```bash
# Launch INF Studio
InfStudio.exe

# Edit INF files with:
# - Syntax highlighting
# - Section navigation
# - Validation
```

## Additional Utilities

### Quick Assembler

Simple x86/x64 assembler and emulator for testing assembly code snippets.

```bash
# Launch Quick Assembler
QuickAsm.exe

# Or extract from archive
unzip QuickAsm.zip
./QuickAsm.exe

# Write and test x86/x64 assembly code
# with built-in emulation
```

### XCalculator

Calculator supporting variables and functions for developer calculations.

```bash
# Launch XCalculator
unzip XCalc.zip
./XCalc.exe

# Supports:
# - Variables
# - Functions
# - Hexadecimal input
```

### KDump64

Generate a local kernel memory dump on 64-bit Windows systems.

```bash
# Generate kernel dump
KDump64.exe

# Creates local kernel dump file
# for offline analysis
```

### Total System (TotalSys)

Comprehensive system information and monitoring tool.

```bash
# Launch Total System
TotalSys.exe
```

### Process Explorer X (ProcExpX)

Extended process explorer implementation.

```bash
# Launch Process Explorer X
ProcExpX.exe
```

## Summary

AllTools provides Windows developers, system administrators, and security researchers with a comprehensive toolkit for examining and understanding Windows internals. The collection covers essential areas including process monitoring (ProcMonX, System Explorer), kernel object inspection (Object Explorer, ObjDir), PE file analysis (PEExplorer, Total PE), .NET diagnostics (CLR Explorer), registry management (Total Registry), ETW tracing (ETW Explorer, ETW Studio), and numerous specialized utilities for debugging and system analysis.

These tools integrate well into Windows development and troubleshooting workflows. Developers can use PE analyzers and PDB viewers during debugging sessions, system administrators can leverage process monitors and registry tools for diagnostics, and security researchers can utilize memory viewers and driver monitors for analysis. All tools are standalone executables requiring no installation, making them portable and easy to deploy across different Windows systems for immediate use.