New at NirSoft

Submit portable freeware that you find here. It helps if you include information like description, extraction instruction, Unicode support, whether it writes to the registry, and so on.
Message
Author
billon
Posts: 598
Joined: Sat Jun 23, 2012 4:28 pm

Re: New at NirSoft

#301 Post by billon » Sun Apr 01, 2018 5:05 pm

AppReadWriteCounter

https://www.nirsoft.net/utils/app_read_ ... unter.html
AppReadWriteCounter is a tool for Windows that counts and displays the current file read/write operations of every application running on your system. It displays the number of read/write bytes, the number of read/write operations, current calculated read/write speed, and the details about the application (product name, product version, and so on) that makes the file read/write operations.
Image
Image

billon
Posts: 598
Joined: Sat Jun 23, 2012 4:28 pm

AppReadWriteCounter

#302 Post by billon » Sun Apr 01, 2018 5:07 pm

Image

billon
Posts: 598
Joined: Sat Jun 23, 2012 4:28 pm

Re: New at NirSoft

#303 Post by billon » Sun Apr 01, 2018 5:49 pm

ProcessTCPSummary

https://www.nirsoft.net/utils/process_tcp_summary.html
ProcessTCPSummary is a simple tool for Windows that displays a summary of all process that have TCP connections or listening UDP ports. For every process, this tool displays the total number of TCP connections, number of TCP connections for each status (Established, Listening, Syn-Sent, Syn-Received...), number of IPv4 TCP connections, number of IPv6 TCP connections, common port numbers, and more...
If you run ProcessTCPSummary as Administrator, you can also watch the number of TCP/UDP bytes sent and received by every process as well as the current send/receive speed.
Image
Image

billon
Posts: 598
Joined: Sat Jun 23, 2012 4:28 pm

ProcessTCPSummary

#304 Post by billon » Sun Apr 01, 2018 5:50 pm

Image

User avatar
webfork
Posts: 7949
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: ProcessTCPSummary

#305 Post by webfork » Sun Apr 01, 2018 6:12 pm

billon wrote:
Sun Apr 01, 2018 5:50 pm
Added to the database, please vote[/url]
Voted for both, thanks for adding. Great to see NirSoft is still putting together some really great Windows analysis tools.

billon
Posts: 598
Joined: Sat Jun 23, 2012 4:28 pm

Re: New at NirSoft

#306 Post by billon » Sun Apr 01, 2018 6:23 pm

FileActivityWatch

https://www.nirsoft.net/utils/file_activity_watch.html
FileActivityWatch is a tool for Windows that displays information about every read/write/delete operation of files occurs on your system. For every file, FileActivityWatch displays the number of read/write bytes, number of read/write/delete operations, first and last read/write timestamp, and the name/ID of the process responsible for the file operation.
Image
Image

billon
Posts: 598
Joined: Sat Jun 23, 2012 4:28 pm

FileActivityWatch

#307 Post by billon » Sun Apr 01, 2018 6:24 pm

Image

billon
Posts: 598
Joined: Sat Jun 23, 2012 4:28 pm

Re: New at NirSoft

#308 Post by billon » Sun Apr 01, 2018 6:50 pm

AllThreadsView

https://www.nirsoft.net/utils/all_threads_view.html
AllThreadsView is a simple tool for Windows that displays a list of all running threads from all processes on your system in one table. For every thread, the following information is displayed: Thread ID, Creation Time, Kernel Time, User Time, Duration, Start Address, Priority, Base Priority, Context Switch Count, Context Switch Change (Since the last refresh), Wait Reason, Process ID, Process Path.
Image
Image

billon
Posts: 598
Joined: Sat Jun 23, 2012 4:28 pm

AllThreadsView

#309 Post by billon » Sun Apr 01, 2018 6:51 pm

Image

billon
Posts: 598
Joined: Sat Jun 23, 2012 4:28 pm

Re: New at NirSoft

#310 Post by billon » Sun Apr 01, 2018 7:44 pm

OfflineRegistryFinder

https://www.nirsoft.net/utils/offline_r ... inder.html
OfflineRegistryFinder is a tool for Windows that allows you to scan Registry files from external drive and find the desired Registry keys/values/data according to the search criteria you define. After OfflineRegistryFinder displays the search result, you can easily select one or more items and then export them into a .reg file that can be used to import in the RegEdit tool of Windows.

OfflineRegistryFinder can also be used for Registry scan of your running operating system. You simply have to create a Registry snapshot, and then scan this snapshot with OfflineRegistryFinder. Searching in a Registry snapshot is usually much faster then searching in the Registry of running system.

Search in the Registry of your running operating system

If you want to search in the Registry of your running operating system, simply click the 'Create Registry Snapshot' button, choose the folder to create the snapshot and the Registry hives to dump, and then click the 'Create Snapshot' button.
After the snapshot is created, the snapshot folder is filled in the folder field and then you can run your searches.
Be aware that creating a Registry snapshot requires elevation (Run As Administrator).

Searching in older version of the Registry

If you accidentally deleted a Registry key/value, you can try to find it by searching in a shadow copy. If you have shadow copy on your system, it'll be added to the top combo-box (It looks like \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 )
Simply choose the shadow copy in the top combo box, click the 'Automatic Fill' button and then run your search. Be aware that for searching in HKEY_LOCAL_MACHINE of a shadow copy, you must run OfflineRegistryFinder as Administrator.
Image

Image
Image

billon
Posts: 598
Joined: Sat Jun 23, 2012 4:28 pm

OfflineRegistryFinder

#311 Post by billon » Sun Apr 01, 2018 7:47 pm

Image

billon
Posts: 598
Joined: Sat Jun 23, 2012 4:28 pm

Re: New at NirSoft

#312 Post by billon » Sun Apr 01, 2018 8:23 pm

LiveTcpUdpWatch

https://www.nirsoft.net/utils/live_tcp_udp_watch.html
LiveTcpUdpWatch is a tool for Windows that displays live information about all TCP and UDP activity on your system. Every line in the main table of LiveTcpUdpWatch displays the protocol (TCP/UDP/IPv4/IPv6), local/remote IP address, local/remote port, number of sent/received bytes, number of sent/received packets, connect/disconnect time (For TCP only), and the process (ID and path) responsible for this activity.

LiveTcpUdpWatch vs CurrPorts vs NetworkTrafficView

This tool may look very similar to other tools of NirSoft - CurrPorts and NetworkTrafficView, but every tool behave differently and uses different technique to extract the network information.
  • CurrPorts displays the current table of active TCP connections and TCP/UDP listening ports. but this technique has some disadvantages, for example, if UDP packets are sent from your computer to remote network address, you won't see it with CurrPorts, because with UDP there is no really a connection and the UDP table contains only listening UDP ports. The advantage of CurrPorts is the ability to use it without elevation (Run As Administrator).
  • NetworkTrafficView uses network sniffing technique - It analyzes every packet sent/received by your network card and displays extensive summary according to the display mode you choose. The disadvantages of this tool: You have to choose a network card and capture method for activating the network sniffer.
  • LiveTcpUdpWatch uses event tracing API to get live information from Windows Kernel about every TCP/UDP packet sent/received on your system. As opposed to CurrPorts, it captures all UDP activity with process information, but without the need of using a network sniffer.
Image
Image

billon
Posts: 598
Joined: Sat Jun 23, 2012 4:28 pm

LiveTcpUdpWatch

#313 Post by billon » Sun Apr 01, 2018 8:24 pm

Image

billon
Posts: 598
Joined: Sat Jun 23, 2012 4:28 pm

Re: New at NirSoft

#314 Post by billon » Sun Apr 01, 2018 8:46 pm

FileAccessErrorView

https://www.nirsoft.net/utils/file_acce ... _view.html
FileAccessErrorView is a diagnostic tool for Windows that displays information about errors occur while programs running on your system try to open/read/write/delete a file. FileAccessErrorView displays the filename that the application tried to open/read/write/delete, the process id/name of the application, the error code (NTSTATUS code), the description of the error code, the number of times that this error occurred, and the timestamp of this error.

Be aware: The fact that application get an error while trying to access a file doesn't mean that something is wrong in this application. In fact, in most programs you'll see some file access errors as a normal operation of the software. However, if you have a program that hangs or crashes, this tool may give you an hint about the cause of the problem. For example: If a program hangs because it tries to access a file on a remote disconnected computer, this tool will display the network path that the program is trying to access.

'Skip Common Errors' Option

By default, FileAccessErrorView ignores the following error codes, because they appear frequently in programs that run normally without any problem: 0xc0000034 (The object name is not found) , 0xc0000035 (The object name already exists.), 0xc00000ba (The file that was specified as a target is a directory, and the caller specified that it could be anything but a directory.), 0xc0000011 (The end-of-file marker has been reached. There is no valid data in the file beyond this marker.), 0xc000003a (Path Not Found)

If you don't want to skip these errors, you can turn off the 'Skip Common Errors' option (under the Options menu).
Image
Image

billon
Posts: 598
Joined: Sat Jun 23, 2012 4:28 pm

FileAccessErrorView

#315 Post by billon » Sun Apr 01, 2018 8:47 pm

Image

Post Reply