In this room, our focus has been on command-line built-in tools readily available on any modern MS Windows system. We didnโt cover Graphical User Interface (GUI) tools; moreover, we didnโt cover any programs requiring additional downloading and installation steps.
This task mentions three options that are not built-in command-line tools:
- Sysinternals Suite
- Process Hacker
- GhostPack Seatbelt
Sysinternals Suite
The Sysinternals Suite is a group of command-line and GUI utilities and tools that provides information about various aspects related to the Windows system. To give you an idea, we listed a few examples in the table below.
| Utility Name | Description |
|---|---|
| Process Explorer | Shows the processes along with the open files and registry keys |
| Process Monitor | Monitor the file system, processes, and Registry |
| PsList | Provides information about processes |
| PsLoggedOn | Shows the logged-in users |
Check Sysinternals Utilities Index for a complete list of the utilities. If you want to learn more and experiment with these different utilities, we suggest the Sysinternals room.
Process Hacker
Another efficient and reliable MS Windows GUI tool that lets you gather information about running processes is Process Hacker. Process Hacker gives you detailed information regarding running processes and related active network connections; moreover, it gives you deep insight into system resource utilization from CPU and memory to disk and network.
GhostPack Seatbelt
Seatbelt, part of the GhostPack collection, is a tool written in C#. It is not officially released in binary form; therefore, you are expected to compile it yourself using MS Visual Studio.