NirSoft一口气更新了四个软件,我就一口气都给发出来了
RegFromApp v1.20
Copyright (c) 2008 - 2009 Nir Sofer
DescriptionRegFromApp monitors the Registry changes made by the application that you selected, and creates a standard RegEdit registration file (.reg) that contains all the Registry changes made by the application. You can use the generated .reg file to import these changes with RegEdit when it's needed.
System RequirementsThis utility works on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7. Older versions of Windows are not supported. There is a separated version for x64 applications.
 Versions History- Version 1.20:
- RegFromApp now works properly with Windows 7.
- Added x64 version to work with x64 applications.
- Version 1.15:
- RegFromApp now automatically stops when the process that you inspect is terminated.
- RegFromApp now remembers that last sort in select process dialog-box.
- Added new command-line option: /AttachProcess
- RegFromApp now allows you to automatically save to .reg file and exit when the inspected process is terminated (/AutoSave in command-line)
- Version 1.10:
- New mode of RegFromApp - Display the original Registry values. (See below)
- RegFromApp now remembers that last settings of 'Start New Process'.
- Version 1.07:
- Added command-line support
- Added Drag & Drop support.
- Version 1.06:
- Fixed bug: When 'Add Only Modified Values' was checked, RegFromApp displayed Registry values that were created and then deleted.
- Version 1.05:
- Added support for delete Registry values.
- New option: 'Add Only Modified Values' - If this option is selected, a saved Registry value will be added only if it's different from the previous value.
- Added support for starting a new process.
- Version 1.00 - First release.
Using RegFromAppRegFromApp doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - RegFromApp.exe
After running it, select the process that you want to inspect, and click Ok. After clicking Ok, each time that the selected process writes a value into the Registry, the main window of RegFromApp will display the written value in Windows .reg file format. You can copy & paste the desired values to another Registry file, or alternatively, you can save the entire Registry changes into a .reg file by using the 'Save As' option.
Using RegFromApp In Windows VistaRegFromApp can work in Vista even when UAC (User Account Control) is turned on, as long as the process that you wish to inspect run in the same account and security context of RegFromApp. However, if you want to inspect a process that runs under administrator account, you must also run RegFromApp as administrator. (right-click on RegFromApp.exe and choose 'Run As Administrator')
RegFromApp Display ModesStarting from version 1.10, RegFromApp can work in 2 display modes:
- Show Last Modified Values (The default mode): In this mode, RegFromApp displays the last Registry changes made by the selected process.
- Show Original Values: In this mode, RegFromApp displays the original Registry values, as they were before the changes made by the selected process.
Command-Line Options| /AttachProcess <Process ID or .exe Filename> [td]Attach the existing process. You can specify a process ID or process filename. | | /RunProcess <exe filename> [td]Run the specified process | | /ProcessParams <parameters> [td]Specify parameters for the process that you run with /RunProcess. | | /StartImmediately <0 | 1> [td]Specify the "Start Immediately" value (0 or 1). | | /RegFileVersion <4 | 5> [td]Specify the .Reg file version (4 or 5) | | /AddOnlyModifiedValues <0 | 1> [td]Specify the value for "Add Only Modified Values" (0 or 1) | | /AutoSave <.reg filename - modified> <.reg filename - original> [td]When you specify this option, RegFromApp automatically save the data to .reg files and exit when the process that you inspect is terminated. |
Examples:
RegFromApp.exe /RunProcess "f:\temp\myprocess.exe" /AutoSave "f:\temp\reg_modified.reg" "f:\temp\reg_original.reg"
RegFromApp.exe /AttachProcess "f:\temp\myprocess.exe"
RegFromApp.exe /AttachProcess 1528 Translating RegFromApp to other languagesIn order to translate RegFromApp to other language, follow the instructions below:
- Run RegFromApp with /savelangfile parameter:
RegFromApp.exe /savelangfile
A file named RegFromApp_lng.ini will be created in the folder of RegFromApp utility. - Open the created language file in Notepad or in any other text editor.
- Translate all string entries to the desired language. Optionally, you can also add your name and/or a link to your Web site. (TranslatorName and TranslatorURL values) If you add this information, it'll be used in the 'About' window.
- After you finish the translation, Run RegFromApp, and all translated strings will be loaded from the language file.
If you want to run RegFromApp without the translation, simply rename the language file, or move it to another folder.
LicenseThis utility is released as freeware. You are allowed to freely distribute this utility via floppy disk, CD-ROM, Internet, or in any other way, as long as you don't charge anything for this. If you distribute this utility, you must include all files in the distribution package, without any modification !
DisclaimerThe software is provided "AS IS" without any warranty, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The author will not be liable for any special, incidental, consequential or indirect damages due to loss of data or any other reason.
FeedbackIf you have any problem, suggestion, comment, or you found a bug in my utility, you can send a message to nirsofer@yahoo.com
简体中文语言包:
http://www.nirsoft.net/utils/trans/regfromapp_schinese.zip
ProcessActivityView v1.10
Copyright (c) 2008 Nir Sofer
DescriptionProcessActivityView creates a summary of all files and folders that the selected process tries to access. For each file that the process access, the following information is displayed: Number of times that the file was opened and closed, number of read/write calls, total number of read/write bytes, the dll that made the last open-file call, and more...
System RequirementsThis utility works on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7. Older versions of Windows are not supported. There is a separated download for x64 applications.
 Versions History- Version 1.10:
- ProcessActivityView now works properly with Windows 7.
- Added x64 version to work with x64 applications.
- Version 1.06:
- ProcessActivityView now automatically stops when the process that you inspect is terminated.
- ProcessActivityView now remembers that last sort in select process dialog-box.
- Version 1.05:
- Added command-line support
- Added Drag & Drop support.
- Version 1.04:
- New option: Open Selected File.
- New option: Copy Filename String.
- Version 1.03:
- Added option to start a new process.
- Version 1.02:
- Removed the automatic requirement to run as admin under Vista.
- Version 1.01:
- Fixed bug: The handle of helper dll remained opened after detaching from the inspected process.
- Fixed bug: IE7 in Vista crashed when detaching from the IE process.
- Version 1.00 - First release.
Using ProcessActivityViewProcessActivityView doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - ProcessActivityView.exe
After running it, select the process that you want to inspect, and click Ok. After clicking Ok, ProcessActivityView will start to display the information about any file that is opened by the selected process.
Using ProcessActivityView In Windows VistaProcessActivityView can work in Vista even when UAC (User Account Control) is turned on, as long as the process that you wish to inspect run in the same account and security context of ProcessActivityView. However, if you want to inspect a process that runs under administrator account, you must also run ProcessActivityView as administrator. (right-click on ProcessActivityView.exe and choose 'Run As Administrator')
How Does It Work ?After you select a process, ProcessActivityView inject a special helper dll (ProcessActivityViewHelper.dll) into the selected process. This dll intercepts the internal file I/O API of Windows, and sends the information back to ProcessActivityView utility.
Command-Line Options| /RunProcess <exe filename> [td]Run the specified process | | /ProcessParams <parameters> [td]Specify parameters for the process that you run with /RunProcess. | | /StartImmediately <0 | 1> [td]Specify the "Start Immediately" value (0 or 1). |
Translating ProcessActivityView to other languagesIn order to translate ProcessActivityView to other language, follow the instructions below:
- Run ProcessActivityView with /savelangfile parameter:
ProcessActivityView.exe /savelangfile
A file named ProcessActivityView_lng.ini will be created in the folder of ProcessActivityView utility. - Open the created language file in Notepad or in any other text editor.
- Translate all string entries to the desired language. Optionally, you can also add your name and/or a link to your Web site. (TranslatorName and TranslatorURL values) If you add this information, it'll be used in the 'About' window.
- After you finish the translation, Run ProcessActivityView, and all translated strings will be loaded from the language file.
If you want to run ProcessActivityView without the translation, simply rename the language file, or move it to another folder.
LicenseThis utility is released as freeware. You are allowed to freely distribute this utility via floppy disk, CD-ROM, Internet, or in any other way, as long as you don't charge anything for this. If you distribute this utility, you must include all files in the distribution package, without any modification !
DisclaimerThe software is provided "AS IS" without any warranty, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The author will not be liable for any special, incidental, consequential or indirect damages due to loss of data or any other reason.
FeedbackIf you have any problem, suggestion, comment, or you found a bug in my utility, you can send a message to nirsofer@yahoo.com
简体中文语言包:
http://www.nirsoft.net/utils/trans/processactivityview_schinese.zip
SocketSniff v1.05
Copyright (c) 2008 - 2009 Nir Sofer
DescriptionSocketSniff allows you to watch the Windows Sockets (WinSock) activity of the selected process.
For each created socket, the following information is displayed: socket handle, socket type, local and remote addresses, local and remote ports, total number of send/receive bytes, and more. You can also watch the content of each send or receive call, in Ascii mode or as Hex Dump.
System RequirementsThis utility works on Windows 2000, Windows XP, Windows Server 2003, Windows Server 2008, Windows Vista, and Windows 7 (32-bit only). Older versions of Windows are not supported.
 Versions History- Version 1.05:
- SocketSniff now also works on Windows 7.
- Version 1.02:
- SocketSniff now automatically stops when the process that you inspect is terminated.
- SocketSniff now remembers that last sort in select process dialog-box.
- Version 1.01 - Add more information for error 65521.
- Version 1.00 - First release.
Using SocketSniffSocketSniff doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - SocketSniff.exe
After running it, select the process that you want to inspect, and click Ok. You must select a process that already loaded the winsock library, otherwise, the action will fail. After clicking Ok, SocketSniff will start showing the activity of Windows socket for the selected process.
The upper pane displays the list of all created sockets. When selecting a socket in the upper pane, the lower pane displays the receive and send calls of the selected socket.
Using SocketSniff In Windows VistaSocketSniff can work in Vista even when UAC (User Account Control) is turned on, as long as the process that you wish to inspect run in the same account and security context of SocketSniff. However, if you want to inspect a process that runs under administrator account, you must also run SocketSniff as administrator. (right-click on SocketSniff.exe and choose 'Run As Administrator')
Translating SocketSniff to other languagesIn order to translate SocketSniff to other language, follow the instructions below:
- Run SocketSniff with /savelangfile parameter:
SocketSniff.exe /savelangfile
A file named SocketSniff_lng.ini will be created in the folder of SocketSniff utility. - Open the created language file in Notepad or in any other text editor.
- Translate all string entries to the desired language. Optionally, you can also add your name and/or a link to your Web site. (TranslatorName and TranslatorURL values) If you add this information, it'll be used in the 'About' window.
- After you finish the translation, Run SocketSniff, and all translated strings will be loaded from the language file.
If you want to run SocketSniff without the translation, simply rename the language file, or move it to another folder.
LicenseThis utility is released as freeware. You are allowed to freely distribute this utility via floppy disk, CD-ROM, Internet, or in any other way, as long as you don't charge anything for this. If you distribute this utility, you must include all files in the distribution package, without any modification !
DisclaimerThe software is provided "AS IS" without any warranty, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The author will not be liable for any special, incidental, consequential or indirect damages due to loss of data or any other reason.
FeedbackIf you have any problem, suggestion, comment, or you found a bug in my utility, you can send a message to nirsofer@yahoo.com
简体中文语言包:
http://www.nirsoft.net/utils/trans/socketsniff_schinese.zip
帖子过长,二楼继续 |
发表于 2009-6-3 20:37:35
楼主
How does it work ?RunAsDate intercepts the kernel API calls that returns the current date and time (GetSystemTime, GetLocalTime, GetSystemTimeAsFileTime), and replaces the current date/time with the date/time that you specify. 