This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions.
Restore tombstoned Active Directory objects in Server 2003 domains
Bypass password screen during logon
CacheSet is a program that allows you to control the Cache Manager's working set size using functions provided by NT. It's compatible with all versions of NT and full source code is provided.
This is a kernel-mode driver that demonstrates keyboard input filtering just above the keyboard class driver in order to turn caps-locks into control keys. Filtering at this level allows conversion and hiding of keys before NT even "sees" them. Full source is included. Ctrl2cap also shows how to use NtDisplayString() to print messages to the initialization blue-screen.
Device Object Security
Are your device objects as secure as they should be? Learn what permissions are applied to the objects you create with IoCreateDevice and get introduced to kernel-mode security APIs that can be used to close potential device object security holes.
Display volume disk-mappings
Formatx and Chkdskx v1.0
Complete source code for chkdsk and format clone programs. These examples demonstrate the use of file system utility functions that you can incorporate into your own applications.
This utility expands the NT 4.0 Recycle Bin to catch file deleted from command prompts and within programs, and it comes with full source code. Several powerful device driver techniques, including getting a user's SID within a driver, enumerating a directory's contents, and generating IRPs, are demonstrated in source code available for download.
Inside Disk Defragmenting
Find out about the APIs Windows NT Defragmentation products use, and download a free defragmenting demonstration program, complete with full source.
Inside the Disk Key
The HKLM\System\Disk\Information value is the heart of NT's disk administration. It contains information on drive mappings and fault tolerant configurations. In this article I go inside the Disk\Information value to describe its format, and provide source code to a program, Diskkey, that reads and decodes it.
Create Win2K NTFS symbolic links
Learn about the computer SID problem everybody has been talking about and get a free computer SID changer, NewSID, complete with full source code.
Use NTFSInfo to see detailed information about NTFS volumes, including the size and location of the Master File Table (MFT) and MFT-zone, as well as the sizes of the NTFS meta-data files.
This applet reports processor and Windows support for Physical Address Extensions and No Execute buffer overflow protection.
Securely overwrite your sensitive files and cleanse your free space of previously deleted files using this DoD-compliant secure delete program. Complete source code is included.
Scan file shares on your network and view their security settings to close security holes.
See all open TCP and UDP endpoints. On Windows NT, 2000 and XP TCPView even displays the name of the process that owns each endpoint. Includes a command-line version, tcpvcon.
Tips and Trivia
Source code for a few interesting applets.
Watch security-related activity, including logon, logoff, privilege usage, and impersonation with this monitoring tool. Full source code included.
Here are the complete sources for a VCACHE replacement called TVCACHE (turbo-VCACHE). This version of VCACHE implements compression of cache buffers in an effort to improve performance. It documents the VCACHE interface for use in your own file systems work (or for caching of arbitrary data) in the source code implementation.
A VCache (Windows 95 disk cache) monitor, from our May 1996 Dr. Dobb's Journal article on VxD Service hooking. Full source is included.
VxDMon provides a never-before-seen look into Windows 95 VxDs. See how VxDs interact with one another and monitor the performance of VxD services, including your own.