They have started an "Easter Egg challenge" some days ago: NirSoft Easter Egg challenge: Find 10+ new tools hidden in NirSoft Web site (March 27, 2018) and today they have published the tools officially on their website. Website Summary of all new tools: Spoiler: 14 new NirSoft tools - Easter 2018 AllThreadsView is a simple tool for Windows that displays a list of all running threads from all processes on your system in one table. For every thread, the following information is displayed: Thread ID, Creation Time, Kernel Time, User Time, Duration, Start Address, Priority, Base Priority, Context Switch Count, Context Switch Change (Since the last refresh), Wait Reason, Process ID, Process Path. KeyboardStateView is a simple tool for Windows that displays the current state and virtual key code of every key you press. It also allows you to view the current state of all keyboard keys. For every key, the following information is displayed: Key Name (VK_XXXX ), Description, Key Code (Decimal), Key Code (Hexadecimal), Key Pressed Status, Key Toggled Status (Useful for Num Lock, Caps Lock), and last time that the key was pressed. HandleCountersView is a simple tool for Windows that shows the current number of handles (File, Directory, Token, Job, Thread, and so on...) opened by every process running on your system and the change in number of handles since the last time that you reset the counters. ProcessTCPSummary is a simple tool for Windows that displays a summary of all process that have TCP connections or listening UDP ports. For every process, this tool displays the total number of TCP connections, number of TCP connections for each status (Established, Listening, Syn-Sent, Syn-Received...), number of IPv4 TCP connections, number of IPv6 TCP connections, common port numbers, and more... If you run ProcessTCPSummary as Administrator, you can also watch the number of TCP/UDP bytes sent and received by every process as well as the current send/receive speed. OfflineRegistryView is a simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format. OfflineRegistryFinder is a tool for Windows that allows you to scan Registry files from external drive and find the desired Registry keys/values/data according to the search criteria you define. After OfflineRegistryFinder displays the search result, you can easily select one or more items and then export them into a .reg file that can be used to import in the RegEdit tool of Windows. AppCompatibilityView is a simple tool that displays the list of all programs that run with different compatibility settings, stored in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers keys. It also allows you to easily modify or delete the compatibility settings of multiple applications at once. AppAudioConfig Starting from Windows Vista, you are allowed to change the sound volume of every application separately, and after you exit from the application, the last settings are saved in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore so in the next time you run the application, your last settings are used. This tool displays your current audio settings of every application on your system, and allows you to easily change the setting of multiple applications at once. You can change the mute/unmute status, the sound volume level, and the right/left audio balance of the application. EdgeCookiesView is a tool for Windows that displays the cookies stored by newer versions of Microsoft Edge Web browser (Starting from Fall Creators Update 1709 of Windows 10). It also allows you to select one or more cookies and then export them to tab-delimited, csv file, html file, or to a file in cookies.txt format. You can read the cookies from the current running system or from the WebCacheV01.dat database on external hard drive. FileActivityWatch is a tool for Windows that displays information about every read/write/delete operation of files occurs on your system. For every file, FileActivityWatch displays the number of read/write bytes, number of read/write/delete operations, first and last read/write timestamp, and the name/ID of the process responsible for the file operation. AppReadWriteCounter is a tool for Windows that counts and displays the current file read/write operations of every application running on your system. It displays the number of read/write bytes, the number of read/write operations, current calculated read/write speed, and the details about the application (product name, product version, and so on) that makes the file read/write operations. LiveTcpUdpWatch is a tool for Windows that displays live information about all TCP and UDP activity on your system. Every line in the main table of LiveTcpUdpWatch displays the protocol (TCP/UDP/IPv4/IPv6), local/remote IP address, local/remote port, number of sent/received bytes, number of sent/received packets, connect/disconnect time (For TCP only), and the process (ID and path) responsible for this activity. FileAccessErrorView is a diagnostic tool for Windows that displays information about errors occur while programs running on your system try to open/read/write/delete a file. FileAccessErrorView displays the filename that the application tried to open/read/write/delete, the process id/name of the application, the error code (NTSTATUS code), the description of the error code, the number of times that this error occurred, and the timestamp of this error. AppNetworkCounter is a simple tool for Windows that counts and displays the number of TCP/UDP bytes and packets sent and received by every application on your system. For every application, the following information is displayed: the number of sent and received bytes, number of sent and received packets, number of sent/received IPv4 bytes, and number of sent/received IPv6 bytes. It also displays the version information of the application - Product Name, Product Version, File Description, and Company Name. There are Easter eggs hidden in some tools Blog-entry: Easter eggs in NirSoft tools ?! (March 26, 2018)
Awesome That guy is off-the-charts! I been dedicated tracking that site since Windows 98 and he keeps rolling out updates and new releases as much as ever.
Sysinternals vs Nirsoft = no contest. These toolsets are complimentary and I find myself using them equally.
NirSoft I have readily available USBDeview, AlternateStreamView, BlueScreenView, SearchMyFiles, & ShellExView. SysInternals I have readily available Autoruns, & Process Explorer.
List all Windows programs with compatibility settings with AppCompatibilityView March 30, 2018 https://www.ghacks.net/2018/03/30/l...atibility-settings-with-appcompatibilityview/ FileActivityWatch: monitor read/write operations on Windows April 04, 2018 https://www.ghacks.net/2018/04/04/fileactivitywatch-monitor-read-write-operations-on-windows/
Display all TCP and UDP network activity on Windows April 20, 2018 https://www.ghacks.net/2018/04/20/display-all-tcp-and-udp-network-activity-on-windows/