Jul 222015
Please Share...


Get-SPFeature is a command used to list out all the features in a SharePoint farm (scope can be set). You can scope this command to different levels, the levels are…

  • Farm – Only SharePoint farm level features are displayed
  • Web Application – Only web application level features are displayed
  • Site – Only site level features are displayed
  • Web – For sub sites


#Display all SharePoint farm features
Get-SPFeature –Limit All
Scoping features…
#Display all SharePoint features scoped to farm
Get-SPFeature -Limit ALL | Where-Object {$_.Scope -eq "FARM"}

#Display all SharePoint features scoped to web application
Get-SPFeature -Limit ALL | Where-Object {$_.Scope -eq "webapplication"}

#Display all SharePoint features scoped to site
Get-SPFeature -Limit ALL | Where-Object {$_.Scope -eq "site"}

#Display all SharePoint features scoped to web
Get-SPFeature -Limit ALL | Where-Object {$_.Scope -eq "web"}
List all features in a Site Collection…

#Displays all SharePoint features for a site collection using Grid view

Get-SPSite http://mysiteurl | Get-SPWeb -Limit ALL |%{ Get-SPFeature -Web $_ } | Out-GridView –Title “All features for this site”

Sample Grid Output…
All Features in a Sharepoint Site Collection


#For detailed help type in… Get-Help Get-SPFeature –Full

Please Share...
May 012015
Please Share...

Here are some sample PowerShell commands to manipulate XML contents in memory and then later dump them to an XML file. I’ve added comments inline to explain a line of PowerShell command.

#Clear output

#Sample XML content
$xml = @'
<?xml version="1.0" encoding="UTF-8"?>
<book genre="novel" style="hardcover">
<title>The Handmaid's Tale</title>
<book genre="novel" style="other">
<title>The Poisonwood Bible</title>
<book genre="novel" style="paperback">
<title>The Bean Trees</title>

# Dump XML to output window

#Get all attributes named "genre" from above XML
$nodes = $xml.SelectNodes("//@genre")
#Output: 3

#Get first book in the XML
$firstbook = $xml.SelectSingleNode("/bookstore/book[1]")
#Output: <title>The Handmaid's Tale</title><author><first-name>Margaret</first-name><last-name>Atwood</last-name></author><price>19.95</price>

# Using Select-Xml: Get last book in the XML
$selxml = Select-Xml -Xml $xml -XPath "/bookstore/book[last()]"
#Output: <title>The Bean Trees</title><author><first-name>Barbara</first-name><last-name>Kingsolver</last-name></author><price>5.99</price>

# Filter out nodes based on conditions, dump titles of books whose price is greater than 11
$xml.SelectNodes("/bookstore/book[price>11]/title") | Format-Table
#Output: #text 
 # ----- 
 #The Handmaid's Tale 
 #The Poisonwood Bible
# Modify XML value of a node, change price
$xml.SelectSingleNode("/bookstore/book[price<11]/price") #Old price
$xml.SelectSingleNode("/bookstore/book[price<11]/price").InnerText = 10 #New Price
$xml.SelectSingleNode("/bookstore/book[price<11]/price") #Print new price
#Output: #text 

#Save XML
Please Share...
Nov 252014
Please Share...

What’s ResourceDigger?

Wrote a utility (long back) for displaying resources from binary files, recently did some modifications as well. We know visual studio does provide a similar functionality but this one’s better with respect to viewing resources. You can view as many resource files as you like (haven’t put a limit). You can drag and drop folders or binaries into the application to get them loaded. Loads up any binary as long LoadLibrary succeeds. Quite useful for a quick view of resources in a binary file, will add editing of resources in the next version of this tool. Hope this helps.

Here is a screenshot of how the tool looks…

ResourceDigger: Application Screenshot

How to use ResourceDigger

Easy to use. Just drag and drop a folder or a bunch of executables. Or…
To load an executable press Ctrl + L or Load Exe toolbar button

ResourceDigger: Load Executable

To load a folder press Ctrl +D, or Scan Folder toolbar button. Select “Load Sub Directories” if you want to recurse into sub-directories.

ResourceDigger: Load a folder of resources

What features are supported in ResourceDigger

Some of the features supported by the application…

  • Viewing animated gifs, normal gifs, pngs, jpegs, bmps, HTML files, manifest files.
  • Display group icons, cursors with detailed description of each of them… See screenshot…
    ResourceDigger: Icon Group Display
  • Friendly display of accelerator table, a good way to know all the shortcuts provided by an application…
    ResourceDigger: Accelerator Resource
  • Friendly display of string table…
    ResourceDigger: String table resource
  • Displays resources in all available languages
    ResourceDigger: Multi Languages Resource
    ResourceDigger: Multi Language Dialog Resource
  • Animated view of AVI file. With a toolbar to control frames in the AVI file.
    ResourceDigger: Version Resource
  • Version display… (there are few issues, I’m working on them)
  • Clear view of registry resources…
    ResourceDigger: Registry Resource
  • Toolbar resource view…
    ResourceDigger: Toolbar Resource
  • Menu resource display…
    ResourceDigger: Menu Resource
  • Hex display of custom resources…
    ResourceDigger: Hex display of unknown resources

Known Issues

  • Hangs up if you give a folder with a humungous list of binaries.
  • This is not multithreaded so just be patient until resources finish loading.


Press ‘*’ on a particular node to expand all its child nodes.

Download Link (rename from .Jpg to .exe)

Do let me know your suggestions…

Please Share...
Nov 212014
Please Share...

TextAnalysisTool.Net to analyze large log files

This tool is written by . Recently bumped into this tool during an internal presentation and since the tool is available for public download I thought I’ll share this with my audience as well. I think this is pretty handy to analyze large log files like MSBuild logs, other traces etc.

Animated Screenshot

TextAnalysisTool.NET Demonstration

Download Link

David’s blog
Direct download

Please Share...
Nov 192014
Please Share...


I’m writing this post to tell my readers that MFC support for MBCS is now deprecated. I’ve been reading several posts and internal emails within Microsoft. For customer’s who are deep rooted into MBCS, please wake up, start removing this piece from your codebase (so easy to say).

MFC support for MBCS is now Deprecated

MFC support for MBCS is now deprecated in Visual Studio 2013 and Visual Studio 2015. So eventually MBCS will be removed from the product entirely but (could be, maybe) could remain as a separate download. The term deprecation means gradually this thing will be removed. We normally start with warnings and then eventually we remove it. So now in 2013 is you build a project with MBCS support note that you’ll start to see a warning saying MFC support for MBCS is deprecated, time to move on. You can of course, as always, disable this warning using #define NO_WARN_MBCS_MFC_DEPRECATION.

Reasons why MFC support for MBCS is Deprecated

After reading blogs and comments the reasons that I could gather are as follows…

  • Research by Microsoft has shown that usage of MBCS by customer’s has significantly gone down.
  • Unicode is already popular and it can represent almost every language.
  • Native Windows API’s has been supporting Unicode interface for a long time now hence MFC will now be more aligned with the SDK as well, gets rid of the performance hits customer’s run into while using non-Unicode API’s. These API’s will eventually convert non-Unicode parameters to Unicode and then call corresponding Unicode version of this API, for e.g. GetWindowTextA will eventually call GetWindowTextW to get a window’s text.
  • Faster downloads. Reduced size of MFC libraries since these days Visual Studio is downloaded instead of being written onto a disk. MBCS libraries are now available as a separate download package. The size of the package is showing up as 64.3 MB. Doesn’t sound that huge though!

Why Would Somebody Still Require MFC Support for MBCS?

Few reasons that I could think off are as follows…

  1. Large codebase.
  2. Huge cost on testing code changes as the changes will be significant and impact will be huge as well. The benefits of this change to end customer is pretty trivial though.
    1. For him the application worked then and it will continue working.
    2. End customer will also might have do some heavy testing if they’re dependent on a library which removed MBCS support. So library vendors will have a pain there as well.
    3. Government customers will be affected as well as they have their own code validation process before accepting an application from a vendor.
  3. Reading in old data files or data from databases (?).
  4. Customer’s who have portable code cannot convert to UTF-16 just like that. They might have to eventually rewrite something just for Windows. Surprised smile


  • MBCS as of now will come as a separate download. See below screenshot…
    VS2015 download link
    MFC support for MBCS
  • Do not move to a newer version of Visual Studio which doesn’t support MBCS, that’s what I would do if I’m worried about about MBCS eventually not being supported by an IDE version.
  • Raise your voice, let it be heard.


MFC support for MBCS deprecated in Visual Studio 2013
Download Visual Studio 2015

Please Share...
Nov 052014
Please Share...

What’s a Command Prompt?

This is the line of text prefixed automatically by the environment to the command you’re writing for an e.g. see below screenshot…

Customizing Command Prompt

How Can I Customize The Command Prompt?

Microsoft provides a built in command named as Prompt. As the name suggests this just help customize the prompt text shown in a command window. See the help for this command…

c:\Windows\System32>prompt /?
Changes the cmd.exe command prompt.


text    Specifies a new command prompt.

Prompt can be made up of normal characters and the following special codes:

$A   & (Ampersand)
$B   | (pipe)
$C   ( (Left parenthesis)
$D   Current date
$E   Escape code (ASCII code 27)
$F   ) (Right parenthesis)
$G   > (greater-than sign)
$H   Backspace (erases previous character)
$L   < (less-than sign)
$N   Current drive
$P   Current drive and path
$Q   = (equal sign)
$S     (space)
$T   Current time
$V   Windows version number
$_   Carriage return and linefeed
$$   $ (dollar sign)

If Command Extensions are enabled the PROMPT command supports
the following additional formatting characters:

$+   zero or more plus sign (+) characters depending upon the
depth of the PUSHD directory stack, one character for each
level pushed.

$M   Displays the remote name associated with the current drive
letter or the empty string if current drive is not a network

Some Killer Sample Prompt Commands and Their Output

Please refer above help to figure what every character after the $ mean…

  • Command: prompt ——$G$P$G
    • New Prompt: ——>c:\Windows\System32>
  • Command: c:\Windows\System32>prompt $V$G$P$G
    • New Prompt: Microsoft Windows [Version 6.3.9600]>c:\Windows\System32>
  • Command: c:\Windows\System32>|>prompt $P$G$B$+$G
    • New Prompt: c:\Windows\System32>|>.
      The above prompt adds a ‘+’ sign for every pushd you do and removes the last ‘+’ after a popd. See below…
  • c:\Windows\System32>|>pushd c:\
    c:\>|+>pushd e:\
  • Funky Command:  prompt ╔═════════════════════╗$_║$P:$G$+║$_╚═════════════════════╝$_
    • New Prompt:

This just shows that you can customize the prompt to some extent. Above prompt will be ok if the current directory path is a small one but once it gets bigger you’ll have to adjust the square…

How to Make the Command Prompt Permanent?

Your custom command prompt will stick only for this session of cmd. If you start another instance of a cmd.exe you’ll end up seeing the default value or the one that’s setup elsewhere (as shown below).

So the question is how do we setup a command prompt that stays across sessions? Via the environment variable PROMPT. See below for my case…

Permanently Customizing Command Prompt

My personal favorite prompt is the one set by following command…


To set this as your prompt you can add an environment variable called PROMPT. Open environment variable window and then add the value as shown below…

Permanently Customizing Command Prompt

So now if you open a cmd instance you should see the following prompt…

Permanently Customizing Command Prompt

How do I revert my changes to the Command Prompt?

Valid question. To revert back to the original prompt, just type in command PROMPT without any arguments. You should see the prompt revert back to default. You might also want to remove the environment variable PROMPT else for next session you’ll again see the prompt you’ve setup.

Please Share...
Oct 292014
Please Share...

What’s Z7 and Zi?

These are compiler switches which tells the compiler where to dump debugging information collected from a C/C++ source file during compilation. Z7 tells the compiler to dump debugging information into a .obj file. Zi tells the compiler to dumps debugging information into an intermediate .pdb file.

What’s the Difference between Z7 and Zi?

Regarding Z7…

This option produces a .obj file containing full symbolic debugging information for every C/C++ source compiled for use with the linker. The symbolic debugging information includes the names and types of variables, as well as functions and line numbers. .Obj files get bigger in size because of the debugging information dumped in by the compiler into this file and then bloats your disk. /Z7 is based on the old code view format. This option introduces additional burden on the linker to parse every .obj file for debugging information. These .obj files will then be collated into a one .pdb file which will normally be named after the executable file name during linking phase.

Advantages of using Z7 switch
  • Good thing here is that there is no contention to write to one file (as you’ll see below).
  • Every .cpp file will have its own debugging information which will eventually be collated by the linker.
Disadvantages of using Z7 switch
  • Downside being the time taken to link, size of files on disk and old format.
  • Minimal rebuild feature (/Gm) will not work if /Z7 is enabled. You’ll get following warning…
    Command line warning D9007: ‘/Gm’ requires ‘/Zi or /ZI’; option ignored
  • The biggest disadvantage of Z7 is that this format doesn’t allow Edit and Continue, well this matters if you use this feature at all?
During Debugging what’s the effect of Z7 switch?

When debugging the debugger will tell us from where it has loaded a pdb file for a binary that its debugging. It loads the pdb file generated by the Linker which is unaffected by either /Zi or /Z7. Please see highlighted path of .pdb file from the debugger. So yes linker generates .pdb file which is the final .pdb file.

ConsoleApplication4.exe .\ConsoleApplication4.exe Symbols loaded. .\ConsoleApplication4.pdb 00E50000-00E70000 [5476] ConsoleApplication4.exe: Native


With /Z7 enabled you’ll see following list of files in your intermediate folder, note the size of .obj files…

10/23/2014  06:07 PM               136 ConsoleApplication4.res
10/23/2014  06:07 PM               348 ConsoleApplication4.log
10/23/2014  06:07 PM             2,473 ConsoleApplication4.Build.CppClean.log
10/23/2014  06:07 PM           117,615 ConsoleApplication4.obj
10/23/2014  06:07 PM         4,920,987 stdafx.obj
10/23/2014  06:07 PM        36,175,872 ConsoleApplication4.pch

Please compare above size of .obj files with below output files generated when /Zi is enabled.

Regarding Zi…

The compiler writes debugging information to one centralized file. The compiler names the program database named VCx0.pdb (or what you’ve configured it to be named), where x is the major version of Visual C++ in use.

Advantages of using Zi
    • When you use this option, your .obj files will be smaller, because debugging information is stored in the .pdb file rather than in .obj files.
    • Easy on the linker. It just has one file to parse to figure out debugging information for a binary that’s linking up.
    • Duplicate debugging information doesn’t make into the .pdb file generated by the compiler since its now working on one .pdb file instead of multiple .obj files where it doesn’t maintain a list of symbols generated to figure out duplicate ones.
    • Minimal Rebuild (/Gm) will work only work with /Zi or /ZI.
    • Advanced debugging features like Edit and Continue (/ZI) will work (making code changes when debugging, the changes are then built and we continue debugging again without stopping the debugging session). Sample effect on the debugger when a code change is done when debugging with Edit and Continue enabled…


——– Edit and Continue build started ——–

——————— Done ———————-

Disadvantages of using Zi
  • High contention to write to the one .pdb file as we’ve parallel builds running. Some machines will have several parallel builds configured.

With Zi enabled you’ll see following list of files generated. Take a note of sizes for the .obj files. Note that now we’ve got a

10/23/2014  06:00 PM               136 ConsoleApplication4.res
10/23/2014  06:00 PM               192 ConsoleApplication4.log
10/23/2014  06:00 PM             2,473 ConsoleApplication4.Build.CppClean.log
10/23/2014  06:00 PM           103,106 ConsoleApplication4.obj
10/23/2014  06:00 PM           933,490 stdafx.obj
10/23/2014  06:00 PM         1,551,360 vc120.idb
10/23/2014  06:00 PM         4,239,360 vc120.pdb <<<-- This is the pdb that the compiler generates, which contains debugging information from all the cpp files (path is generated using following pattern: $(IntDir)vc$(PlatformToolsetVersion).pdb). Now .obj files will not have debugging information. Compare their sizes with earlier output.
10/23/2014  06:00 PM        36,896,768 ConsoleApplication4.pch

When debugging the debugger tells exactly from where a pdb file is loaded. It loads the pdb file generated by the Linker which is unaffected by either /Zi or /Z7. Please see highlighted path of .pdb file from the debugger. So yes linker generates .pdb file which is the final .pdb file.

ConsoleApplication4.exe .\ConsoleApplication4.exe  Symbols loaded. .\ConsoleApplication4.pdb [4660] ConsoleApplication4.exe: Native

What’s the effect of these options when debugging in Visual Studio or a crash dump?

As far as debugging is concerned there is zero effect as the linker will eventually generate one final pdb file which is controlled by the linker switch: /DEBUG.


The compiler only generates an ‘intermediate’ .pdb file which contains debugging information collected during compilation which the linker will then eventually dump to a ‘final’ .pdb file. So all that you should be worried is the final .pdb file generated by the linker. This .pdb file is placed alongside the executable. This is the .pdb file that will be used when debugging the application or crash dumps.

So you might ask what if we disable .pdb generation in the compiler settings? Well then your code breakpoints will not hit. The breakpoints will be disabled since the linker couldn’t figure symbols for your code as the compiler didn’t generate any!

Please let me know if you have further questions?

Please Share...
Oct 222014
Please Share...

Reading through few interesting articles on Microsoft.Net Versions and Dependencies in MSDN. Thought of sharing this out with you just in case if you need it…

.NET Framework Versions and Dependencies

How to: Determine Which .NET Framework Versions Are Installed

How to: Determine Which .NET Framework Updates Are Installed

Please Share...
Oct 212014
Please Share...


I had a customer who was seeing several invalid handle exceptions in his application. These exceptions were thrown during finalization of  SafeProcessHandle objects. In their code they had a big collection of SafeProcessHandle objects hence too many objects in Finalization queue as well which means too many Invalid Handle exceptions as well.

What’s an Invalid Handle exception?

Invalid handle exceptions basically means the handle being closed has gone bad or has already been closed. In this case the second reason looked more valid to me as the exceptions were happening during finalization. There was a good chance that these handles got closed pretty early.

What’s the reason for these Invalid Handle exceptions?

Lots of Invalid handle exceptions were happening in his code while disposing a SafeProcessHandle object. This was because he’s was not properly serializing the process handles or SafeProcessHandle’s across app domain calls. We enabled MDA – ReleaseHandleFailed. This setting is also reporting something similar.

ReleaseHandleFailed was detected:
Message: A SafeHandle or CriticalHandle of type SafeProcessHandle failed to properly release the handle with value 0x00000000000020F0. This usually indicates that the handle was released incorrectly via another means (such as extracting the handle using DangerousGetHandle and closing it directly or building another SafeHandle around it.)

How to fix these Invalid Handle exceptions?

The only way to fix this invalid handle issue is to manage serialization of SafeProcessHandle objects across app domains. As of now its just a bitwise copy which results in two SafeProcessHandle’s owning a non-ref counted process handle. When either of these SafeProcessHandle objects are destroyed the second instance of SafeProcessHandle is bound to fail as the handle has already been destroyed/closed by the first instance.

Handle’s are indexes into a process handle table which in turn points to the real Kernel Object. This basically means we’ll have to duplicate this handle via DuplicateHandle API and which tells Kernel this object is still alive and not to destroy this Kernel Object. The duplicate handle refers to the same object as the original handle. Therefore, any changes to the object are reflected through both handles. For example, if you duplicate a file handle, the current file position is always the same for both handles.

SafeSerializableProcessHandle to fix Invalid Handle exceptions

Hence SafeSerializableProcessHandle is born. I wrote a dedicated class to manage this serialization. Made this class serializable as well. This class will automatically create a duplicate handle when serialized. For duplicating process handles we’re using the Windows API DuplicateHandle. Here’s how the code looks like…

using System;
using System.Runtime.InteropServices;
using System.Runtime.Versioning;
using Microsoft.Win32.SafeHandles;
using System.Runtime.Serialization;
using System.Security.Permissions;
using System.Diagnostics;

namespace NativeHandleWrappers
    public class SafeSerializableProcessHandle : SafeHandleZeroOrMinusOneIsInvalid, ISerializable
        [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true, EntryPoint = "CloseHandle", CharSet = CharSet.Unicode)]
        [return: MarshalAs(UnmanagedType.Bool)]
        static extern bool CloseHandleImport(IntPtr hObject);

        [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true, EntryPoint = "DuplicateHandle", CharSet = CharSet.Unicode)]
        [return: MarshalAs(UnmanagedType.Bool)]
        static extern bool DuplicateHandleImport(IntPtr hSourceProcessHandle,
                                           IntPtr hSourceHandle,
                                           IntPtr hTargetProcessHandle,
                                           out SafeSerializableProcessHandle lpTargetHandle,
                                           uint dwDesiredAccess,
                                           [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle,
                                           uint dwOptions);

        public enum DuplicateOptions : uint
            DUPLICATE_CLOSE_SOURCE = (0x00000001),// Closes the source handle. This occurs regardless of any error status returned.
            DUPLICATE_SAME_ACCESS = (0x00000002), //Ignores the dwDesiredAccess parameter. The duplicate handle has the same access as the source handle.

        // Constructors //
        private SafeSerializableProcessHandle()
            : base(true)
            handle = IntPtr.Zero;

        // Constructor that is called automatically during deserialization.
        // Reconstructs the object from the information in SerializationInfo info
        [SecurityPermissionAttribute(SecurityAction.Demand, SerializationFormatter = true)]
        private SafeSerializableProcessHandle(SerializationInfo Info, StreamingContext Context)
            : base(true)
            handle = ((IntPtr)Info.GetInt64("handle"));

        public SafeSerializableProcessHandle(IntPtr handle)
            : base(true)
        // End constructors //

        // 0 is an Invalid Handle
        internal static SafeSerializableProcessHandle InvalidHandle
            get { return new SafeSerializableProcessHandle(IntPtr.Zero); }

        [ResourceConsumption(ResourceScope.Machine, ResourceScope.Machine)]
        override protected bool ReleaseHandle()
            bool Status = true;

            if (!SuppressRelease)
                Status = CloseHandleImport(handle);
                if (!Status)

            return Status;

        void DebugOutLastError()
            System.ComponentModel.Win32Exception we = new System.ComponentModel.Win32Exception();
            Debug.WriteLine("\n------------------------------------------\nLast error: " + we.Message + "\n------------------------------------------\n");

        private bool _suppressRelease = false;
        protected bool SuppressRelease
                return _suppressRelease;

                _suppressRelease = value;

        // Serializes the object.
        [SecurityPermissionAttribute(SecurityAction.Demand, SerializationFormatter = true)]
        public void GetObjectData(SerializationInfo info, StreamingContext context)
            SafeSerializableProcessHandle hDupHandle = DuplicateHandlePrivate(handle);
            info.AddValue("handle", hDupHandle.handle.ToInt64());

            // Suppress close handle as the handle will be closed by the instance that's deserializing
            hDupHandle.SuppressRelease = true;

        private SafeSerializableProcessHandle DuplicateHandlePrivate(IntPtr Handle)
            SafeSerializableProcessHandle hDupHandle;
            bool Status = DuplicateHandleImport(Process.GetCurrentProcess().Handle,
                                                out hDupHandle,
            if (hDupHandle == null || !Status)

            return hDupHandle;

//Function to test SafeSerializableProcessHandle class. This function also demonstrates usage of SafeSerializableProcessHandle
void Serialize()
    FileStream fs = new FileStream("DataFile.dat", FileMode.Create|FileMode.CreateNew);

        // Construct a BinaryFormatter and use it to serialize the data to the stream.
        BinaryFormatter formatter = new BinaryFormatter();

        // Serialize
        Process [] Proc = Process.GetProcessesByName("Explorer");
        SafeSerializableProcessHandle ssph = OpenProcess(ProcessAccessFlags.DupHandle | ProcessAccessFlags.Terminate, true, Proc[0].Id);
        formatter.Serialize(fs, ssph);

        fs.Position = 0;
        SafeSerializableProcessHandle newssph = (SafeSerializableProcessHandle)formatter.Deserialize(fs);

        // Close both, this should work
    catch (SerializationException e)
        Console.WriteLine("Failed to serialize. Reason: " + e.Message);

Usage of SafeSerializableProcessHandle

Replace instances of SafeProcessHandle, which will be cross domained or serialized, with SafeSerializableProcessHandle. No other change will be needed. The effect is magical, no invalid handle exceptions any more. 🙂


Please note this class is not extensively tested. I did some basic tests and so far looks like this is working for our customer as well. So I guess this is pretty solid. If you run into issues you can let me know via a comment to this post but this post is given as is without any sort of support. You’re going to use this at your own risk.

Please Share...
Oct 212014
Please Share...

What’s Fsutil?

Fsutil is a Windows command line utility to help manage FAT and NTFS file systems. Common uses of this command is to…

  • Manage 8dot3name filenames, remove all short names in a folder.
  • View disk details
  • Query file system parameters
  • Dismounting volumes
  • Turning on last access time stamp on NTFS volumes
  • Figuring out file links
  • etc

I’ll be showing you few sample commands using Fsutil.

How to manage 8dot3name filenames using Fsutil?
Query 8dot3name filename status…

C:\>Fsutil 8dot3name query
The registry state is: 1 (Disable 8dot3 name creation on all volumes).

Scan registry to figure impact if 8dot3name filenames were removed from a directory

C:\>Fsutil 8dot3name scan /s c:\users\username\documents
Scanning registry…

Enable or Disable 8dot3name file creation

C:\>Fsutil 8dot3name set
usage : set [0 through 3] | [<Volume Path> 1 | 0]

When a volume is not specified the operation updates the registry value:

0 – Enable 8dot3 name creation on all volumes on the system
1 – Disable 8dot3 name creation on all volumes on the system
2 – Set 8dot3 name creation on a per volume basis
3 – Disable 8dot3 name creation on all volumes except the
system volume

When a volume is specified the operation updates the individual
volume’s on disk flag.  This operation is only meaningful
if the registry value is set to 2.

0 – Enable 8dot3 name creation on this volume
1 – Disable 8dot3 name creation on this volume

This operation takes effect immediately (no reboot required).

Sample commands:
“Fsutil 8dot3name set 1”      – disable 8dot3 name creation on all volumes
“Fsutil 8dot3name set C: 1”   – disable 8dot3 name creation on c:

Strip a folder of 8dot3name file names

C:\>Fsutil 8dot3name strip
Usage : Fsutil 8dot3name strip </t> </s> </f> </l log file> </v> DirectoryPath

This command permanently removes 8dot3 file names from your volume. It will
list the registry keys pointing to the stripped 8dot3names but will not modify
the affected registry keys. Stripping will not be performed on files with full
path names longer than the maximum path length of 260 characters.

If there are affected registry keys and you decide to use the override
switch /f, it is recommended that you backup your volume as it may lead to
unexpected application failures, including the inability to uninstall.

/t – Test mode – specifies that all operations should be performed
except the actual stripping of the file names.
/s – Recurse mode – specifies that this operation should also be
applied to subdirectories.
/f – Force mode – specifies that the directory should be stripped even
if there are registry conflicts.
/v – Verbose mode – specifies that all information logged should also
be printed out to the console.
/l – Specifies a log file to write to.  This must be followed by a path to the
log file.  If this option is not specified the log file will be:
“%temp%\8dot3_removal_log@(GMT YYYY-MM-DD HH-MM-SS).log”

Sample command:
Fsutil 8dot3name strip /l mylogfile.log /s D:\MyData

Modifying filesystem behavior using Fsutil

Queries or sets NTFS volume behavior, which includes:

  • The last access time stamp on NTFS volumes
  • How often quota events are written to the system log
  • The internal cache levels of NTFS paged pool and NTFS non-paged pool memory
  • The amount of disk space reserved for the master file table (MFT) Zone
  • The silent deletion of data when the system encounters corruption on an NTFS volume.
Disable8dot3 file system behavior using Fsutil

Sample commands…

C:\>Fsutil behavior set Disable8dot3 1
The registry state is now: 1 (Disable 8dot3 name creation on all volumes).

C:\>Fsutil behavior set Disable8dot3 0
The registry state is now: 0 (Enable 8dot3 name creation on all volumes).

Disable or Enable LastAccess timestamps on files using Fsutil

Sample commands…

C:\>Fsutil behavior set DisableLastAccess 1
DisableLastAccess = 1

You should now see LastAccess timestamp enabled on your files

C:\>Fsutil behavior set DisableLastAccess 0
DisableLastAccess = 0

LastAccess timestamp is now disabled for your files.

Sample SymlinkEvaluation command using Fsutil

C:\>Fsutil behavior set SymlinkEvaluation L2L:1 L2R:0
– Will enable local to local symbolic links and disable local to
remote symbolic links. It will not change the state of remote to
remote links or remote to local links.
– This operation takes effect immediately (no reboot required)

Using Fsutil to manage volumes

C:\>Fsutil volume
—- VOLUME Commands Supported —-

diskfree            Query the free space of a volume
dismount            Dismount a volume
querycluster        Query which file is using a particular cluster
filelayout          Query all the information available about the file
allocationreport    Allocated clusters report

How to view free disk space using Fsutil

C:\>Fsutil volume diskfree
Usage : Fsutil volume diskfree <volume pathname>
Eg : Fsutil volume diskfree C:

File usage on clusters using Fsutil

To find the file(s) that are using the clusters, specified by the logical cluster numbers 200 and 0x1000, on drive C, type:

C:\>Fsutil volume querycluster C: 200 0x10000
Cluster 0x0000000000010000 used by —-D \Users\nthomas\AppData\Local\Microsoft\Windows\INetCache\IE\Microsoft.VisualStudio.Data.Tools.Package.resourcesT8HR0EQA.HTM::$DATA
Cluster 0x00000000000000c8 used by —-D \Windows\WinSxS\ia64_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_2a4c9d845558f4b7\msvcr90d.dll::$DATA

Using Fsutil to manage files


fsutil file [createnew] <FileName> <Length>
fsutil file [findbysid] <UserName> <Directory>
fsutil file [queryallocranges] offset=<Offset> length=<Length> <FileName>
fsutil file [quaeryfileid] <FileName>
fsutil file [queryfilenamebyid] <Volume> <Fileid>
fsutil file [setshortname] <FileName> <ShortName>
fsutil file [setvaliddata] <FileName> <DataLength>
fsutil file [setzerodata] offset=<Offset> length=<Length> <FileName>

More on Fsutil can found on TechNet: http://technet.microsoft.com/en-us/library/cc753059.aspx

Please Share...