Vincent Fatica

Me, briefly ...

Shown at right: Dragon by M. C. Escher

Some little programs for Windows NT/Intel

KEYTIMES - (new) When were the contents of registry keys last modified?

IPINFO - message box display of IP address and IP hostname

IPA, IPN - console output of IP address, hostname

SETENV - view/modify NT's "master" USER and MACHINE environments at command line - UPDATED 8/5/98 to include NT's VOLATILE environment (not propagated, does not survive logouts and reboots) - UPDATED 12/19/98 to include NT's HKU\.DEFAULT\Environment

UPTIME - reports time since boot (command line and message box versions)

PHYSIMEM - little box showing available physical memory

SCROLL, CLW - scroll console to clean window, clear only visible portion of console screen buffer

WORKSET - minimize the "working set" (physical memory) of apps by PID

WHOAMI - gives the username of the currently logged-on user

FSTOGGLE - toggle console sessions to/from fullscreen mode (good for batch files)


Syntax: keytimes hkcr | hkcu | hklm | hku

KEYTIMES recursively opens the keys in the specified hive for reading (only) and prints to standard output the key's date/time stamp and name. If KEYTIMES can't open a key for reading, ity will tell you so. Here's a truncated example:

I use KEYTIMES to see what an install process did to my registry. I use it in two ways: (1) pipe its output through GREP or FINDSTR looking for a date/time of interest, or (2) run KEYTIMES "before and after" and use WINDIFF to look at the differences. A default SORT of KEYTIMES's output redirected to a file should order the lines by date/time, making times of interest easy to locate with an editor.

Get KEYTIMES.EXE by anonymous FTP.

3 Winsock Utilities

IPINFO.EXE simply displays a message box containing one's internet address and internet hostname. For example, right now, it shows me:

IPA.EXE and IPN.EXE are console apps which write to STDOUT, the internet address and internet hostname (resp.) of the local computer (the default, no command line arguments) or of an internet hostname or internet address (resp.) specified on the command line. They return 0 upon success, 1 upon error (and write terse error messages to STDERR), and 2 upon writing a brief syntax message (to STDERR). Their syntaxes are simple: When they succeed, IPA.EXE and IPN.EXE produce very simple STDOUT... only the requested information (an IP address or a hostname). This is by design ... in order to make their output suitable for use in batch files and other scripts.

All three are in IPINFO.ZIP. Get IPINFO.ZIP via anonymous FTP . A friend tells me they also work correctly under Windows95.

NT tip: Here's a little known way to perform command output substitution with NT's CMD.EXE. Suppose you want to set the environment variable %HOSTNAME% to the string returned by IPN.EXE; use:

[Use %%x in batch files.]


SETENV.EXE (for NT, Intel) offers greater functionality than the ResKit's command-line utility SETX.EXE in viewing and manipulating the WindowsNT "master" environments. By accessing either "HKEY_CURRENT_USER\Environment" or "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" ("user" or "machine" environment) SETENV will display an entire environment or the value of a single variable, set or change the value of a single variable, or delete a variable. [*New: support (-v) for the "volatile" environment; see below.] Upon successfully making changes to an environment, SETENV calls "RegFlushKey" to ensure that the changes are written to disk immediately, and then calls "BroadcastSystemMessage" to inform all (interested) components that a change to the environment has been made. EXPLORER (and not many other programs) acts on this message by updating its environment. "BroadcastSystemMessage" is an improvement over "SendMessageTimeout" which is apparently used by SETX as well as the MyComputer\Properties\Environment page; "SendMessageTimeout" can fail if EXPLORER is running as a separate process from the TaskBar/Desktop (see the Knowledge Base's Q104011) and, at the moment, has no windows open to process the message. SETENV's syntax message (which will be displayed if an otherwise invalid syntax is used) appears below. Get SETENV.EXE by anonymous FTP.

I have recently modified SETENV.EXE to create (and set) variables as type REG_EXPAND_SZ whenever at least two occurrences of "%" are found in the value string (this is a good indication that some expansion is intended); otherwise, the type REG_SZ is used. For variables of type REG_EXPAND_SZ, references within a variable to another environment variable will be expanded upon use. To set a variable containing a reference to another variable, you must tell CMD.EXE not to expand the name of the referenced variable before sending the command line to SETENV; do this as follows (for example):

With the 4NT.EXE command interpreter, use: The variable "foo" will be set to "%userprofile%", and when referenced, will return whatever is the value of the variable "userprofile".

*More recently (8/5/98) I have added support (-v) for NT's "volatile" environment, which is stored in "HKEY_CURRENT_USER\Volatile Environment". This is also part of the environment which Explorer gives to applications. The variables and values in the volatile environment do not survive logouts and reboots, and are not propagated by the operating system. The new option tests OK, including when SETENV is called from a login script.

*Even more recentlt (12/19/98) I have added support (-d) for the HKEY_USERS\.DEFAULT\Environment key

SETENV syntax:
 To set or change the value of a variable:
        User environment:           setenv -u name value        (also /u)
        Machine environment:        setenv -m name value        (also /m)
        Volatile environment:       setenv -v name value        (also /v)
 To display a variable:      setenv -u|-m|-d|-v name
 To delete a variable:       setenv -u|-m|-d|-v name -delete   (also /delete)
 To display an environment:  setenv -u|-m|-d|-v
 Use double-quotes around values containing spaces.
 If a variable name or value is to CONTAIN a double-quote, escape that double-quote as \"
 Return codes: 0 = success,        1 = variable not found,
               2 = access denied,  3 = other error
           4 = SETENV has shown this syntax message
 Requested output goes to STDOUT; help and error messages to STDERR.


There was getting to be too many uptimes to keep track of. I canned the versions which used the performance data because they were slow. There are now only two versions, UPTIME.EXE and MBUPTIME.EXE (command line and message box versions, respectively). Both versions attempt to query the performance counter, a 64-bit counter which, I am told, is present on all Pentiums). If this fails, they rely on GetTickCount(), which returns a 32-bit number of thousandths of a second. If the first method succeeds, the uptime reported will not "recycle" for about 136 years. If GetTickCount() is used, the uptime reported will reset to zero after about 49.7 days. Get both UPTIMES in UPTIME.ZIP by anonymous FTP.

There's no readme for the uptimes. Call the command-line versions with "/?" or "-?" to see the variety of output formats and the corresponding command-line switches. Here's a sample of the help screen for the command-line uptimes:

UPTIME default output:
        Boot: Sun Jun 08 21:44:49 1997
UPTIME options and their output:
        /b -b Sun Jun 08 21:44:49 1997
        /u -u 5 days 0 hours 17 minutes 29 seconds
        /t -t 5 0 17 29
        /T -T 5:0:17:29
        /d -d 5.01
        /D -D Uptime: 5.01 days
        /h -h 120.29
        /H -H Uptime: 120.29 hours
        /m -m 7217.49
        /M -M Uptime: 7217.49 minutes
        /s -s 433049.19
        /S -S Uptime: 433049.19 seconds
        /? -? this help message (data is actual)


If you'd like to monitor NT's physical memory usage, without a lot of fancy stuff, you may like PHYSIMEM.EXE. PHYSIMEM.EXE provides a tiny, title-less window displaying the current free physical memory as returned by GlobalMemoryStatus(). Its default (which you can change) is to update every second; at this rate, it doesn't use a second of processor time in a day. And it is tuned to keep its own memory "signature" down around 300K. PHYSIMEM.EXE uses the system variable ANSI font and the display is like: "26144K". You can position the window by left-dragging in the middle ninth of the window. The other (outer) eight ninths of the window are for using the left mouse button to make fine changes to the window's position (with SHIFT) and size (with CTRL). If x and y denote the window's horizontal and vertical position (pixels from top left of desktop) or size (in pixels), you can make the following adjustments one pixel at a time, with the left mouse button, depending on which of the outer eight ninths of the window the mouse pointer is in, with SHIFT for position, CTRL for size:

Once you have found a nice place to nestle PHYSIMEM, you can start it with the desired location and size, as well as update interval (in seconds, the default is 1 sec.). It's command line syntax is: By default, it starts up in the lower right, above the task bar. To kill PHYSIMEM.EXE, Ctrl-left-click in one of the outer eight ninths of its window.

For convenience, this write-up is bundled with PHYSIMEM.EXE in PHYSIMEM.ZIP.


If you run CMD.EXE (or other command interpreters) in a window with vertical scroll bars (screen buffer taller than window) you may like SCROLL.EXE. CMD's "cls" command clears the entire screen buffer. SCROLL.EXE causes the console to scroll to a clean window without disturbing what's in the screen buffer; it does nothing if you're at the end of the screen buffer or if the screen buffer is the same size as the window (no scrolling). Use SCROLL.EXE as it is, make a Doskey macro "cls = scroll", or give the EXE any name you like. Get SCROLL.EXE via anonymous FTP .

CLW.EXE is a related utility. It clears (erases) only the visible portion of the screen buffer, leaving the cursor in the home position. This is in contrast to the built-in "cls" of CMD.EXE which clears the entire screen buffer. Get CLW.EXE via anonymous FTP.


WORKSET.EXE is a very simple application which causes Windows NT to minimize the "working set" (dedicated physical memory) of the named process (syntax: "workset PID"). Windows NT conservatively gives applications considerably more memory than many need; though it can be reclaimed, NT doesn't seem to do so very fast unless prodded. I wrote it specifically for use in detached 4NT batch files (because 4NT has the built-in shell variable "_PID" and because NT doesn't seem to want to reclaim unused memory from detached processes. An example of its use is in my NOTIFY.BAT, which occasionally checks to see if my (dynamic) IP address has changed (using IPA, above), and, if so, FTPs an update to an appropriate host. I included in NOTIFY.BAT the command "workset %_pid" just after NOTIFY.BAT does its periodic check/update, and just before it sleeps for a while. NOTIFY.BAT runs detached, using only about 360 KB (vs. the 1400 KB NT would otherwise give it). I also put the same command in my 4START.BAT, and now 4NT starts using about 600 KB (again vs. 1400 KB). WORKSET can be used on any program whose PID is known (and you can get PIDs from TASKMGR or the ResKit's TLIST). It can reclaim a megabyte from a heavily worked EXPLORER, or 2-3 MB from larger programs like Netscape or Pegasus mail. Of course, a program's working set will grow again as it is called on to execute more of its functions. But I have seen few programs whose working set ever gets back to the size originally allocated by Windows NT. What testing I've done indicate that WORKSET works for ordinary users as well as for administrators on NT workstation; I don't know about NT server, where greater security may be in effect.

Get WORKSET via anonymous FTP and remember its syntax ("workset pid") since there's no README or online syntax messages.

Here's the source for WORKSET:


#include <windows.h>

int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,

                  PSTR szCmdLine, int iCmdShow) {

        DWORD pid = ( __argc > 1 ) ? strtoul(__argv[1], NULL, 10) : 0;

        if ( pid == 0 ) return 1;

        HANDLE hndl = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); 

        SetProcessWorkingSetSize(hndl, ~0L, ~0L);


        return 0;



WHOAMI.ZIP contains two versions of WHOAMI. WHOAMI.EXE is a console version which writes the name of the currently logged-on user to the console's stdout. WWHOAMI.EXE does not require (or create) a console; its output appears in a message box. Both programs are very simple, making straightforward use of the GetUserName() function. Get WHOAMI.ZIP by anonymous FTP.


Here's FSTOGGLE's help screen:

Any other syntax shows this message.
In any case, FSTOGGLE returns 0 or 1, indicating
the display mode as it exits.
Get FSTOGGLE.EXE by anonymous FTP.

(... more to come)