ftquery.exe

  • File Path: C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\ftquery.exe
  • Description:

Hashes

Type Hash
MD5 273E8ED979456C62A201CCF5DBED7281
SHA1 310CA403AAE7B577363E618C003D0141045F83AA
SHA256 0413E0463C98C67A7E59A71A84EAF7BCBAF00DDB316008E8680D130CAB0F4311
SHA384 77962204C04DE790CF921EA1AF8E9FD7DD85DC622142032CB8A88432BF09F20C2761707BA9621BE6784D83D771B1003E
SHA512 FDC1950B0664B325EC15AD10C7D57D473F104910EAE690BDC9C81F099F562060E491B035509DE9BED29BBEEF2D3618B4DEF44F4A581D25A13094325DB95A12CD
SSDEEP 768:D2Aq/znu2gyGKFc0F+WEaVhfZsgZoF5ZwM6rs4KZWOUJ4x:SAcqaFc0FuaBnoF5ZwhrsrZ4
PESHA1 6A59830AFBA22CA3061B4225C8D694BA700F9DD3
PE256 8720D391FB60A7B8F0C6ACC8192108C7684648BB95348662136F41A8119B23FC

Runtime Data

Usage (stdout):

ftquery.exe <SQL query> | <Query file> [Options]

<SQL query> 
    Example1: "SELECT path from systemindex"
    Example2: "SELECT path from mymachine.systemindex where scope='file://mymachine/mysard/foo'"
    Example3: "SELECT path from mymachine.systemindex where scope='@PATH@'"
		(where %PATH% is an environment variable.
		 Note the @'s surrounding the environment variable name.)

<Query File>  Format per query (repeat for each query):
    --TSQLQuery=<Query description> [Any options]
    <SQL>

All options can either be on the command line or per query unless otherwise noted.

/Bare
    Suppress all output except the actual query results.

/Binary:<path>
    The remote binary path for accessing ftquery.exe on a remote machine when doing /purge for a remote query.
    By default this is just ftquery.exe so if it is on a local path of the remote machine it will work.

/Busy
    Wait for indexer to be busy before executing query and measuring performance.
    Normally /Perf will wait for idle.

/Cold
    Restart the indexer for a cold query if you are an administrator.
    On the command line will reset once before all queries.
    On an individual query in a file will reset the query.  (Not compatible with /thread.)
    This will also work on remote machines if you are an administrator on the remote machine and ftquery.exe is available on the remote machine.

/Close:<label>[,<label>]
    Before executing this query, previous queries with the label will be closed.
    Cannot be specified on the command line.

/Delay:<miliseconds>
    Delay before each query execution. Default value is 0

/Depth:<number>
    Recursion depth when expanding hierarchical rowsets for GROUP ON queries.
    0 = stop at first top level rowset, 1 = stop at second level, etc.
    By default all results are expanded.

/Excel:<file>
    Dump out an excel friendly summary at end or into file if present.

/Expensive
    By default expensive properties are not computed.
    This sets DBPROP_DONOTCOMPUTEEXPENSIVEPROPERTIES=false and adds these rowset properties:
       ResultsFound -- the total number of items that match the where clause.
       MaxRank -- the maximum rank of any item that matches the where clause.

/FirstPage:<n>
    The time to get the first page of results is measured.  Default is 60.

/Impersonate:{domain\}user!password
    This will impersonate the user for the duration of the query.  Domain defaults to redmond.

/Iterations:<number>
    Number of iterations for <SQL query> | <Query file> execution. Cannot be specified per query in a query file.
    Default value is one iteration.

/Open:<label>
    Keep rowset open after query so the query can be reused by putting ReuseWhere($<label>) into the query.
    Cannot be specified on the command line.

/Output:<filename>
    Direct output to filename.

/Page:<n>
    Maximum number of rows to fetch at a time.  Default is 60.

/Perf
    Measure query performance. No query results are displayed.  Implies /Stats.

/Purge
    Purge standby lists on the machine being queried.
    This is automatically called when using /cold with a remote query.

/Rows:<n>
    Only fetch this many rows from the top rowset. By default all rows will be fetched.

/Share:<\\machine\share{\path..}>
    This will take any query for the local machine and transform it to be over the remote share.
    FROM SystemIndex -> FROM "<machine>".SystemIndex and the WHERE clause adds a restriction for the share.

/Stats
    Display all of the stats generated by /Perf together with results.

/Thread:<id>
    All queries with the same ID will be executed sequentially, but different ID's will be executed in parallel.
    Each iteration will wait until all threads are finished.

/Timeout:<number>
    Timeout for the query in seconds. Default is 0 which means no timeout.

Per-Query Output.  Sections in {} are only present if /Stats or /Perf
    Description=<description if any>
    WhereID Label=<label if any>
    Query=
    <actual query>
    <Non-default parameter settings>
    {<Perf counters>
     Items = Number of URLS in history
     Terms = Number of unique terms in inverted index
     Inverted Index = Size of inverted index
     In-memory Worlists = number of word lists
     Persistent Indices = total L1/L2/L3/L4
     Flushes = number of currently executing flushes if non-zero
     Merges = MasterMerges L1/L2/L3/L4 ongoing merges if non-zero
     Crawls in progress = number of crawls in progress if non-zero
     Documents in progress = number of documents in word lists if non-zero
     Iterating History
     Recovery in progress
    }
    <Column names if not /Perf>
    <Rows if not /Perf>
    Expanded Rows=<number of expanded rows>[, Children=<total number of children rows>]
    {<Server Version Information>
     Server=<server version>
     WinVer=<server windows major>.<server windows minor>
     NLS=<NLS version>.<NLS Defined Version>
     WhereID=<where ID for query>
    }
    {<Timing information>
     Execute=<time to parse query and send to server>
     Properties=<time to get rowset properties>
     Avg Rows/Page=[average number of rows retrieved per page for top-level rowset]
     1st Row=[time from execute to very first row]
     <FirstPage>th Row=[time from execute to <FirstPage> rows]
     All Rows=[time from execute to get all rows]
    }

Summary Output for Iterations > 1:
    Execute [min avg max] -- stats for execution time
    Properties [min avg max] -- stats for property retrieval time
    1st Row [min avg max] -- stats for 1st row time
    <FirstPage>th Row [min avg max] -- stats for first page of rows time
    All Rows [min avg max] -- stats for getting all rows

Loaded Modules:

Path
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\ftquery.exe
C:\Windows\System32\KERNEL32.dll
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\MSCOREE.DLL
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002CF6D2CC57CAA65A6D80000000002CF
  • Thumbprint: 1A221B3B4FEF088B17BA6704FD088DF192D9E0EF
  • Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: ftquery.exe
  • Product Name: Microsoft (R) Windows (R) Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1
  • Product Version: 10.0.19041.1
  • Language: Language Neutral
  • Legal Copyright: Copyright (c) Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: Unknown

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm\ftquery.exe 86
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\ftquery.exe 86
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\ftquery.exe 83

MIT License. Copyright (c) 2020-2021 Strontic.