ftquery.exe
- File Path:
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\ftquery.exe
- Description:
Hashes
Type |
Hash |
MD5 |
C5C7F52D2761F1B75B21D105A4E6BA74 |
SHA1 |
B9ECA5819286471D6492EB1322C7885A592EC36C |
SHA256 |
23BAC7E35C0A53D925D4605F3C74A6296E60685638E30FA7C6B9C8084477D866 |
SHA384 |
CF3E6EB74F05345D1074306D1BAD26E2F98CC6E8CEB2C0488AF55055D3F58DD7422DF5BDE5AB874C6D765F7C67AECF3B |
SHA512 |
DCAE13DD385D053A5874CB16AD43F1EC59B792BD5CAB382A0CBDE91060D5683FD819A6748713F85D1B34AF78004445DCD98B71FB6A900D0F06D3EB279FC21162 |
SSDEEP |
768:a2Aq/znu2gyGKFcwF+QaVhfZsgZoF5ZwM6rs4KZZ25FCo:XAcqaFcwFZaBnoF5ZwhrsrZID |
IMP |
F34D5F2D4577ED6D9CEEC516C1F5A744 |
PESHA1 |
136F73B3E5C37C3925C7ECF28DAD0B9CBDF15ED8 |
PE256 |
CCC001E3BE990AB2F3A0DEC97406F182C10D762434E98BC8536BA71BFC5BD875 |
Runtime Data
Usage (stdout):
ftquery.exe <SQL query> | <Query file> [Options]
<SQL query>
Example1: "SELECT path from systemindex"
Example2: "SELECT path from mymachine.systemindex where scope='file://mymachine/mysard/foo'"
Example3: "SELECT path from mymachine.systemindex where scope='@PATH@'"
(where %PATH% is an environment variable.
Note the @'s surrounding the environment variable name.)
<Query File> Format per query (repeat for each query):
--TSQLQuery=<Query description> [Any options]
<SQL>
All options can either be on the command line or per query unless otherwise noted.
/Bare
Suppress all output except the actual query results.
/Binary:<path>
The remote binary path for accessing ftquery.exe on a remote machine when doing /purge for a remote query.
By default this is just ftquery.exe so if it is on a local path of the remote machine it will work.
/Busy
Wait for indexer to be busy before executing query and measuring performance.
Normally /Perf will wait for idle.
/Cold
Restart the indexer for a cold query if you are an administrator.
On the command line will reset once before all queries.
On an individual query in a file will reset the query. (Not compatible with /thread.)
This will also work on remote machines if you are an administrator on the remote machine and ftquery.exe is available on the remote machine.
/Close:<label>[,<label>]
Before executing this query, previous queries with the label will be closed.
Cannot be specified on the command line.
/Delay:<miliseconds>
Delay before each query execution. Default value is 0
/Depth:<number>
Recursion depth when expanding hierarchical rowsets for GROUP ON queries.
0 = stop at first top level rowset, 1 = stop at second level, etc.
By default all results are expanded.
/Excel:<file>
Dump out an excel friendly summary at end or into file if present.
/Expensive
By default expensive properties are not computed.
This sets DBPROP_DONOTCOMPUTEEXPENSIVEPROPERTIES=false and adds these rowset properties:
ResultsFound -- the total number of items that match the where clause.
MaxRank -- the maximum rank of any item that matches the where clause.
/FirstPage:<n>
The time to get the first page of results is measured. Default is 60.
/Impersonate:{domain\}user!password
This will impersonate the user for the duration of the query. Domain defaults to redmond.
/Iterations:<number>
Number of iterations for <SQL query> | <Query file> execution. Cannot be specified per query in a query file.
Default value is one iteration.
/Open:<label>
Keep rowset open after query so the query can be reused by putting ReuseWhere($<label>) into the query.
Cannot be specified on the command line.
/Output:<filename>
Direct output to filename.
/Page:<n>
Maximum number of rows to fetch at a time. Default is 60.
/Perf
Measure query performance. No query results are displayed. Implies /Stats.
/Purge
Purge standby lists on the machine being queried.
This is automatically called when using /cold with a remote query.
/Rows:<n>
Only fetch this many rows from the top rowset. By default all rows will be fetched.
/Share:<\\machine\share{\path..}>
This will take any query for the local machine and transform it to be over the remote share.
FROM SystemIndex -> FROM "<machine>".SystemIndex and the WHERE clause adds a restriction for the share.
/Stats
Display all of the stats generated by /Perf together with results.
/Thread:<id>
All queries with the same ID will be executed sequentially, but different ID's will be executed in parallel.
Each iteration will wait until all threads are finished.
/Timeout:<number>
Timeout for the query in seconds. Default is 0 which means no timeout.
Per-Query Output. Sections in {} are only present if /Stats or /Perf
Description=<description if any>
WhereID Label=<label if any>
Query=
<actual query>
<Non-default parameter settings>
{<Perf counters>
Items = Number of URLS in history
Terms = Number of unique terms in inverted index
Inverted Index = Size of inverted index
In-memory Worlists = number of word lists
Persistent Indices = total L1/L2/L3/L4
Flushes = number of currently executing flushes if non-zero
Merges = MasterMerges L1/L2/L3/L4 ongoing merges if non-zero
Crawls in progress = number of crawls in progress if non-zero
Documents in progress = number of documents in word lists if non-zero
Iterating History
Recovery in progress
}
<Column names if not /Perf>
<Rows if not /Perf>
Expanded Rows=<number of expanded rows>[, Children=<total number of children rows>]
{<Server Version Information>
Server=<server version>
WinVer=<server windows major>.<server windows minor>
NLS=<NLS version>.<NLS Defined Version>
WhereID=<where ID for query>
}
{<Timing information>
Execute=<time to parse query and send to server>
Properties=<time to get rowset properties>
Avg Rows/Page=[average number of rows retrieved per page for top-level rowset]
1st Row=[time from execute to very first row]
<FirstPage>th Row=[time from execute to <FirstPage> rows]
All Rows=[time from execute to get all rows]
}
Summary Output for Iterations > 1:
Execute [min avg max] -- stats for execution time
Properties [min avg max] -- stats for property retrieval time
1st Row [min avg max] -- stats for 1st row time
<FirstPage>th Row [min avg max] -- stats for first page of rows time
All Rows [min avg max] -- stats for getting all rows
Loaded Modules:
Path |
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\ftquery.exe |
C:\Windows\SYSTEM32\ntdll.dll |
C:\Windows\System32\wow64.dll |
C:\Windows\System32\wow64cpu.dll |
C:\Windows\System32\wow64win.dll |
Signature
- Status: Signature verified.
- Serial:
33000002CF6D2CC57CAA65A6D80000000002CF
- Thumbprint:
1A221B3B4FEF088B17BA6704FD088DF192D9E0EF
- Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: ftquery.exe
- Product Name: Microsoft (R) Windows (R) Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1
- Product Version: 10.0.19041.1
- Language: Language Neutral
- Legal Copyright: Copyright (c) Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: Unknown
File Similarity (ssdeep match)
MIT License. Copyright (c) 2020-2021 Strontic.