This Windows utility is used to repair the system databases in windows. Windows xp stores the databases with .sdb extension.
Databases like SecEdit.sdb (it keeps track of security settings),SysMain.sdb etc can be accessed by using this command line utility.

Modes of Operation

ESENTUTL /d[options]

ESENTUTL /r [options]

ESENTUTL /g [options]

ESENTUTL /p [options]

ESENTUTL /k [options]

File Dump
ESENTUTL /m[mode-modifier]

ESENTUTL /y [options]

Use this utility with caution it can corrupt the databases and then you may have to reinstall windows xp.

Explanation of Modes and Options :

1. Defragmentation mode :Defragmentation removes excess space from the database and can improve system performance by clustering the database together it is imperative that you backup the database before defragmenting the database file.

Options :
/p Preserves the temporary database. Generally, ESEnTUtl deletes the temporary database
once all of the changes are incorporated into the main database.

/b Creates a backup copy of the database prior to defragmentation
using the specified filename. It’s always a good idea to use this option so that you have another
copy of the database should the defragmentation fail.

For ex :
The Secedit.sdb file located in the C:\WINDOWS\security\Database folder can be derfagmented with backup file name abc.sdb as

esentutl /d secedit.sdb /b abc.sdb

The output should be like the following image:

2.Recovery mode:Recovery helps you overcome database errors. ESEnTUtl rebuilds the database using log entries hence log files must be there for recovery.


/l Defines the location of the log files used to recover the data. The default setting is
the current directory. Normally, you don’t need to change this setting because the log files
usually appear in the same directory as the database

/d[path] Defines the location of database files.

3. Integrity mode: Integrity checking verifies that the database is in an operational state and doesn’t contain any structural errors.

4. Repair mode: This mode changes the database by removing damaged entries and may also delete your security settings so backup before you use this mode.

5. Checksum mode : Checksum mode verifies that the file doesn’t contain any bit level errors. The checksum acts as a means of verifying the data itself is error free. Use both integrity and checksum check.

6. File Dump mode : This is the most important mode if you want to view information in the database files it has a options and a number of modifiers that are used with the \m they are explained below:


/t Performs a database dump for a specified table only

/v Provide verbose output.

They help in determining the kind of data displayed in output like printing header information,viewing a checkpoint file ,log file etc.

they are used as /m[modifier]

H This is the default modifier. It obtains the database header information.
For example esentutl /mh Secedit.db .

k A checkpoint file uses the CHK file extension. This file contains a checkpoint in the database
transactions. A checkpoint is necessary for rolling back database to previous safe state.

l A log file uses the LOG file extension and normally appears in the same folder as a CHK or
SDB file

m It displays the Metadata that tells you about the content of a database like tables,columns etc.

7.Copy mode :Copying lets you create another copy of a log file, streaming file, or database in a secondary location.The default utility settings copy the data from a source location to the current location.

Use /d option followed by directory name to where you want to copy.

That's it, this tutorial is meant for advanced windows xp users.