January 13th, 2012· Autoruns v11.21: This update to Autoruns fixes a number of minor bugs, including one that could result in a crash when certain scheduled tasks are configured.
· Coreinfo v3.03: Coreinfo, a command-line utility that dumps information about a system’s CPU topology and capabilities, now reports the presence of TSC (timestamp counter) Invariant support.
· Portmon v3.03: Portmon, a utility for monitoring serial and parallel port traffic, includes some minor bug fixes and user-interface consistency updates.
· Process Explorer v15.12: This update to Process Explorer makes the search dialog asynchronous and reports the types of found items. It also fixes several bugs, including showing a small font when run after an older version, a bug in the restart-process functionality, working set columns not showing data, and again shows information about service processes when run from an unprivileged user account.
December 17th, 2011· Process Explorer v15.11: This minor update fixes several bugs, including the fleeting appearance of garbage characters in the status bar.
December 6th, 2011· Autoruns v11.2: This update fixes a bug in the jump-to-folder function when executed on disabled items and correctly locates print monitor DLLs when they are stored in print monitor-specific system director
· Disk Usage (DU) v1.4: This update to Du, a command line utility for analyzing the disk space consumed by directories, adds a CSV output option, accounts for the file system cluster size in its on-disk size calculations, and includes alternate data streams.
· Process Explorer v15.1: This update of Process Explorer, a Task Manager replacement, adds support for new Windows 8 features by giving the processes hosting immersive applications a distinct highlight color, shows immersive application package names in process tooltips and as a new process view column, lists AppContainer and capability SIDs in the process security properties, and updates the GPU support to be compatible with Windows 8. Other enhancements include GPU memory counters with more descriptive labels, display of the logon session ID on the security properties, and reporting of suspended processes as suspended in the CPU usage column.
· Strings v2.42: This Strings release fixes a bug that would result in a crash when the –n or -b options are specified without a file name
November 11th, 2011· Autoruns v11.1: This update to Autoruns adds several new autostart locations, reports the active filter in the status bar, and highlights unsigned images and those with no company name or description to make them easy to spot.
· AccessChk v5.02: This AccessChk release includes improved error messages, reports registry key delete permission, and includes a manifest.
· Coreinfo v3.02: This minor update to Coreinfo, a command-line tool that reports supported CPU features and topology, includes Microsoft’s SLAT term for Intel’s Extended Page Table and AMD’s Nested Paging virtualization features.
September 21st, 2011· Autoruns v11: This update to Autoruns, a GUI and command-line tool that lists executables configured to run when you boot, logon or run common applications, adds a “jump to folder” command and several additional autostart locations. The command-line version, Autorunsc, adds a new switch to show file hashes and an option to display the autostart entries for all user accounts registered on a system.
· Coreinfo v3.01: This update to Coreinfo, a command-line utility that shows processor features and topology, fixes a bug in the way it reports hyper-threading and gives a warning when showing virtualization features and a hypervisor is running.
· ProcDump v4.01: This release of ProcDump, a tool for capturing process memory dumps, adds a context record for 1st chance exception dumps so that registers and the call stack of the faulting thread are captured.
· Process Explorer v15.05: This update fixes a bug in cycle CPU usage calculation on Windows 7.
September 2nd, 2011Coreinfo 3.0:
· Coreinfo is a command-line utility that reports detailed information about processor cores and topology, including cache sizes, core-to-socket mappings and NUMA memory latencies. It now shows the processor features supported by the system's processors. For example, Coreinfo will show if the processor supports hardware-assisted virtualization and advanced virtualization features like Second Level Address Translation.
DebugView v4.77:
· This update to DebugView, a graphic debug output monitor useful for application and device driver development, adds a command-line switch to enable or disable kernel-mode capture, a switch to enable millisecond clock display, and a number of bug fixes.
SDelete v1.6:
· SDelete, a command-line utility for securely deleting files and zeroing volume free space, fixes a bug that prevented it from accessing some files on 64-bit Windows and swaps the zero-free-space and clean-free-space arguments to make them more intuitive.
· Process Explorer v15.04: This release fixes several minor bugs, including a tooltip display bug and one that could result in a miscalculation of CPU usage on Windows 7 in the refresh immediately following the termination of a CPU-intensive process.
August 19th, 2011· Process Explorer v15.03: This fixes a bug introduced in v15.02 that would result in a crash of Process Explorer when run with standard user rights and the System Information dialog is opened.
August 17th, 2011· ProcDump v4.0: This update for ProcDump, a trigger-based process dump capture utility, enables you to control the contents of the dump with your own minidump callback DLL and adds a new switch, -w, that has ProcDump wait for a specified process to start.
· Process Monitor v2.96: This release changes the appearance of its tooltips to the default theme, fixes a drawing bug in the treeview, and updates the graphs to match the style introduced in Process Explorer v15.
· Process Explorer v15.02: Process Explorer v15.02 includes minor updates to the drawing routines.
July 26th, 2011· Process Explorer v15.01: This update adds the ability to select a custom graph background color, adds paged and nonpaged pool quota columns to the process view, fixes incorrect information on the disk and network process properties dialog on 32-bit Windows, and fixes a GPU tray icon bug.
· TCPView v3.05: This update fixes a bug when sorting by the state column.
July 19th, 2011Process Explorer v15.0:
· Process Explorer v15 celebrates the release of the Sysinternals Administrator Reference and the upcoming 15th anniversary of Sysinternals. This major update to Process Explorer, a powerful tool for inspecting and controlling processes, threads, loaded DLLs, and more, adds GPU utilization and memory monitoring on Vista and higher. It also adds the ability to restart services, has a smaller memory footprint, and has visually cleaner performance graphs.
ListDLLs v3.1:
· ListDLLs, a command-line utility for listing and searching for loaded DLLs, now dumps full file version information, including digital signatures. It also adds a new option designed to aid in malware hunting that filters output to include only unsigned DLLs.
FindLinks v1.0:
· This new command-line utility lists the hard links associated with a specified file.
May 19th, 2011VMMap v3.1:
· VMMap, a process virtual and physical memory analyzer, now shows the ASLR status of images and reports “unusable” virtual memory regions.
RAMMap v1.11:
· This update to RAMMap, a system memory usage analyzer, adds command-line options for loading files and exporting scans, creates a file association and fixes several bugs
· Handle v3.46: This update has Handle use the same helper driver as Process Explorer.
· Process Explorer v14.12: This update fixes a bug that prevents removal of tray icons under certain conditions.
May 4th, 2011· ZoomIt v4.2: This update to ZoomIt, a screen magnification and annotation utility, now adjusts the drawing pen size when you enter drawing mode from live zoom to match the static zoom pen size.
· Process Explorer v14.11: Process Explorer v14.11 includes the ability to configure network and disk activity icons in the tray.
· ProcDump v3.04: This update to ProcDump’s miniplus dump type (-mp) includes heuristics that include thread stack memory.
April 14th, 2011· Updates: Process Monitor v2.95
March 17th, 2011· Updates: Process Explorer v14.1, VMMap v3.03, ProcDump v3.03
February 15th, 2011· Winobj 2.22: A number of bugs, including on affecting sorting, are fixed in this update.
· VMMap 3.02: This release fixes several bugs.
February 2nd, 2011· Updates: ProcDump v3.02, Contig v1.6, TCPView v3.03
January 26th, 2011· Handle v3.45: This release fixes a bug that could in some cases cause a system crash.
January 20th, 2011· Handle v3.44: This updates the driver to the newest version used by Process Explorer.
January 18th, 2011Updates:
· ListDLLs v3.0, Handle v3.43, and Process Monitor v2.94
December 16th, 2010Update:
· ProcDump v3.01
December 10th, 2010· Updates: ProcDump v3.0, AccessChk v5.01 and a new Mark's Blog Post
November 30th, 2010Update:
· Autoruns v10.06
November 23rd, 2010Updates:
· Process Explorer v14.01, Autoruns v10.05
November 17th, 2010Update:
· Process Explorer v14
November 2nd, 2010Update:
· VMMap v3.01
October 29th, 2010Update:
· VMMap v3.0
October 15th, 2010· LiveKd v5.0 - and a related Mark's Blog post, Disk2vhd v1.63, Sigcheck v1.73
October 7th, 2010Autoruns v10.04:
· This fixes a toolbar drawing bug that shows on Windows XP.
September 30th, 2010Updates:
· ProcDump v2.01, Autoruns v10.03, Process Monitor v1.93
September 9th, 2010· Updates: WinObj v2.2, Junction v1.06
August 31st, 2010· Updates: ProcDump v2.0, Process Monitor v2.92, and a new Mark's Blog Post
August 3rd, 2010· TCPView v3.02: Fixes a GDI handle leak.
July 30th, 2010TCPView v3.01:
· TCPView v3.01 addresses a minor drawing bug when running on Windows XP.
Disk2vhd v1.62:
· This update fixes a bug in the HAL fixup code that could prevent a converted image from booting under Virtual PC.
AdExplorer v1.42:
· This addresses a regression in v1.41 that prevented AdExplorer from connecting to some Light Weight Directory Service databases.
July 23rd, 2010· TCPView v3.0: This major update to TCPView, a TCP/UDP endpoint viewing utility, adds endpoint send and receive statistics by leveraging ETW when TCPView is run with administrative rights. It also breaks ports and addresses into separate columns.
· Autoruns v10.02: This update fixes a bug in Autorunsc that had default to filtering out signed Windows components.
· ProcDump v1.81: This release addresses a bug in the implementation of the -x command-line options, where ProcDump would pass the dump file name to the target process.
· Disk2vhd v1.61: System volumes no longer display twice on the volume list.
July 13th, 2010· Disk2vhd v1.6: Disk2vhd now includes better error handling for failed snapshots, guarantees that the system is bootable even if the system crashes while Disk2vhd is updating the system to make it compatible with Virtual PC, and supports direct-attached Hyper-V SCSI disks.
· ADExplorer v1.41: This release fixes a bug with searching from the root of a directory.
June 24th, 2010· Updates: RAMMap v1.1, ADExplorer v1.4, Autologon v3.0 | Mark's Talks from TechEd US 2010 are now online
June 15th, 2010· Autoruns v10.01: This fixes a bug in the Registry jump-to function for HKCU registry paths.
June 9th, 2010· Updates: Autoruns v10, Process Explorer v12.04, Sigcheck v1.7, ProcDump v1.8 and a new Case of the Unexplained
May 22nd, 2010· Corinfo v2.11: Coreinfo does require XP 64-bit or higher for client (server 2003 or higher for server). This update fixes the bug where it would fail to launch on 32-bit XP instead of reporting compatibility requirements.
May 19th, 2010RAMMap v1.0:
· Have you ever wondered how Windows allocates physical memory or what’s using it? RAMMap is a new utility for analyzing system RAM usage on Windows Vista and Windows 7 that provides insight never before available. RAMMap shows information about each page of memory, summaries of memory usage by type, views of file data stored in memory, and more.
Coreinfo v2.1:
· Memory access from a processor to memory on remote NUMA nodes takes longer than local-node memory accesses. In addition to dumping NUMA topology information, CoreInfo now measures and displays the internode access costs on NUMA systems.
Making it Big in Software:
· Mark and other tech industry figures including Steve Wozniak, Linus Torvalds, James Gosling and more, are interviewed in this new book by Sam Lightstone that provides great advice, real-word stories and philosophies for anyone considering a career in software.
May 7th, 2010· Update: LogonSessions v1.21 and an article on the usage of VMMAP
· LogonSessions v1.21: This fixes a bug that prevented logonsessions from showing full token information in some cases on 64-bit windows.
· Microsoft CLR Team Blog Post on VMMap and Managed Code: The Microsoft CLR Team has written a great article explaining how to use VMMap to analyze the working sets of managed code (.NET) processes.
April 29th, 2010· Mark’s Blog: The Case of the Printing Failure - Mark’s most recent post in the Case of the Unexplained series describes the troubleshooting steps, which include use of Procdump and Process Monitor, an administrator went through when printing failed on one of the systems in their network.
· LiveKd v4.0: This major update to LiveKd, a utility that enables a local read-only kernel debugging of an on-line system, supports > 64 processors, includes numerous reliability enhancements, and new switch, -o, that generates a live kernel dump without having to launch a kernel debugger (thanks to Ken Johnson).
· AccessChk v5.0: A command-line tool for viewing the effective permissions on files, registry keys, services, processes, kernel objects, and more, adds a new option to dump un-interpreted access control lists, an option to ignore inherited ACEs, distinguishes between file and directory permissions, and includes several bug fixes.
· PsTools Updates: These PsTools utilities have been updated to fix several bugs, including one that sometimes prevented them from performing remote registry access - PsExec, PsGetSid, PsInfo, PsList, PsLoggedOn, PsLogList, and PsService.
· LogonSessions v1.2: LogonSessions is updated to work on 64-bit Windows for x64.
April 15th, 2010· Updates: Process Monitor v2.9, Process Explorer v12.02, Testlimit v5.02 | A new Mark's blog post and Mark to speak at the Windows Summit and TechEd US
April 2nd, 2010· Updates: Process Explorer v12.01
March 9th, 2010· Updates: VMMap v2.61
March 3rd, 2010· Updates: AdExplorer v1.3, VMMap v2.6, Disk2vhd v1.5, LiveKd v3.14, Sigcheck v1.66
January 20th, 2010· Updates: ProcDump v1.72, Desktops v1.02, Sigcheck v1.65, DiskView v2.3
January 15th, 2010· Updates: ProcDump v1.71
January 12th, 2010· Updates: ProcDump v1.7, AccessChk v4.24, Sigcheck v1.64, Desktops v1.01, LiveKd v3.13
December 2nd, 2009· Updates: VMMap v2.5, Disk2vhd v1.4; Sigcheck v1.63; Autoruns v9.57; PsExec v1.97; PsKill v1.13 and a new Mark's Windows Internals Session video from PDC 2009
· Mark’s Windows Internals Session at the Professional Developer’s Conference: Mark dives deep to cover Windows 7 and Windows Server 2008 R2 kernel changes in his top-rated session from PDC 2009.
November 4th, 2009· NewSID Retirement and the Machine SID Duplication Myth: Mark’s latest blog post debunks the myth that having duplicate machine SIDs causes problems, explaining why the Sysinternals NewSID tool has been retired.
· Disk2vhd v1.3: This update to Disk2vhd makes more Windows XP and Windows Server 2003 VHDs bootable by updating their MBR and boot sectors to be compatible with Hyper-V and Virtual PC and by installing the Intelide driver if it it’s not already installed. It also optimizes image creation by not copying paging and hibernation files.
· Sigcheck v1.62: This update to Sigcheck, a utility that displays file version and digital signature information, removes a file size limit for generating file hashes, works on 64-bit MSI files, and reports expired signatures.
· Process Monitor v2.8: Displays new Windows 7 CreateFile options, includes file-delete operations in the Category filter’s Write subcategory, and displays names for more IOCTLs and result codes.
· LiveKd v3.12: This release fixes compatibility with 64-bit Windows XP and Windows Server 2003.
October 28th, 2009· The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault.
October 27th, 2009· Windows 7 General Availability and Mark on Channel 9
· Check out Mark’s latest Channel 9 interview on Windows 7 and Windows Server 2008 R2 kernel changes, released today to coincide with Windows 7’s general availability. He talks about memory management, process reflection and more, and shows a couple of demos on a 256-processor system.
October 22nd, 2009· Disk2vhd v1.1
· Disk2vhd now supports command-line options for automation and fixes a bug that could result in an “invalid user buffer” error during a conversion.
· ZoomIt v4.1
· Zoomit is a screen magnification and annotation utility that's useful for technical presentations. With this update, you can now easily switch between LiveZoom (supported on Vista and Windows 7) and drawing mode.
· Coreinfo v2.0
· `Coreinfo now supports IA64 and Windows Server 2008 R2 systems with more than 64 logical processors.
October 14th, 2009· Autoruns v9.56: This update enables Autoruns to view registry entries that have permissions only allowing the System account access and fixes a bug that caused some rundll32-hosted entries to not display correctly.
October 8th, 2009· Disk2vhd v1.0: We’re excited to announce a new Sysinternals tool, Disk2vhd, that simplifies the migration of physical systems into virtual machines (p2v). Just run Disk2vhd on the system you want to migrate and specify the volumes for which you want data included, and Disk2vhd creates a consistent point-in-time volume snapshot followed by an export of the selected volumes into one or more VHDs that you can add to a new or existing Hyper-V or Virtual PC virtual machine.
October 2nd, 2009· LiveKd v3.1: This update to LiveKd, a tool that enables you to perform local kernel debugging using the Windbg tool, adds support for systems with more than 4GB of RAM and now works on x64 systems even when they aren’t booted in debugging mode.
· BgInfo v4.16: Bginfo now correctly reports Windows Server 2008 R2. ProcDump v1.6: This minor update sets the thread context in a dump file to the thread that trips the CPU threshold so that it’s stack can be viewed simply by entering a stack dump command.
· Autoruns v9.55: A bug that prevented some 64-bit entries from being disabled is addressed in this update.
August 6th, 2009· ZoomIt v4.0
· In addition to minor bug fixes, this update to ZoomIt, a screen magnification and annotation tool, has significant improvements to the live zoom functionality that’s available on Vista and Windows 7. For example, it removes the shadow mouse, it uses a better mouse tracking algorithm and on Windows 7 it adds zoom-in and zoom-out transitions.
May 8th, 2009· Autoruns v9.5
· This update to Autoruns, a powerful autostart manager, adds display of audio and video codecs, which are gaining popularity as an extension mechanism used by malware gains automatic execution.
· PsLoglist v2.7
· PsLoglist, a command-line event log display utility, now properly displays event log entries for default event log sources on Windows Vista and higher and accepts wildcard matching for event sources.
April 23rd, 2009· VMMap v1.1 - This update to VMMap, an advanced process memory analysis tool, makes it easy to view the changes between subsequent refreshes. Using the new “show changes” option enables you to measure the impact of specific application functionality by comparing memory usage before and after the functionality executes. The release also has a number of user interface improvements, such as always highlighting the currently selected listview items and making the total row’s position in the summary list sort-independent.
· Active Directory Explorer v1.2 - ADExplorer v1.2, an Active Directory object browser, adds the ability to copy the properties of an object to the clipboard, back and forward navigation shortcut keys, and an option to change the base used for integer display.
November 20th, 2008· Process Explorer 11.3
· This update to Process Explorer includes numerous enhancements and bug fixes, including a physical memory history graph, options to configure memory tray icons, asynchronous thread symbol resolution and security ID lookup, dynamic recognition of new volume drive letters, multiple character matching in the process view, and a smaller memory footprint.
February 27th, 2008· ShellRunas v1.0
· ShellRunas provides functionality similar to that of the Runas tool to launch programs as a different user via a convenient shell context-menu entry. This makes it more convenient than Runas for heavy Explorer users.
· Process Explorer v11.10
· This Process Explorer update adds a number of enhancements, including support for high DPI, display of paging and standby list sizes on Vista, and display of cycles consumed on threads tab on Vista. It also reports the COM object running inside of Dllhost processes and the tasks running inside of Vista Taskeng host processes in the process view hover tooltip.
· Mark Hosts Virtual Roundtable on Deploying Vista
· Join Mark Russinovich and a panel of industry experts and IT pros on March 5th for a live, interactive roundtable discussion on Windows Vista adoption and deployment, including challenges, workarounds, and solutions.
December 19th, 2007· Autoruns v9.0
· This major update to Autoruns shows an entrys raw launch string in its image details area, lists Explorer and IE COM classes names and icons, is aware of several more autostart locations, including additional shell extensions, Windows Vista scheduled tasks and Windows Vista Sidebar gadgets, and has better support for alternate online search engines.
· New Video: Mark on Channel 9
· Channel 9: Mark talks about working at Microsoft, the Windows Server 2008 kernel, MinWin versus Server Core, Hyper-V and application virtualization.
Find us on Google+
