Windows Sysinternals: Documentation, downloads and additional resources

Windows Sysinternals

The Sysinternals web site was created in 1996 by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information. Microsoft acquired Sysinternals in July, 2006. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications. If you have a question about a tool or how to use them, please visit the Sysinternals Forum for answers and help from other users and our moderators.

Sysinternals Utilities

Resources

Top 10 Downloads

Solution Accelerators

Microsoft Solution Accelerators are a collection of fully supported tools, scripts, models, and best practices to proactively plan, integrate, and operate IT systems.

Microsoft Assessment and Planning (MAP) Toolkit
A powerful inventory, assessment and reporting tool for various platform migrations and virtualization without the use of any software agents.
Infrastructure Planning and Design (IPD) Guide Series
Helps clarify and streamline design processes for Microsoft infrastructure technologies.

Sysinternals Live

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/<toolname> or \\live.sysinternals.com\tools\<toolname>.

You can view the entire Sysinternals Live tools directory in a browser at http://live.sysinternals.com.

What's New

What's New (August 30, 2010)

ProcDump v2.0
This major update to ProcDump, a tool that captures process dumps based on process CPU usage, memory consumption, and other behaviors, can now be configured to generate dumps based on the values of system performance counters.
Process Monitor v2.92
This update adds a toolbar button that makes the process tree dialog more accessible. In order to make it easy to zoom in on a particular time range in a trace, it also introduces two quick-filter context menu items that enable you to filter out events before or after a selected event.
Mark’s Blog: The Compound Case of the Outlook Hangs
Mark’s latest blog post comes directly from Microsoft support services and highlights the use of a relatively new Sysinternals tool to troubleshoot two issues causing long Outlook hangs.

What's New (July 22, 2010)

TCPView v3.0
This major update to TCPView, a TCP/UDP endpoint viewing utility, adds endpoint send and receive statistics by leveraging ETW when TCPView is run with administrative rights. It also breaks ports and addresses into separate columns.

What's New (June 23, 2010)

Mark’s TechEd Talks Available
Mark delivered four top-rated, top-attended sessions at TechEd US 2010 in New Orleans and they, along with all the TechEd sessions, are available for free on-demand viewing. Mark’s are Case of the Unexplained 2010, Pushing the Limits of Windows, Windows 7 and Windows Server 2008R2 Kernel Changes, and a talk he co-presented with Mark Minasi, The Secrets of Effective Technical Talks.
RAMMap v1.1
This update to RAMMap, a memory analysis utility for Windows Vista and Windows 7, adds the ability to purge working sets and memory manager paging lists. This can be useful for measuring the memory usage of applications after they’ve started or when specific features are exercised.
AD Explorer v1.4
ADExplorer, an Active Directory editor, now shows all of a directory’s naming contexts and works with Lightweight Directory Services directories.

What's New (June 8, 2010)

Mark’s Blog: The Case of the Unexplained IE Crash
Mark goes on a detective hunt to find out the likely culprit of an IE crash he recently experienced. In the post, he shows how to find which process out of multiple running the same executable crashed and how to get additional information from cryptic stack traces.
Autoruns v10
This major update to Autoruns introduces the ability to scan offline Windows installations, adds .exe and .cmd extension handlers, defaults to hiding Windows entries to reduce noise in the common use case, and includes bug fixes.
Process Explorer v12.04
This Process Explorer release adds the ability to generate full and minidump process crash dump files and fixes a bug in the process permission dialog.

What's New (May 19, 2010)

RAMMap v1.0
Have you ever wondered how Windows allocates physical memory or what's using it? RAMMap is a new utility for analyzing system RAM usage on Windows Vista and Windows 7 that provides insight never before available. RAMMap shows information about each page of memory, summaries of memory usage by type, views of file data stored in memory, and more (portions based on code by Alex Ionescu).
Coreinfo v2.1
Memory access from a processor to memory on remote NUMA nodes takes longer than local-node memory accesses. In addition to dumping NUMA topology information, CoreInfo now measures and displays the internode access costs on NUMA systems.
Making it Big in Software
Mark and other tech industry figures including Steve Wozniak, Linus Torvalds, James Gosling and more, are interviewed in this new book by Sam Lightstone that provides great advice, real-word stories and philosophies for anyone considering a career in software.

What's New (May 6, 2010)

Microsoft CLR Team Blog Post on VMMap and Managed Code
The Microsoft CLR Team has written a great article explaining how to use VMMap to analyze the working sets of managed code (.NET) processes.