Sysinternals Utilities and Resources
Solution AcceleratorsMicrosoft Solution Accelerators are a collection of fully supported tools, scripts, models, and best practices to proactively plan, integrate, and operate IT systems. | Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool’s Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/<toolname> or \\live.sysinternals.com\tools\<toolname>. You can view the entire Sysinternals Live tools directory in a browser at http://live.sysinternals.com. What’s New .gif) What’s New (July 1, 2009)- ProcDump v1.0
This new command-line utility is aimed at capturing process dumps of otherwise difficult to isolate and reproduce CPU spikes. It also serves as a general process dump creation utility and can also monitor and generate process dumps when a process has a hung window or unhandled exception. - Windows Internals 5th Edition Released!
The 5th Edition of Windows Internals, the official book on the architecture and internals of the Windows operating system, is now available. This release is 25% larger than the 4th Edition and is updated to cover Windows Vista and Windows Server 2008. Visit the official book page and watch Mark and David’s Channel 9 interview on the book. - Webcast: Case of the Unexplained 2009
Watch Mark’s top-10 rated TechEd session and third installment of the Case of the Unexplained, where he shows how to use the Sysinternals tools like Process Explorer, Process Monitor and Autoruns to solve problems with real-world cases as examples.
What’s New (June 9, 2009)- Inside Windows 7 User Account Control
Check out Mark’s latest TechNet Magazine article where he goes inside the changes in Windows 7’s implementation of UAC, including the two new UAC modes and how certain Windows images are automatically elevated to administrative rights in the default mode.
What’s New (June 4, 2009)- VMMap v2.0
VMMap now breaks out information on memory used by the .NET CLR, enabling detailed memory analysis of managed applications. - ClockRes v2.0
This update to Clockres, a system utility that reports the frequency of the system clock, now shows the upper and lower resolution of the system clock.
What’s New (May 13, 2009)- Mark Demos Windows 7 and MDOP IT Pro Features at TechEd Keynote
Mark has spoken at every US TechEd since 2001, but this the first time he’s been in the keynote. Bill Veghte talks about Windows 7 client features, Iain McDonald shows off virtualization advances in Windows Server 2008 R2, and Mark demos Powershell v2, Applocker, MEDV, App-V and native VHD support (if you want to see just Mark’s segment, go to minute 42).
What’s New (May 7, 2009)- Autoruns v9.5
This update to Autoruns, a powerful autostart manager, adds display of audio and video codecs, which are gaining popularity as an extension mechanism used by malware to gain automatic execution. - PsLoglist v2.7
PsLoglist, a command-line event log display utility, now properly displays event log entries for default event log sources on Windows Vista and higher and accepts wildcard matching for event sources.
What’s New (April 22, 2009)- VMMap v1.1
This update to VMMap, an advanced process memory analysis tool, makes it easy to view the changes between subsequent refreshes. Using the new “show changes” option enables you to measure the impact of specific application functionality by comparing memory usage before and after the functionality executes. The release also has a number of user interface improvements, such as always highlighting the currently selected listview items and making the total row’s position in the summary list sort-independent. - Active Directory Explorer v1.2
ADExplorer v1.2, an Active Directory object browser, adds the ability to copy the properties of an object to the clipboard, back and forward navigation shortcut keys, and an option to change the base used for integer display.
What’s New (April 8, 2009)What’s New (March 30, 2009)- Mark’s Blog: Pushing the Limits of Windows: Paged and Nonpaged Pool
Check out Mark’s latest entry in his Pushing the Limits of Windows series, where he describes the role of the kernel’s paged and nonpaged pool resources, their limits, how the system behaves when they run out, and how to track down a driver that’s leaking pool. - Autoruns v9.40
This Autoruns update shows manual start Windows services, fixes a bug that affected the display of autostart locations that could include multiple startup registrations, and fixes a bug in the Jump To functionality on 64-bit Windows.
What’s New (March 17, 2009)- Process Monitor v2.04
This update shows file mapping operations in basic mode, adds more translations of error numbers to text, fixes a bug that limited support for more boot log files larger than 4GB, and displays version numbers using the same formatting as Windows. - TCPView v2.54
Version 2.54 fixes bugs that prevented the display of IPv6 TCP endpoints and the correct display of IPv6 UDP endpoints - VMMap v1.02
VMMap now shows all image subsections, even if they reside within the same allocation region. It also fixes a bug in image name sorting and makes the UAC elevation smoother on 64-bit Windows.
What’s New (March 2, 2009)- Sigcheck v1.6
This update adds checking for .NET strong signatures and extends the output of the -i option, which shows the image signers, to also print the path of the catalog that stores a file’s signature.
Featured Sysinternal Videos .gif)
Move your mouse pointer over the images to see details about each video. Click an item to view. After launching a video, click “.jpg "Full-screen button image") ” to view full-screen. More Sysinternals Videos... |