Sysinternals Live

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/<toolname> or \\live.sysinternals.com\tools\<toolname>.

You can view the entire Sysinternals Live tools directory in a browser at http://live.sysinternals.com.

What's New

What's New (Febuary 16, 2012)

• DebugView v4.78
  This update to DebugView, a utility for capturing and logging user-mode and kernel-mode debug output messages, can now capture output generated by Metro applications on Windows 8.
• LiveKd v5.1
  LiveKd, a utility for leveraging kernel debuggers to analyze live physical systems or Hyper-V virtual machines, now supports newer Intel processors that implement the XSAVE instruction.

What's New (January 12, 2012)

• CoreInfo v3.03
  Coreinfo, a command-line utility that dumps information about a system’s CPU topology and capabilities, now reports the presence of TSC (timestamp counter) Invariant support.
• Process Explorer v15.12
  This update to Process Explorer makes the search dialog asynchronous and reports the types of found items. It also fixes several bugs, including showing a small font when run after an older version, a bug in the restart-process functionality, working set columns not showing data, and again shows information about service processes when run from an unprivileged user account.
• Mark’s Blog: The Case of My Mom’s Broken Microsoft Security Essentials Installation
  Mark goes deep with the Sysinternals tools to fix a corrupt installation of MSE on his mom’s PC over the holidays.
• Mark to Speak at RSA 2012
  Mark will be speaking at the RSA Conference 2012 in San Francisco at the end of February in two sessions. He’ll be interviewed in the conference’s new Author’s Studio track about his novel Zero Day, joining luminaries such as Mark Bowden (Worm and Blackhawk Down) and Bruce Schneier (Applied Cryptography). In his second session, he’ll present Zero Day: A Non-Fiction View, where he’ll explore the feasibility and risk of an attack like the one he presents in Zero Day.

What's New (December 5, 2011)

• Disk Usage (DU) v1.4
  This update to DU, a command line utility for analyzing the disk space consumed by directories, adds a CSV output option, accounts for the file system cluster size in its on-disk size calculations, and includes alternate data streams.
• Process Explorer v15.1
  This update of Process Explorer, a Task Manager replacement, adds support for new Windows 8 features by giving the processes hosting immersive applications a distinct highlight color, shows immersive application package names in process tooltips and as a new process view column, lists AppContainer and capability SIDs in the process security properties, and updates the GPU support to be compatible with Windows 8. Other enhancements include GPU memory counters with more descriptive labels, display of the logon session ID on the security properties, and reporting of suspended processes as suspended in the CPU usage column.
• Mark’s Blog: Case of the Installer Service Error
  Follow along with Mark in another of his popular ‘Case of the Unexplained’ troubleshooting examples where he retraces the steps of a network administrator that used Process Monitor to figure out why the Windows Intune installer failed on one of his systems and goes on to fix the problem.

What's New (November 10, 2011)

• Autoruns v11.1
  This update to Autoruns adds several new autostart locations, reports the active filter in the status bar, and highlights unsigned images and those with no company name or description to make them easy to spot.
• Microsoft Security Intelligence Report v11
  Microsoft’s regular report on the state of malware covering January through June of 2011 is out and includes a primer by Mark on using the Sysinternals tools to identify and clean malware.

What's New (September 20, 2011)

• Autoruns v11
  This update to Autoruns, a GUI and command-line tool that lists executables configured to run when you boot, logon or run common applications, adds a “jump to folder” command and several additional autostart locations. The command-line version, Autorunsc, adds a new switch to show file hashes and an option to display the autostart entries for all user accounts registered on a system.
• Mark at BUILD: Introduction to Windows Azure, Inside Windows Azure
  Mark’s highly-related BUILD sessions are now available for on-demand viewing. In Introduction to Windows Azure: The Cloud OS, Mark defines cloud computing, presents the different types and positions Windows Azure. Then he describes Windows Azure’s implementation of Platform-as-a-Service (PaaS), including how it makes it easy for developers to write highly-available, highly-scalable cloud applications. In Inside Windows Azure: The Cloud OS, Mark goes deeper than ever before to show Microsoft’s datacenter architecture and explain the steps Windows Azure follows to deploy and runs cloud applications. He concludes by revealing how the Windows Azure team develops and operates Windows Azure.

What's New (September 1, 2011)

• Coreinfo v3
  Coreinfo is a command-line utility that reports detailed information about processor cores and topology, including cache sizes, core-to-socket mappings and NUMA memory latencies. It now shows the processor features supported by the system's processors. For example, Coreinfo will show if the processor supports hardware-assisted virtualization and advanced virtualization features like Second Level Address Translation.

What's New (August 16, 2011)

• ProcDump v4.0
  This update for ProcDump, a trigger-based process dump capture utility, enables you to control the contents of the dump with your own minidump callback DLL and adds a new switch, -w, that has ProcDump wait for a specified process to start.
• Mark’s Blog: The Case of the Hung Game Launcher
  Read Mark’s latest blog post where he uses the Sysinternals utilities to solve a problem he ran into one Sunday morning when trying to play a computer game.
• Zero Day Malware Cleaning with the Sysinternals Tools
  Mark has posted the slides from the highly-attended and well received Blackhat 2011 Workshop he delivered last week, Zero Day Malware Cleaning with the Sysinternals Tools, which demonstrates how to use the Sysinternals tools to hunt down and eliminate malware.

More Sysinternals Videos >