Skip to main content

Windows Sysinternals

The Sysinternals web site was created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications.

Get up to speed fast!


Sysinternals Live

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as https://live.sysinternals.com/<toolname> or  \\live.sysinternals.com\tools\<toolname>.

You can view the entire Sysinternals Live tools directory in a browser at https://live.sysinternals.com.

What's New What's New

What's New (May 26, 2015)

  • AccessChk v6.0
    This update to AccessChk, a command-line utility that shows effective and actual permissions for registry keys, files, services, kernel objects, and more, can now show the permissions and security descriptors assigned to event logs, and incorporates owner-rights accesses in its permissions evaluations.
  • Autoruns v13.4
    Autoruns, the most comprehensive utility available for showing what executables, DLLs, and drivers are configured to automatically start and load, now reports Office addins, adds several additional autostart locations, and no longer hides hosting executables like cmd.exe, powershell.exe and others when Windows and Microsoft filters are in effect.
  • Process Monitor v3.2
    Process Monitor, a real-time system monitoring utility that captures registry, file system, process and thread, CPU, DLL and network activity, adds an option to show all file system values in hexadecimal, adds additional error code and file system control strings, and fixes a bug that prevented boot capture on Windows 10.
  • VMMap v3.2
    This release of VMMap, a powerful tool for analyzing the virtual and physical memory usage of a process, fixes a bug that prevented it from working with the 2 TB reserved memory region introduced to support Control Flow Guard (CFG).

What's New (April 20, 2015)

  • Sysmon v3.0
    This release of Sysmon, an advanced background monitor that records process-related activity to the event log for use in intrusion detection and forensics, adds the process name to process terminate events, reports remote thread creation events, and improves the simplicity and flexibility of filter settings.
  • Autoruns v13.3
    Autoruns, a utility that shows what processes, DLLs, and drivers are configured to automatically load, adds reporting of GP extension DLLs and now shows the target of hosting processes like cmd.exe and rundll32.exe.
  • RegJump v1.1
    Regjump, a command-line utility that navigates Regedit to the registry path specified as a parameter, adds the -c option to jump to the path stored in the copy/paste clipboard.

What's New (March 10, 2015)

  • LiveKd v5.4
    This update to Livekd, a tool that enables live kernel debugging for Windows systems and Hyper-V guest Windows virtual machines, now includes ‘live dump’ support for generating fast-snapshot crash-consistent kernel dump files using support introduced in Windows 8.1 and Windows Server 2012 R2.
  • Autoruns v13.2
    In addition to bug fixes to CSV and XML output, Autorunsc introduces import-hash reporting, and Autoruns now excludes command-line and other host processes from the Microsoft and Windows filters.
  • Sigcheck v2.2
    This release of Sigcheck, a command-line tool that reports file version, code signing, and hash information, introduces import-hash reporting and support for files larger than 4 GB.
  • Process Explorer v16.05
    Process Explorer now includes a Protection column that shows process protection status.

What's New (January 29, 2015)

  • Autoruns v13.0
    This major update to Autoruns, an autostart execution point (ASEP) manager, now has integration with Virustotal.com to show the status of entries with respect to scans by over four dozen antimalware engines. It also includes a revamped scanning architecture that supports dynamic filters, including a free-form text filter, a greatly improved compare feature that highlights not just new items but deleted ones as well, and file saving and loading that preserves all the information of a scan.
Microsoft is conducting an online survey to understand your opinion of the MSDN Web site. If you choose to participate, the online survey will be presented to you when you leave the MSDN Web site.

Would you like to participate?