Sysinternals Site Discussion

Updates: Autoruns v9.37, AccessChk v4.23

Autoruns v9.37: This update adds support for viewing the Local System account's profile and adds a new option, Hide Microsoft and Windows Entries.

AccessChk v4.23: Changes the behavior of object manager name parsing to make enumerating the objects in an object manager directory more straight forward.

Updates: Process Monitor v2.03, Autoruns v9.36, Disk Usage v1.33, Process Explorer v11.31

Process Monitor v2.03: This update to Process Monitor, a real-time file, registry, process and network monitor, adds the ability to import and export configuration settings, shows an icon in the operations column depicting the event class of the operation, and fixes a symbol configuration bug on Windows XP.

Autoruns v9.36: Autoruns changes the Hide Microsoft Entries to only hide Windows entries, fixes a bug in the Find behavior, allows enabling and disabling entries using the space bar, and fixes a number of minor bugs.

Disk Usage v1.33: Du adds a new option, -u, that has it exclude duplicate hard-linked files from its summary.

Process Explorer v11.31: This update works around a bug in the latest Debugging Tools for Windows debug engine DLL and fixes a bug that could cause objects to show up as <unknown type> when Process Explorer was run without administrative rights.

Updates: Process Explorer v11.3, Handle v3.42 | A new Mark's blog post | 2 New Mark's webcasts: Case of the Unexplained and Inside Windows Server 2008 R2 Virtualization and VHD Improvements

Process Explorer v11.3: This update to Process Explorer includes numerous enhancements and bug fixes, including a physical memory history graph, options to configure memory tray icons, asyncronous thread symbol resolution and security ID lookup, dynamic recognition of new volume drive letters, multiple character matching in the process view, and a smaller memory footprint.

Handle v3.42: This Handle update fixes a rare bug that could cause it to reference the wrong handle during a name lookup.

Mark's Webcasts: The Case of the Unexplained 2008 and Server 2008 R2 Virtualization and VHD Improvements: Mark's talks from TechEd EMEA are now posted, including an all new Case of the Unexplained that shows off how to troubleshoot with the Sysinternals tools, and Inside Windows Server 2008 R2 Virtualization and VHD Improvements that includes a demo of the new Windows native BHD and boot-from-VHD support.

Mark's Blog: Pushing the Limits of Windows: Virtual Memory: Check out Mark's latest blog post on virtual-memory-related limits in Windows, that includes information on how to track down virtual memory hogs and how to size the paging file.

Updates: ZoomIt v2.2, AccessChk v4.22

ZoomIt v2.2: This ZoomIt update makes it easier to see the drawing cursor when it's small relative to the zoomed region by representing it as a cross hair, allows you to position the text cursor when you enter text mode, supports changing the text color for the break timer and while you're placing the text cursor, and includes a number of other minor improvements.

AccessChk v4.22: This update fixes a bug that sometimes caused AccessChk to not show the full list of rights and privileges assigned to a user account.

Updates: Process Monitor v2.02

Process Monitor v2.02: This update fixes a bug in the symbols configuration dialog.

Mark's Webcasts: Mark Russinovich goes Inside Windows 7

Channel9: Mark Russinovich goes Inside Windows 7: Mark talks about kernel changes in Windows 7 and Windows Server 2008 R2, including the removal of the scheduler’s dispatcher lock, support for up to 256 CPUs, boot from VHD, MinWin, core parking for power savings and more.

Updates: Autoruns v9.35, Process Monitor v2.01, DebugView v4.76, AccessChk v4.21

Autoruns v9.35: This Autoruns update adds additional autostart locations, including lsastart, s0initialization, savedumpstart, and servicecontrollerstart, and fixes serveral bugs.

Process Monitor v2.01: This release fixes several bugs, including compatibility with Windows 2000, excessive exit delays, and adds the new networking events to the filter dialog's operations list.

DebugView v4.76: Debugview no longer truncates the last character of each line of a log file when it loads one back into the display.

AccessChk v4.21: This fixes a bug in the code that checks for malformed security descriptors that could cause spurious warnings.

Updates: Process Monitor v2.0, ZoomIt v2.11, Sigcheck v1.54, Contig v1.55 | A new Mark's Blog post: The Case of the Sloooow System | New Vista Springboard webcast

Process Monitor v2.0: This major update to Process Monitor adds real-time TCP and UDP monitoring to its existing process, thread, DLL, file system and registry monitoring. You can now see the TCP and UDP activity processes performed, including the operation (e.g. connect, send, receive), local and remote IP addresses and DNS names, and operation transfer lengths. On Windows Vista, Process Monitor also collects thread stacks for network operations.

Mark's Blog: The Case of the Sloooow System - Check out Mark's latest blog post to see how he resolved a critical support incident on one of his home computers.

ZoomIt v2.11: ZoomIt now includes the ability to change the color of the break timer and modifies the way it captures the screen so that it includes tooltip windows.

Vista Springboard Virtual Roundtable on Performance: Watch Mark and a panel of industry experts discuss Windows performance in this hour-long webcast where they cover topics from avoiding common pitfalls, defining performance baselines, performance monitoring tools, ways to improve overall system performance and common performance misconceptions.

Sigcheck v1.54: This Sigcheck release fixes a bug in CSV output formatting.

Contig v1.55: Contig now supports the -accepteula command-line switch.

 

New Tool: Coreinfo v1.0; A new blog post from Mark - Where in the world is Mark Russinovich?

Coreinfo v1.0: This is a new command-line utility that shows you the mapping between logical processors and the physical processor, NUMA node, and socket on which they reside, as well as the cache's assigned to each logical processor.

Mark's Blog: Where in the world is Mark Russinovich? - Check out Mark's latest blog post to find out where he's going to be speaking this Fall and how Windows Internals 5th Edition is progressing.

Interview with Mark Russinovich: the future of Sysinternals, Security, Windows

The future of Sysinternals, Security, Windows: Check out Mark's interview on TechNet Edge where he covers a range of topics, including what's going on at Sysinternals.

Updates: Autoruns v9.34

Autoruns v9.34: This update fixes a bug that caused Autoruns to exit immediately after finishing a scan when passed the accepteula command line argument.

New Tool: Desktops v1.0; Updates: Autoruns v9.33

Desktops v1.0: This new utility enables you to create up to four virtual desktops and to use a tray interface or hotkeys to preview what's on each desktop and easily switch between them.

Autoruns v9.33: This Autoruns update adds command-line options for automatically scanning and exporting scan results, as well as a number of bug fixes.

Updates: Process Monitor v1.37, Handle v3.41, Process Explorer v11.21, DebugView 4.75 | Mark's Events: Keynote speaker at Virtualization Congress

Process Monitor v1.37: Process Monitor, a system monitoring utility, now prevents you from inadvertently closing the filter dialog without saving edits and fixes a subtle race condition bug in the driver.

Handle v3.41: Handle, a command-line tool for dumping information on open operating system handles, adds a new switch, -l, that dumps the sizes of pagefile-backed sections.

Process Explorer v11.21: This update fixes a race condition bug in the Process Explorer device driver.

DebugView v4.75: DebugView v4.75, a debug output monitoring utility for developers, fixes a bug that caused it to crash when capturing very long debug strings when not forcing carriage returns and the driver is now compatible with the Driver Verifier.

BgInfo v4.14: This update makes the /silent switch more aggressive about supprossing dialog boxes.

Mark's Events: Mark to Keynote Virtualization Congress - Mark is going to deliver a keynote on Microsoft's virtualization strategy at the independent Virtualization Congress in London in October.

 

Mark's Webcasts: Windows Security Boundries

Windows Security Boundries: Mark’s session from TechEd US on what constitutes a security boundary is now available for on-demand viewing. Get the real story on Windows security-related features like Kernel Patch Protection (KPP), Kernel Mode Code Integrity, User sessions, UAC, Protected Mode IE, and more, to find out how they work, what they were designed for, and whether they are security boundaries.

Updates: Autoruns v9.32

Autoruns v9.32: This fixes a 32-bit parsing bug introduced in the v9.31 update.