Sysinternals Site Discussion

Paul Thurrott Interviews Mark on Windows 7, New Mark's blog post - Case of the Slow Logon on , and Process Explorer is cited as PC World Magazine's top Windows tips

Paul Thurrott Interviews Mark on Windows 7 Development: Check out Mark’s interview with Windows IT Pro Magazine columnist Paul Thurrott, where he discusses some of the thinking behind Windows 7.

Mark’s Blog: Case of the Slow Logon: Mark’s latest blog post documents a troubleshooting case that highlights the use of PsExec to monitor the logoff or logon process and the technique of Process Monitor log comparison to pinpoint a problem that caused some machines in a corporate network to experience 3-minute logons.

 Process Explorer in PC World’s Top 75 Windows Tips of All Time: We’re proud that Process Explorer was cited as one of PC World Magazine’s top Windows tips.

Updates: ProcDump v1.72, Desktops v1.02, Sigcheck v1.65, DiskView v2.3

ProcDump v1.72: This update changes the dump file date and time format to be ISO compliant and fixes a bug that prevented ProcDump from exiting when the process termination condition was active.

Desktops v1.02: v1.02 works around another issue that could prevent Alt+Tab from working on alternate desktops on 64-bit Windows 7 systems.

Sigcheck v1.65: Now includes all certificate errors in the unsigned image filter, not just images that have no code signing certificate.

Updates: ProcDump v1.71

ProcDump v1.71: This fixed a bug in the exception handling dump condition logic.

Updates: ProcDump v1.7, AccessChk v4.24, Sigcheck v1.64, Desktops v1.01, LiveKd v3.13

ProcDump v1.7: This update to ProcDump, a command-line utility that will generate memory dumps of processes based on various selectable criteria, now supports periodic timed dumps as well as dumps based on virtual memory thresholds.

AccessChk v4.24: AccessChk, a utility that shows effective security permissions for files, registry keys, services, and more, now supports process tokens.

Sigcheck v1.64: This release adds reporting for more signature verification errors.

Desktops v1.01: This fixes a bug that prevented Desktops from launching Explorer on secondary desktops when run on 64-bit Windows 7.

LiveKd v3.13: LiveKd works around a bug in Windbg’s analysis engine that could cause Windbg to hang for several minutes when launched from Livekd.

Updates: VMMap v2.5, Disk2vhd v1.4; Sigcheck v1.63; Autoruns v9.57; PsExec v1.97; PsKill v1.13 and a new Mark's Windows Internals Session video from PDC 2009

Mark’s Windows Internals Session at the Professional Developer’s Conference, Part 1

Mark’s Windows Internals Session at the Professional Developer’s Conference, Part 2: Mark dives deep to cover Windows 7 and Windows Server 2008 R2 kernel changes in his top-rated session from PDC 2009.

VMMap v2.5: This update to VMMap, a process memory analysis utility, now identifies thread environment blocks (TEBs), the process environment block (PEB), and reserved memory.

Disk2vhd v1.4: Now includes an option for Windows XP and Windows Server 2003 that directs it to fix up the kernel and HAL to make the VHDs generated for these systems bootable in Virtual PC. It also skips sectors with CRC errors to enable the conversion of systems with failing disks.

Sigcheck v1.63: Instead of reporting ‘unsigned image’ for all signature check failures, Sigcheck now reports specific errors, such as the root not being trusted and the signing chain not being valid.

Autoruns v9.57: Now reports more group policy script entries.

PsExec v1.97: This update to PsExec fixes the interactive (-i) switch for Windows XP and a bug in the copy-to-remote (-c) switch that would sometimes prevent the copy from succeeding.

PsKill v1.13:  Fixes a bug in the process tree termination logic.

Updates: Disk2vhd v1.3, Sigcheck v1.61, Process Monitor v2.8, LiveKd v3.12 and a new Mark's blog post

NewSID Retirement and the Machine SID Duplication Myth: Mark’s latest blog post debunks the myth that having duplicate machine SIDs causes problems, explaining why the Sysinternals NewSID tool has been retired.

Disk2vhd v1.3: This update to Disk2vhd makes more Windows XP and Windows Server 2003 VHDs bootable by updating their MBR and boot sectors to be compatible with Hyper-V and Virtual PC and by installing the Intelide driver if it it’s not already installed. It also optimizes image creation by not copying paging and hibernation files.

Sigcheck v1.62: This update to Sigcheck, a utility that displays file version and digital signature information, removes a file size limit for generating file hashes, works on 64-bit MSI files, and reports expired signatures.

Process Monitor v2.8: Displays new Windows 7 CreateFile options, includes file-delete operations in the Category filter’s Write subcategory, and displays names for more IOCTLs and result codes.

LiveKd v3.12: This release fixes compatibility with 64-bit Windows XP and Windows Server 2003.

Updates: Disk2vhd v1.21

Disk2vhd v1.21: The target volume size calculation is now based on the required size of the source volumes instead of the total size.

New Video: Windows 7 General Availability and Mark on Channel 9

Windows 7 General Availability and Mark on Channel 9:  Check out Mark’s latest Channel 9 interview on Windows 7 and Windows Server 2008 R2 kernel changes, released today to coincide with Windows 7’s general availability. He talks about memory management, process reflection and more, and shows a couple of demos on a 256-processor system.

Updates: Disk2vhd v1.2

Disk2vhd v1.2: This version fixes the space requirement calculation for the volume to which the VHD will be written.

Updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4

Disk2vhd v1.1: Disk2vhd now supports command-line options for automation and fixes a bug that could result in an “invalid user buffer” error during a conversion.

ZoomIt v4.1: ZoomIt is a screen magnification and annotation utility that’s useful for technical presentations. With this update, you can now easily switch between LiveZoom (supported on Vista and Windows 7) and drawing mode.

Coreinfo v2.0: Coreinfo now supports IA64 and Windows Server 2008 R2 systems with more than 64 logical processors.

VMMap v2.4: This release fixes a rare bug that could result in inaccurate summary statistics.

Updates: Autoruns v9.56

Autoruns v9.56: This update enables Autoruns to view registry entries that have permissions only allowing the System account access and fixes a bug that caused some rundll32-hosted entries to not display correctly.

New Tool: Disk2vhd v1.0

Disk2vhd v1.0: We’re excited to announce a new Sysinternals tool, Disk2vhd, that simplifies the migration of physical systems into virtual machines (p2v). Just run Disk2vhd on the system you want to migrate and specify the volumes for which you want data included, and Disk2vhd creates a consistent point-in-time volume snapshot followed by an export of the selected volumes into one or more VHDs that you can add to a new or existing Hyper-V or Virtual PC virtual machine.

Updates: LiveKd v3.1, BgInfo v4.16, ProcDump v1.6, Autoruns v9.55 | New Marks Blog Post: Pushing the Limits of Windows: Handles | New video: Mark Talks About Windows 7 and Windows Server 2008 R2 at Intel Developer Forum

Mark’s Blog: Pushing the Limits of Windows: Handles: Mark’s latest post in his Pushing the Limits of Windows series goes inside the limits that affect handle usage. He explains the role of handles, describes how the system manages them, and shows you how to identify and debug handle leaks.

Mark Talks About Windows 7 and Windows Server 2008 R2 at Intel Developer Forum: Mark gave a joint presentation with Shiv Kaushik, an Intel Fellow, at IDF in San Francisco on how Microsoft and Intel collaborated during the development process to make sure that Windows takes advantage of new Intel processor features and enhancements.

LiveKd v3.1: This update to LiveKd, a tool that enables you to perform local kernel debugging using the Windbg tool, adds support for systems with more than 4GB of RAM and now works on x64 systems even when they aren’t booted in debugging mode.

BgInfo v4.16: Bginfo now correctly reports Windows Server 2008 R2.

ProcDump v1.6: This minor update sets the thread context in a dump file to the thread that trips the CPU threshold so that it’s stack can be viewed simply by entering a stack dump command.

Autoruns v9.55: A bug that prevented some 64-bit entries from being disabled is addressed in this update.

FileMon and Regmon Retired. NewSID End of Life

Filemon and Regmon Retired: As we forwarned, Filemon and Regmon have been retired from the site, since their functionality is subsumed by the much more powerful and scalable Process Monitor utility.

NewSID End of Life: NewSID will be retired from Sysinternals on November 2, 2009.

Updates: Process Monitor v2.7, ProcDump v1.5, VMMap v2.3, Autoruns v9.54

Process Monitor v2.7: This update to Process Monitor, a system monitoring utility, adds a new option to the process tree dialog that direct it to show just the timeline for displayed events, uses kernel-based thread profiling on Vista and higher for better performance, and includes a number of minor fixes and enhancements.

ProcDump v1.5: ProcDump now includes a new switch that enables the creation of a process dump upon process termination, which can help with troubleshooting unexpected process termination. It also fixes a bug where the -ma switch wouldn’t generate a full dump when combined with -r , the Windows 7-specific process reflection switch.

VMMap v2.3: VMMap, a process virtual and physical memory analysis tool has an improved copy-to-clipboard functionality and a fix for a bug that could in some cases result in inaccurate difference-view reporting.

Autoruns v9.54: This update includes several bug fixes, the introduction of additional 32-bit autostart locations for 64-bit Windows, some user interface improvements, and brings back compatibility with .ARN files created by older versions.