Sysinternals Site Discussion

Interview with Mark Russinovich: the future of Sysinternals, Security, Windows

The future of Sysinternals, Security, Windows: Check out Mark's interview on TechNet Edge where he covers a range of topics, including what's going on at Sysinternals.

Updates: Autoruns v9.34

Autoruns v9.34: This update fixes a bug that caused Autoruns to exit immediately after finishing a scan when passed the accepteula command line argument.

New Tool: Desktops v1.0; Updates: Autoruns v9.33

Desktops v1.0: This new utility enables you to create up to four virtual desktops and to use a tray interface or hotkeys to preview what's on each desktop and easily switch between them.

Autoruns v9.33: This Autoruns update adds command-line options for automatically scanning and exporting scan results, as well as a number of bug fixes.

Updates: Process Monitor v1.37, Handle v3.41, Process Explorer v11.21, DebugView 4.75 | Mark's Events: Keynote speaker at Virtualization Congress

Process Monitor v1.37: Process Monitor, a system monitoring utility, now prevents you from inadvertently closing the filter dialog without saving edits and fixes a subtle race condition bug in the driver.

Handle v3.41: Handle, a command-line tool for dumping information on open operating system handles, adds a new switch, -l, that dumps the sizes of pagefile-backed sections.

Process Explorer v11.21: This update fixes a race condition bug in the Process Explorer device driver.

DebugView v4.75: DebugView v4.75, a debug output monitoring utility for developers, fixes a bug that caused it to crash when capturing very long debug strings when not forcing carriage returns and the driver is now compatible with the Driver Verifier.

BgInfo v4.14: This update makes the /silent switch more aggressive about supprossing dialog boxes.

Mark's Events: Mark to Keynote Virtualization Congress - Mark is going to deliver a keynote on Microsoft's virtualization strategy at the independent Virtualization Congress in London in October.

 

Mark's Webcasts: Windows Security Boundries

Windows Security Boundries: Mark’s session from TechEd US on what constitutes a security boundary is now available for on-demand viewing. Get the real story on Windows security-related features like Kernel Patch Protection (KPP), Kernel Mode Code Integrity, User sessions, UAC, Protected Mode IE, and more, to find out how they work, what they were designed for, and whether they are security boundaries.

Updates: Autoruns v9.32

Autoruns v9.32: This fixes a 32-bit parsing bug introduced in the v9.31 update.

Updates: Autoruns v9.31; A new blog post from Mark and blog post from Solution Accelerators on using AccessChk

Autoruns v9.31: This release fixes a bug displaying missing images that reference paths with spaces, adds support for Sidebar Gadgets on 64-bit Windows, and correctly handles 64-bit paths that reference the program files directory.

Mark's Blog: Pushing the Limits of Windows: Physical Memory - Mark starts a new blog article series with a look at how much memory Windows supports and why, including why you might not be getting the benefit of all your RAM if you're running 32-bit Windows.

Solution Accelerators Security Blog: How to Use AccessChk.exe for Security Compliance Management - You can use AccessChk with System Center's Desired Configuration Mager to obtain effective user rights directly from managed systems.

Updates: Autoruns v9.3, AccessChk v4.2

Autoruns v9.3: This Autoruns update adds support for several additional shell extension points, including copy hook, property sheet, and drag and drop handlers, fixes a bug in the Vista gadget parsing code and better handles malformed paths.

AccessChk v4.2: This update reports non-canonical security descriptors (ones that have access control entries in an unsupported order) and adds a new switch, -a, that dumps account rights and prvileges.

Updates: Process Monitor v1.35

Process Monitor v1.35: This fixes a bug introduced in v1.34 that prevented Process Monitor's driver from loading on Windows 2000.

Updates: ZoomIt v2.10, Process Monitor v1.34, BgInfo v4.13

ZoomIt v2.10: Includes a zoom-out effect when you exit zoom mode and enables you to specify a background bitmap for the break timer.

Process Monitor v1.34: This update adds the ability to filter on result values.

BgInfo v4.13: Now displays correct version information for Windows Server 2008.

Updates: Process Explorer v11.20, ZoomIt v2.0, Sigcheck v1.53, Handle v3.4 and introducing Sysinternals Live beta.

Sysinternals Live: We're excited to announce the beta of Sysinternals Live, a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as \\live.sysinternals.com\tools\<toolname> or view the entire Sysinternals Live tools directory in a browser at http://live.sysinternals.com.

Process Explorer v11.20: Process Explorer now shows thread permissions, adds process working set minimum and maximum columns, and fixes a bug that allows it to run from read-only locations on 64-bit Windows.

ZoomIt v2.0: This major ZoomIt update adds the drawing color pink, adds screen blanking to the undo history, extends the maximum pen size from 9 to 19 pixels, has an option to hide the tray icon and makes it easy to save zoomed and annotated screens as bitmap files.

Sigcheck v1.53: The CSV column headers have been fixed to correctly reflect the extended version and hash options.

Handle v3.4: This release fixes a bug that allows it to run from read-only locations on 64-bit Windows and adds an option to show the sizes of pagefile-backed sections.

Updates: Autoruns v9.21

Autoruns v9.21: This corrects the version number in the about box.

Updates: Autoruns v9.2, Process Monitor v1.33, AccessChk v4.1

Autoruns v9.2: In order to better support assisted troubleshooting, Autoruns - an autostart analyzer - now exports and imports scan results to enable viewing results on other systems, adds support for enabling and deleting Winsock notification DLLs, and fixes a number of 64-bit Windows issues.

Process Monitor v1.33: This update to Process Monitor, a real-time file, thread, DLL and performance monitoring utility, improves 32-bit stack walking on 64-bit Windows, fixes a driver bug that could cause crashes on 64-bit Windows, and preserves profiling information by default when saving log files.

AccessChk v4.1: AccessChk, a command-line utility for analyzing effective permissions on files, registry keys, process and more, now interprets Windows Vista process owner rights and can show permissions on active threads.

Updates: Process Monitor v1.32

Process Monitor v1.32: This fixes a dependency introduced in v1.31 that prevented Procmon from running on Windows 2000.

Updates: Process Explorer v11.13, Process Monitor v1.31, and Handle v3.31

Process Explorer v11.13: This includes bug fixes for viewing thread stacks of system threads and 64-bit thread stacks. It also fixes compatibility with Windows 9x and NT 4.

Process Monitor v1.31: This update fixes a bug that could result in a deadlock when exiting or disabling capture with thread profiling enabled.

Handle v3.31: No functional change and hence no version number update, but has version field that enables it to work again on Windows 9x and NT 4.