Mark Russinovich’s technical blog covering topics such as Windows troubleshooting, technologies and security.
I haven't had a chance to write a new post in a while because I've been busy working on Windows, new Sysinternals tools and enhancements to existing ones, and the 5th edition of Windows Internals, so I thought that I'd update you on my speaking schedule, book status, and what's going on at Sysinternals.
My next event is one that anyone can easily attend live, or via recorded webcast: it's the third virtual roundtable in the Microsoft Springboard series of round tables I've been hosting. Springboard is program designed to connect IT pros with practical information, guidance and tools to help them in their evaluation and deployment of Windows without marketing fluff getting in the way. This next round table is on September 24 and takes on the topic of performance. As usual, we'll have a panel of MVPs and customers sharing their experiences and real world tips with you. You can sign up to watch it live and find the contact to send in your questions ahead of time here.
In addition to the round table, I've got a full conference schedule for the Fall, including three keynotes:
TechEd Hong Kong, October 8-10, Wanchai, Hong Kong Virtualization Congress, October 15-16, London, UK Microsoft Platforma, December 4-5, Moscow, Russia
TechEd Hong Kong, October 8-10, Wanchai, Hong Kong
Virtualization Congress, October 15-16, London, UK
Microsoft Platforma, December 4-5, Moscow, Russia
I'm also returning to one of my favorite conferences, TechEd EMEA IT Pros. I love reconnecting with my speaker friends, the enthusiastic European attendees, and Barcelona. I'm delivering several sessions, including an updated "The Case of the Unexplained...", complete with all new examples.
TechEd EMEA IT Pro, November 3-7, Barcelona, Spain
TechEd EMEA IT Pro, November 3-7, Barcelona, Spain
I hope to see you at one of these events, and if attend one of my sessions please stop by and say hello.
The book, which is updated to focus exclusively on Windows Vista and Windows Server 2008, is well along and we're on track for publication in January. I'm writing it again with David Solomon, my coauthor on the previous two editions, and Alex Ionescu, who is new to this edition and contributing great content. With all the new information and experiments, the book is going to be around 250 pages longer, making it its bed-time reading value stretch even longer. You can find information on the book on its official home page here.
Finally, Bryce and I have some exciting Sysinternals updates, including a major Process Monitor update and enhancements to Process Explorer, planned for release in the coming weeks and months.
If you'd like to hear directly from me on what I'm up to at Microsoft, what's behind the Sysinternals operation, what new feature we're releasing in Process Monitor, and my views on Windows, operating system security, and more, check out my recent interview with TechNet Edge.
I realize this may not be the most appropriate place to submit bugs in Sysinternals software, but since you mention new versions of Process Monitor I figured what the hey.
On 32-bit XP and Vista (not tested anywhere else), if you try to monitor processes when launching a very large executable (1.8GB in this instance), Procmon will crash (unfortunately I don't have the exact message handy). I'm not sure if this can be fixed, but it would be nice since it's completely impossible to capture _any_ data once you start the large executable, even when playing back saved log files.
In any case, thanks for the tools and the blog!
You might check out the Process Monitor forum @ http://forum.sysinternals.com/forum_topics.asp?FID=19.
"check out my recent interview with TechNet Edge."
Really enjoyed that one, Mark. You really are *the* go to person for a rational, insightful, no bs discussion on Windows and Windows vs alternatives. Much appreciated.
I was waiting for Windows Internals 5th edition, but it having focus only on Vista discourages me a little. I wanted coverage of XP and 2003 too. What is the overlap between the 4th and 5th editions? Should I read the 4th first, and then move to the 5th when it's realeased?
Yes, read the 4th edition for Windows 2000, XP and Server 2003. We decided that the book would have gotten way to complex if we had tried to cover XP, Server 2003, and Vista/Server 2008, highlighting the differences between them.
Nick: Out of morbid curiosity, what is this 1.8 GB monstrosity? Some kind of self-extracting installer or something?
John: Exactly. It's a self-extracting archive that does some kind of file/registry validation/manipulation before starting the extraction. It was failing on some systems and I was trying to find out why. Unfortunately Procmon wasn't much help due to this issue.
Ok, but why would someone make a 1.8 GB self-extracting archive? Wouldn't it make more sense to have a small executable that operates on a big archived data file? It's probably failing because it has to extract a whopping 1.8 GB!
"Finally, Bryce and I have some exciting Sysinternals updates, including a major Process Monitor update and enhancements to Process Explorer, planned for release in the coming weeks and months."
Mark, can you tell, update for Pagedefrag to work on x64 systems among them?
Really enjoyed that one "check out my recent interview with TechNet Edge." Mark.
>>...and enhancements to existing ones...<<
Please, please PLEASE revisit newsid.exe because sysprep is just a pain in the *ss... nNewsid works fast and clean. Why doesn't MS inderstand that we need a simple tool like newsid! So take a look at Vista and 2008 compatibility. I and many others would be very gratefull.
Btw I don't have problems using newsid on Vista 32 bit, but I do read about some problems on the internet. So a revisit to check if everything still works ok is greatly appreciated!
Imaging and running newsid /a [newcomputername] is just great instead of using the slow sysprep which also changes other things!
I know XP-SP3 wasn't in Edition 4, and I don't think it covered SP2 (don't even see any mention of SP1 in it).
I hope you can at least cover WinXP-SP3 and maybe highlight differences in Vista v. XP -- maybe *possible* differences in Windows "7" -- will it solve the performance and driver compatibility problems brought into Vista?
An update from Mark about the book: http://blogs.msdn.com/microsoft_press/archive/2009/02/13/update-from-mark-russinovich-about-windows-internals.aspx