Mark’s Windows Internals Session at the Professional Developer’s Conference, Part 1

Mark’s Windows Internals Session at the Professional Developer’s Conference, Part 2: Mark dives deep to cover Windows 7 and Windows Server 2008 R2 kernel changes in his top-rated session from PDC 2009.

 VMMap v2.5: This update to VMMap, a process memory analysis utility, now identifies thread environment blocks (TEBs), the process environment block (PEB), and reserved memory.

 Disk2vhd v1.4: Now includes an option for Windows XP and Windows Server 2003 that directs it to fix up the kernel and HAL to make the VHDs generated for these systems bootable in Virtual PC. It also skips sectors with CRC errors to enable the conversion of systems with failing disks.

 Sigcheck v1.63: Instead of reporting ‘unsigned image’ for all signature check failures, Sigcheck now reports specific errors, such as the root not being trusted and the signing chain not being valid.

 Autoruns v9.57: Now reports more group policy script entries.

 PsExec v1.97: This update to PsExec fixes the interactive (-i) switch for Windows XP and a bug in the copy-to-remote (-c) switch that would sometimes prevent the copy from succeeding.

 PsKill v1.13:  Fixes a bug in the process tree termination logic.