See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sysinternals Site Discussion
mark Russinovich live
sysinternals administrator's reference
TechEd North America
Zero Day Malware Cleaning
Browse by Tags
Sysinternals Site Discussion
Update: LiveKd v5.4, Autoruns v13.2, Sigcheck v2.2, Process Explorer v16.05
LiveKd v5.4 This update to Livekd, a tool that enables live kernel debugging for Windows systems and Hyper-V guest Windows virtual machines, now includes ‘live dump’ support for generating fast-snapshot crash-consistent kernel dump files using support introduced in Windows 8.1 and Windows...
10 Mar 2015
Update: Autoruns v13.01
Autoruns v13.01 This release fixes a bug in v13 that caused autostart entry lines not to show when you enter a filter string into the toolbar's filter control
9 Feb 2015
Updates: Handle v4.0. Procdump v7.01, Procexp v16.04, Regjump v1.02, Autoruns v12.03
Handle v4 : Handle is a command-line utility that can show which processes have a handle to a file or other resource open, or show all open handles. Version 4 now works with standard-user rights, allowing standard users to identify the handles open by their processes. ProcDump v7.01 : This release...
12 Sep 2014
Updates: Autoruns v12.02, Coreinfo v3.31, Sysmon v1.01, Whois v1.12
Autoruns v12.02 : This fixes a bug that could cause Autoruns to crash on startup, updates the image path parsing for Installed Components to remove false positive file-not-found entries, and correctly reports image entry timestamps in local time instead of UTC. Coreinfo v3.31 : This update fixes...
19 Aug 2014
New: Sysmon v1.0; Updates: Autoruns v12.01, Coreinfo v3.3, Procexp v16.03
Sysmon v1.0 : We’re excited to announce Sysmon, a new Sysinternals utility that monitors and reports key system activity via the Windows event log, including detailed information about process creation, network connections and file creation timestamp changes. With Sysmon installed on your systems...
8 Aug 2014
Updates: Autoruns v12.0, Procdump v7.0
Autoruns v12.0 : This release of Autoruns, a Windows application and command-line utility for viewing autostart entries, now reports the presence of batch file and executable image entries in the WMI database, a vector used by some types of malware. Procdump v7.0 : Procdump, a utility for capturing...
13 May 2014
Updates: Autoruns v11.32, Process Explorer v15.21, Process Monitor v3.02, PSKill v1.15, RAMMap v1.2
Autoruns v11.32 : This update fixes a bug that prevented Autoruns from correctly elevating when the Run as Administrator option is selected. Process Explorer v15.21 : This update fixes a bug related to the autostart functionality introduced in v15.2, a tooltip display bug, and a bug that prevented...
28 Jun 2012
Update: Autoruns v10.01
Autoruns v10.01: This fixes a bug in the Registry jump-to function for HKCU registry paths.
14 Jun 2010
Updates: Autoruns v9.32
Autoruns v9.32: This fixes a 32-bit parsing bug introduced in the v9.31 update.
25 Jul 2008
Updates: Autoruns v 11.3, LiveKd v 5.2, Strings v 2.5 and Trojan Horse, Mark's sequel to Zero Day, available for pre-order
Autoruns v11.3 : This update to Autoruns, a utility that shows the executables, drivers, and DLLs configured to autostart, adds several new autostart locations, sets a file association for its log file extension, reports the target of Rundll32 and other host executables, and fixes several bugs. LiveKd...
14 May 2012
Updates: Autoruns v11.31, DebugView 4.79
Autoruns v11.31 : This fixes a bug that caused Autoruns to not automatically refresh when relaunched from the “Run as Administrator” menu option. DebugView 4.79 : This update fixes an incompatibility with Windows XP 32-bit that was introduced in the v4.78 release.
24 May 2012
Updates: Process Explorer v14.01, Autoruns v10.05
Process Explorer v14.01: This update fixes a bug related to the DLL view and adds a tab to the new system information dialog, Summary, that displays all the performance graphs together. Autoruns v10.05: This Autoruns update adds ActiveSync autostart locations, fixes a bug in that prevented offline...
23 Nov 2010
Updates: ZoomIt v3.0, Process Explorer v11.32, Autoruns v9.38
ZoomIt v3.0: This major update to ZoomIt, the Sysinternals screen magnification and annotation utility, adds a LiveZoom mode on Windows Vista and higher, allows you to change the typing and break timer font, adds the ability to copy the magnified screen to the clipboard with Ctrl+C, and introduces a...
12 Jan 2009
Updates: Autoruns v9.53, ProcDump v1.3, Process Monitor v2.6 | New Mark's Blog post: The Case of the Temporary Registry Profiles | Download Windows Internals 5 sample chapter
Mark’s Blog: The Case of the Temporary Registry Profiles : In the latest post in Mark’s “Case of the Unexplained” series, he documents a perplexing case affecting many Microsoft and Citrix customers that Microsoft Customer Support Services solved with the use of Process Monitor’s boot logging and stack...
13 Aug 2009
Updates: Autoruns v11.6, Procexp v15.31, Procmon v3.05, Sigcheck v1.92
Autoruns v11.6 : Autoruns is a utility for enumerating and disabling executables and DLLs configured to activate in dozens of autostart registration points. This update fixes some minor bugs and adds Authenticode SHA1 and SHA256 hash reporting to Autorunsc output. Sigcheck v1.92 : Sigcheck is a command...
4 Jun 2013
Updates: Autoruns v11.5, Du (Disk Usage) v1.5, Procdump v5.14, Procmon v3.04, Ru (Registry Usage) v1.0
Autoruns v11.5 : This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved...
27 Mar 2013
Updates: Process Monitor v2.95, TCPView v3.04, Autoruns v10.07, and a new blog post and webcast from Mark.
Process Monitor v2.95 : This update to Process Monitor reports the write-through flag on file I/O, shows DLL version information on the process page of the event properties dialog, automatically launches the correct version of Process Monitor to match the bitness (32 or 64) of a logfile, and fixes several...
13 Apr 2011
Updates: Autoruns v9.31; A new blog post from Mark and blog post from Solution Accelerators on using AccessChk
Autoruns v9.31: This release fixes a bug displaying missing images that reference paths with spaces, adds support for Sidebar Gadgets on 64-bit Windows, and correctly handles 64-bit paths that reference the program files directory. Mark's Blog: Pushing the Limits of Windows: Physical Memory - Mark...
22 Jul 2008
Updates: TCPView v3.0, Autoruns v10.02, ProcDump v1.81, Disk2vhd v1.61
TCPView v3.0: This major update to TCPView, a TCP/UDP endpoint viewing utility, adds endpoint send and receive statistics by leveraging ETW when TCPView is run with administrative rights. It also breaks ports and addresses into separate columns. Autoruns v10.02: This update fixes a bug in Autorunsc...
22 Jul 2010
Updates: Process Monitor v2.03, Autoruns v9.36, Disk Usage v1.33, Process Explorer v11.31
Process Monitor v2.03: This update to Process Monitor, a real-time file, registry, process and network monitor, adds the ability to import and export configuration settings, shows an icon in the operations column depicting the event class of the operation, and fixes a symbol configuration bug on Windows...
11 Dec 2008
New Tool: ProcDump v1.0 | Updates: Autoruns v9.51, VMMap v2.1, PsExec v1.96 | Book released: Windows Internals 5th Edition Released!| Webcast: Case of the Unexplained 2009
Windows Internals 5th Edition Released! The 5 th Edition of Windows Internals , the official book on the architecture and internals of the Windows operating system, is now available. This release is 25% larger than the 4 th Edition and is updated to cover Windows Vista and Windows Server 2008. Visit...
1 Jul 2009
New Tool: Desktops v1.0; Updates: Autoruns v9.33
Desktops v1.0: This new utility enables you to create up to four virtual desktops and to use a tray interface or hotkeys to preview what's on each desktop and easily switch between them. Autoruns v9.33: This Autoruns update adds command-line options for automatically scanning and exporting scan results...
22 Aug 2008
Updates: VMMap v2.5, Disk2vhd v1.4; Sigcheck v1.63; Autoruns v9.57; PsExec v1.97; PsKill v1.13 and a new Mark's Windows Internals Session video from PDC 2009
Mark’s Windows Internals Session at the Professional Developer’s Conference, Part 1 Mark’s Windows Internals Session at the Professional Developer’s Conference, Part 2 : Mark dives deep to cover Windows 7 and Windows Server 2008 R2 kernel changes in his top-rated session from...
1 Dec 2009
Update: Autoruns v11.62
Autoruns v11.62 : This release fixes a bug in version 11.61’s jump-to-image functionality.
2 Jul 2013
Updates: AccessChk v5.1, Autoruns v.11.33, Coreinfo v3.05, Whois v1.1
AccessChk v5.1 : This update to AccessChk, a command-line utility that shows the security settings and effective access on many object types, including registry keys and files, now reports Windows 8 claims and capabilities, shows the token of processes running as local system, lists security descriptor...
4 Aug 2012
© 2015 Microsoft Corporation.
Privacy & Cookies