Autoruns v11.5 : This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved...

Autoruns v11.42 : This release fixes a bug in the parsing of network file paths introduced in v11.41.

Autoruns v11.41 : This Autoruns update reports the hosting image target of link shortcut references. Handle v3.51 : This minor update to Handle, a command-line utility that dumps process handle tables, fixes a bug in its file share drive letter formatting. Movefile v1.01 : Movefile, a utility for...

Autoruns v11.4 : Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug. Procdump v5.12 : This Procdump update fixes a bug introduced in v5.11 where it doesn’t save...

Autoruns v11.34 : This release of Autoruns fixes a bug that caused it to not show some Internet Explorer extensions. ProcDump v5.0 : Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and...

AccessChk v5.1 : This update to AccessChk, a command-line utility that shows the security settings and effective access on many object types, including registry keys and files, now reports Windows 8 claims and capabilities, shows the token of processes running as local system, lists security descriptor...

Autoruns v11.32 : This update fixes a bug that prevented Autoruns from correctly elevating when the Run as Administrator option is selected. Process Explorer v15.21 : This update fixes a bug related to the autostart functionality introduced in v15.2, a tooltip display bug, and a bug that prevented...

Autoruns v11.31 : This fixes a bug that caused Autoruns to not automatically refresh when relaunched from the “Run as Administrator” menu option. DebugView 4.79 : This update fixes an incompatibility with Windows XP 32-bit that was introduced in the v4.78 release.

Autoruns v11.3 : This update to Autoruns, a utility that shows the executables, drivers, and DLLs configured to autostart, adds several new autostart locations, sets a file association for its log file extension, reports the target of Rundll32 and other host executables, and fixes several bugs. LiveKd...

Accesschk v5.03 : The -l switch, which has AccessChk show detailed security descriptor information, now reports the object owner as well as security descriptor flags. Autoruns v11.22 : This release of Autoruns fixes a bug in the XML output structure, jump-to-folder functionality for scheduled task...

Process Monitor v2.95 : This update to Process Monitor reports the write-through flag on file I/O, shows DLL version information on the process page of the event properties dialog, automatically launches the correct version of Process Monitor to match the bitness (32 or 64) of a logfile, and fixes several...

Autoruns v10.06: This release fixes a bug that could affect delete and disable operations on entries stored as multisz registry values.

Process Explorer v14.01: This update fixes a bug related to the DLL view and adds a tab to the new system information dialog, Summary, that displays all the performance graphs together. Autoruns v10.05: This Autoruns update adds ActiveSync autostart locations, fixes a bug in that prevented offline...

Autoruns v10.04: This fixes a toolbar drawing bug that shows on Windows XP.

ProcDump v2.01: ProcDump now generates a dump file name based on the date and time if no file name is specified, adds support for per-process performance counters, and reports in the dump comment for performance counter triggers the biggest CPU consuming thread. Autoruns v10.03: This update adds a...

TCPView v3.0: This major update to TCPView, a TCP/UDP endpoint viewing utility, adds endpoint send and receive statistics by leveraging ETW when TCPView is run with administrative rights. It also breaks ports and addresses into separate columns. Autoruns v10.02: This update fixes a bug in Autorunsc...

Autoruns v10.01: This fixes a bug in the Registry jump-to function for HKCU registry paths.

Mark’s Blog: The Case of the Unexplained IE Crash - Mark goes on a detective hunt to find out the likely culprit of an IE crash he recently experienced. In the post, he shows how to find which process out of multiple running the same executable crashed and how to get additional information from...

Mark’s Windows Internals Session at the Professional Developer’s Conference, Part 1 Mark’s Windows Internals Session at the Professional Developer’s Conference, Part 2 : Mark dives deep to cover Windows 7 and Windows Server 2008 R2 kernel changes in his top-rated session from...

Autoruns v9.56: This update enables Autoruns to view registry entries that have permissions only allowing the System account access and fixes a bug that caused some rundll32-hosted entries to not display correctly.

Mark’s Blog: Pushing the Limits of Windows: Handles : Mark’s latest post in his Pushing the Limits of Windows series goes inside the limits that affect handle usage. He explains the role of handles, describes how the system manages them, and shows you how to identify and debug handle leaks. Mark...

Process Monitor v2.7 : This update to Process Monitor, a system monitoring utility, adds a new option to the process tree dialog that direct it to show just the timeline for displayed events, uses kernel-based thread profiling on Vista and higher for better performance, and includes a number of minor...

Mark’s Blog: The Case of the Temporary Registry Profiles : In the latest post in Mark’s “Case of the Unexplained” series, he documents a perplexing case affecting many Microsoft and Citrix customers that Microsoft Customer Support Services solved with the use of Process Monitor’s boot logging and stack...

Windows Internals 5th Edition Released! The 5 th Edition of Windows Internals , the official book on the architecture and internals of the Windows operating system, is now available. This release is 25% larger than the 4 th Edition and is updated to cover Windows Vista and Windows Server 2008. Visit...

Autoruns v9.5: This update to Autoruns, a powerful autostart manager, adds display of audio and video codecs, which are gaining popularity as an extension mechanism used by malware to gain automatic execution. PsLoglist v2.7: This version of PsLoglist, a command-line event log display utility,...