See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Compatability & Converters
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sysinternals Site Discussion
mark Russinovich live
sysinternals administrator's reference
TechEd North America
Zero Day Malware Cleaning
Browse by Tags
Sysinternals Site Discussion
Updates: ProcDump v4.0, Process Monitor v2.96, Process Explorer v15.02, Mark’s Blog: The Case of the Hung Game Launcher, and Zero Day Malware Cleaning with the Sysinternals Tools
ProcDump v4.0 : This update for ProcDump, a trigger-based process dump capture utility, enables you to control the contents of the dump with your own minidump callback DLL and adds a new switch, -w, that has ProcDump wait for a specified process to start. Process Monitor v2.96 : This release changes...
17 Aug 2011
Updates: VMMap v3.1, RAMMap v1.11, Handle v3.46, Process Explorer v14.12 and Mark’s Blog: Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 3
VMMap v3.1 : VMMap, a process virtual and physical memory analyzer, now shows the ASLR status of images and reports “unusable” virtual memory regions. RAMMap v1.11 : This update to RAMMap, a system memory usage analyzer, adds command-line options for loading files and exporting scans...
18 May 2011
Mark’s Blog Nominated for “Niney Award”
Mark’s Blog Nominated for “Niney Award”: The first annual Niney Awards nominations are out and Mark’s Blog is nominated in the Favorite Blog About Microsoft category. Vote early and vote often!
3 Feb 2011
Updates: ProcDump v3.02, Contig v1.6, TCPView v3.03 and a New Mark's Blog Post
ProcDump v3.02: This update to ProcDump, a command-line utility that can capture process dumps based on performance or behavioral triggers, adds more information to the minidump plus dump type, and ignores breakpoint exceptions unless overridden with the new -b switch. It also leverages the installed...
1 Feb 2011
New Mark's Blog post: Happy Holidays with a Festive Bluescreen of Death
Mark's Blog: Happy Holidays with a Festive Bluescreen of Death: Mark's latest blog post shows you how to change the colors of the infamous "bluescreen of death", complete with a screenshot and instructions on how to make one that's colored for the holiday season.
16 Dec 2010
Updates: ProcDump v3.0, AccessChk v5.01 and a new Mark's Blog Post
ProcDump v3.0: This update to ProcDump, a flexible command-line utility for capturing process dumps based on time, CPU, memory, or performance counter thresholds, adds a new dump type, Minidump Plus, that uses heuristics to create the equivalent of full dumps for very large processes, but with large...
9 Dec 2010
Updates: LiveKd v5.0 - and a related Mark's Blog post, Disk2vhd v1.63, Sigcheck v1.71
LiveKd v5.0: LiveKd, a tool that enables live kernel debugging of Windows systems, can now debug and generate kernel dump files of Hyper-V Windows virtual machines from the parent partition without having to boot the target virtual machine in debug mode. See Mark’s most recent blog post, “...
14 Oct 2010
Updates: ProcDump v2.0, Process Monitor v2.92, and a new Mark's Blog Post
ProcDump v2.0: This major update to ProcDump, a tool that captures process dumps based on process CPU usage, memory consumption, and other behaviors, can now be configured to generate dumps based on the values of system performance counters. Process Monitor v2.92: This update adds a toolbar button...
30 Aug 2010
Updates: Autoruns v10, Process Explorer v12.04, Sigcheck v1.7, ProcDump v1.8 and a new Case of the Unexplained
Mark’s Blog: The Case of the Unexplained IE Crash - Mark goes on a detective hunt to find out the likely culprit of an IE crash he recently experienced. In the post, he shows how to find which process out of multiple running the same executable crashed and how to get additional information from...
8 Jun 2010
Updates: Process Monitor v2.9, Process Explorer v12.02, Testlimit v5.02 | A new Mark's blog post and Mark to speak at the Windows Summit and TechEd US
Process Monitor v2.9: This update to Process Monitor adds translations for more error codes, the ability to disable individual filter entries, and a debugging API so that developers can insert debug output into the Process Monitor event stream (John Robbins has implemented helper classes for generating...
15 Apr 2010
Paul Thurrott Interviews Mark on Windows 7, New Mark's blog post - Case of the Slow Logon on , and Process Explorer is cited as PC World Magazine's top Windows tips
Paul Thurrott Interviews Mark on Windows 7 Development : Check out Mark’s interview with Windows IT Pro Magazine columnist Paul Thurrott, where he discusses some of the thinking behind Windows 7. Mark’s Blog: Case of the Slow Logon : Mark’s latest blog post documents a troubleshooting case that highlights...
19 Jan 2010
Updates: Autoruns v9.4, BgInfo v4.15, ZoomIt v3.03 | New Mark's Blog post: Pushing the Limits of Windows: Paged and Nonpaged Pool
Autoruns v9.4: This Autoruns update shows manual start Windows services, fixes a bug that affected the display of autostart locations that could include multiple startup registrations, and fixes a bug in the Jump To functionality on 64-bit Windows. BgInfo v4.15: Bginfo now supports access to 64-bit...
30 Mar 2009
Updates: Process Explorer v11.3, Handle v3.42 | A new Mark's blog post | 2 New Mark's webcasts: Case of the Unexplained and Inside Windows Server 2008 R2 Virtualization and VHD Improvements
Process Explorer v11.3: This update to Process Explorer includes numerous enhancements and bug fixes, including a physical memory history graph, options to configure memory tray icons, asyncronous thread symbol resolution and security ID lookup, dynamic recognition of new volume drive letters, multiple...
19 Nov 2008
Updates: Process Monitor v2.0, ZoomIt v2.11, Sigcheck v1.54, Contig v1.55 | A new Mark's Blog post: The Case of the Sloooow System | New Vista Springboard webcast
Process Monitor v2.0: This major update to Process Monitor adds real-time TCP and UDP monitoring to its existing process, thread, DLL, file system and registry monitoring. You can now see the TCP and UDP activity processes performed, including the operation (e.g. connect, send, receive), local and remote...
30 Sep 2008
Updates: Autoruns v9.31; A new blog post from Mark and blog post from Solution Accelerators on using AccessChk
Autoruns v9.31: This release fixes a bug displaying missing images that reference paths with spaces, adds support for Sidebar Gadgets on 64-bit Windows, and correctly handles 64-bit paths that reference the program files directory. Mark's Blog: Pushing the Limits of Windows: Physical Memory - Mark...
22 Jul 2008
© 2014 Microsoft Corporation.
Privacy & Cookies