See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sysinternals Site Discussion
mark Russinovich live
sysinternals administrator's reference
TechEd North America
Zero Day Malware Cleaning
Browse by Tags
Sysinternals Site Discussion
Updates: Autoruns v12.0, Procdump v7.0
Autoruns v12.0 : This release of Autoruns, a Windows application and command-line utility for viewing autostart entries, now reports the presence of batch file and executable image entries in the WMI database, a vector used by some types of malware. Procdump v7.0 : Procdump, a utility for capturing...
13 May 2014
Updates: Autoruns v11.5, Du (Disk Usage) v1.5, Procdump v5.14, Procmon v3.04, Ru (Registry Usage) v1.0
Autoruns v11.5 : This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved...
27 Mar 2013
Updates: TCPView v3.0, Autoruns v10.02, ProcDump v1.81, Disk2vhd v1.61
TCPView v3.0: This major update to TCPView, a TCP/UDP endpoint viewing utility, adds endpoint send and receive statistics by leveraging ETW when TCPView is run with administrative rights. It also breaks ports and addresses into separate columns. Autoruns v10.02: This update fixes a bug in Autorunsc...
22 Jul 2010
Updates: ZoomIt v4.2, Process Explorer v14.11, and ProcDump v3.04
ZoomIt v4.2 : This update to ZoomIt, a screen magnification and annotation utility, now adjusts the drawing pen size when you enter drawing mode from live zoom to match the static zoom pen size. Process Explorer v14.11 : Process Explorer v14.11 includes the ability to configure network and disk activity...
3 May 2011
Updates: DebugView v4.81, ProcDump v5.11, ZoomIt v4.4
DebugView v4.81 : Version 4.81 of DebugView, a utility that logs user and kernel-mode debug output messages, fixes a bug that could cause it on some executions to fail to capture debug output and enter a CPU-bound loop. ProcDump v5.11 : This release of ProcDump fixes a bug introduced in version 5...
4 Dec 2012
New Tool: ProcDump v1.0 | Updates: Autoruns v9.51, VMMap v2.1, PsExec v1.96 | Book released: Windows Internals 5th Edition Released!| Webcast: Case of the Unexplained 2009
Windows Internals 5th Edition Released! The 5 th Edition of Windows Internals , the official book on the architecture and internals of the Windows operating system, is now available. This release is 25% larger than the 4 th Edition and is updated to cover Windows Vista and Windows Server 2008. Visit...
1 Jul 2009
Updates: ProcDump v1.7, AccessChk v4.24, Sigcheck v1.64, Desktops v1.01, LiveKd v3.13
ProcDump v1.7: This update to ProcDump, a command-line utility that will generate memory dumps of processes based on various selectable criteria, now supports periodic timed dumps as well as dumps based on virtual memory thresholds. AccessChk v4.24: AccessChk, a utility that shows effective security...
11 Jan 2010
Updates: ProcDump v1.71
ProcDump v1.71: This fixed a bug in the exception handling dump condition logic.
14 Jan 2010
Updates: Autoruns v9.53, ProcDump v1.3, Process Monitor v2.6 | New Mark's Blog post: The Case of the Temporary Registry Profiles | Download Windows Internals 5 sample chapter
Mark’s Blog: The Case of the Temporary Registry Profiles : In the latest post in Mark’s “Case of the Unexplained” series, he documents a perplexing case affecting many Microsoft and Citrix customers that Microsoft Customer Support Services solved with the use of Process Monitor’s boot logging and stack...
13 Aug 2009
Updates: ProcDump v1.72, Desktops v1.02, Sigcheck v1.65, DiskView v2.3
ProcDump v1.72: This update changes the dump file date and time format to be ISO compliant and fixes a bug that prevented ProcDump from exiting when the process termination condition was active. Desktops v1.02: v 1.02 works around another issue that could prevent Alt+Tab from working on alternate...
19 Jan 2010
Updates: Process Explorer v14.1, VMMap v3.03, ProcDump v3.03, and Zero Day is now Available!
Zero Day is Now Available! Mark’s first novel, a cyberthriller called Zero Day, is now available for order. If you like Sysinternals tools, Mark’s Case of the Unexplained blog posts, Michael Crichton and Tom Clancy, you’re sure to like Zero Day. Process Explorer v14.1: This update...
15 Mar 2011
Updates: ProcDump v3.02, Contig v1.6, TCPView v3.03 and a New Mark's Blog Post
ProcDump v3.02: This update to ProcDump, a command-line utility that can capture process dumps based on performance or behavioral triggers, adds more information to the minidump plus dump type, and ignores breakpoint exceptions unless overridden with the new -b switch. It also leverages the installed...
1 Feb 2011
Updates: Autoruns v10, Process Explorer v12.04, Sigcheck v1.7, ProcDump v1.8 and a new Case of the Unexplained
Mark’s Blog: The Case of the Unexplained IE Crash - Mark goes on a detective hunt to find out the likely culprit of an IE crash he recently experienced. In the post, he shows how to find which process out of multiple running the same executable crashed and how to get additional information from...
8 Jun 2010
Updates: ProcDump v1.4
Procdump v1.4: This fixes a bug introduced in v1.3 that broke compatibility with Windows XP and Windows Server 2003.
18 Aug 2009
Updates: Accesschk v5.11, Procdump v6.0, RAMMap v1.22, Strings v2.51
AccessChk v5.11 : AccessChk, a command line utility for dumping the effective permissions and security descriptors for files, registry keys, processes, tokens, object manager objects, now prefixes Windows 8 application container SIDs with the word “Package”, and includes several minor bug...
17 May 2013
Update ProcDump v3.01
ProcDump v3.01: This release fixes a bug that could cause ProcDump to crash when used with the miniplus dump option (-mp).
15 Dec 2010
Updates: Process Monitor v2.7, ProcDump v1.5, VMMap v2.3, Autoruns v9.54
Process Monitor v2.7 : This update to Process Monitor, a system monitoring utility, adds a new option to the process tree dialog that direct it to show just the timeline for displayed events, uses kernel-based thread profiling on Vista and higher for better performance, and includes a number of minor...
18 Sep 2009
Updates: Autoruns v11.34, ProcDump v5.0, Sigcheck v1.8, VMMap v3.11
Autoruns v11.34 : This release of Autoruns fixes a bug that caused it to not show some Internet Explorer extensions. ProcDump v5.0 : Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and...
12 Sep 2012
Updates: ProcDump v2.01, Autoruns v10.03, Process Monitor v2.93
ProcDump v2.01: ProcDump now generates a dump file name based on the date and time if no file name is specified, adds support for per-process performance counters, and reports in the dump comment for performance counter triggers the biggest CPU consuming thread. Autoruns v10.03: This update adds a...
30 Sep 2010
Updates: LiveKd v3.1, BgInfo v4.16, ProcDump v1.6, Autoruns v9.55 | New Marks Blog Post: Pushing the Limits of Windows: Handles | New video: Mark Talks About Windows 7 and Windows Server 2008 R2 at Intel Developer Forum
Mark’s Blog: Pushing the Limits of Windows: Handles : Mark’s latest post in his Pushing the Limits of Windows series goes inside the limits that affect handle usage. He explains the role of handles, describes how the system manages them, and shows you how to identify and debug handle leaks. Mark...
1 Oct 2009
Updates: ProcDump v3.0, AccessChk v5.01 and a new Mark's Blog Post
ProcDump v3.0: This update to ProcDump, a flexible command-line utility for capturing process dumps based on time, CPU, memory, or performance counter thresholds, adds a new dump type, Minidump Plus, that uses heuristics to create the equivalent of full dumps for very large processes, but with large...
9 Dec 2010
Updates: ProcDump v4.0, Process Monitor v2.96, Process Explorer v15.02, Mark’s Blog: The Case of the Hung Game Launcher, and Zero Day Malware Cleaning with the Sysinternals Tools
ProcDump v4.0 : This update for ProcDump, a trigger-based process dump capture utility, enables you to control the contents of the dump with your own minidump callback DLL and adds a new switch, -w, that has ProcDump wait for a specified process to start. Process Monitor v2.96 : This release changes...
17 Aug 2011
Updates: Zoomit 4.0, procdump v1.2
ZoomIt v4.0: In addition to minor bug fixes, this update to ZoomIt, a screen magnification and annotation tool, has significant improvements to the live zoom functionality that’s available on Vista and Windows 7. For example, it removes the shadow mouse, it uses a better mouse tracking algorithm and...
5 Aug 2009
Updates: AdExplorer v1.44, Contig v1.7, Coreinfo v3.2, Procdump v5.1
AdExplorer v1.44 : This release fixes a bug that caused AdExplorer to crash when it encountered corrupted extended rights schemas. Contig v1.7 : Contig is a command-line file defragmentation and fragmentation analysis utility. v1.7 has more detailed fragmentation analysis reporting, fixes a bug that...
16 Nov 2012
Updates: ProcDump v2.0, Process Monitor v2.92, and a new Mark's Blog Post
ProcDump v2.0: This major update to ProcDump, a tool that captures process dumps based on process CPU usage, memory consumption, and other behaviors, can now be configured to generate dumps based on the values of system performance counters. Process Monitor v2.92: This update adds a toolbar button...
30 Aug 2010
© 2014 Microsoft Corporation.
Privacy & Cookies