See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sysinternals Site Discussion
mark Russinovich live
sysinternals administrator's reference
TechEd North America
Zero Day Malware Cleaning
Browse by Tags
Sysinternals Site Discussion
Updates: Handle v4.0. Procdump v7.01, Procexp v16.04, Regjump v1.02, Autoruns v12.03
Handle v4 : Handle is a command-line utility that can show which processes have a handle to a file or other resource open, or show all open handles. Version 4 now works with standard-user rights, allowing standard users to identify the handles open by their processes. ProcDump v7.01 : This release...
12 Sep 2014
Updates: Autoruns v12.0, Procdump v7.0
Autoruns v12.0 : This release of Autoruns, a Windows application and command-line utility for viewing autostart entries, now reports the presence of batch file and executable image entries in the WMI database, a vector used by some types of malware. Procdump v7.0 : Procdump, a utility for capturing...
13 May 2014
Updates: Autoruns v11.5, Du (Disk Usage) v1.5, Procdump v5.14, Procmon v3.04, Ru (Registry Usage) v1.0
Autoruns v11.5 : This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved...
27 Mar 2013
Updates: TCPView v3.0, Autoruns v10.02, ProcDump v1.81, Disk2vhd v1.61
TCPView v3.0: This major update to TCPView, a TCP/UDP endpoint viewing utility, adds endpoint send and receive statistics by leveraging ETW when TCPView is run with administrative rights. It also breaks ports and addresses into separate columns. Autoruns v10.02: This update fixes a bug in Autorunsc...
22 Jul 2010
Updates: ZoomIt v4.2, Process Explorer v14.11, and ProcDump v3.04
ZoomIt v4.2 : This update to ZoomIt, a screen magnification and annotation utility, now adjusts the drawing pen size when you enter drawing mode from live zoom to match the static zoom pen size. Process Explorer v14.11 : Process Explorer v14.11 includes the ability to configure network and disk activity...
3 May 2011
Updates: DebugView v4.81, ProcDump v5.11, ZoomIt v4.4
DebugView v4.81 : Version 4.81 of DebugView, a utility that logs user and kernel-mode debug output messages, fixes a bug that could cause it on some executions to fail to capture debug output and enter a CPU-bound loop. ProcDump v5.11 : This release of ProcDump fixes a bug introduced in version 5...
4 Dec 2012
New Tool: ProcDump v1.0 | Updates: Autoruns v9.51, VMMap v2.1, PsExec v1.96 | Book released: Windows Internals 5th Edition Released!| Webcast: Case of the Unexplained 2009
Windows Internals 5th Edition Released! The 5 th Edition of Windows Internals , the official book on the architecture and internals of the Windows operating system, is now available. This release is 25% larger than the 4 th Edition and is updated to cover Windows Vista and Windows Server 2008. Visit...
1 Jul 2009
Updates: ProcDump v2.0, Process Monitor v2.92, and a new Mark's Blog Post
ProcDump v2.0: This major update to ProcDump, a tool that captures process dumps based on process CPU usage, memory consumption, and other behaviors, can now be configured to generate dumps based on the values of system performance counters. Process Monitor v2.92: This update adds a toolbar button...
30 Aug 2010
Updates: Autoruns v11.41, Handle v3.51, Movefile v1.01, Procdump v5.13, Sigcheck v1.9
Autoruns v11.41 : This Autoruns update reports the hosting image target of link shortcut references. Handle v3.51 : This minor update to Handle, a command-line utility that dumps process handle tables, fixes a bug in its file share drive letter formatting. Movefile v1.01 : Movefile, a utility for...
24 Jan 2013
Updates: Autoruns v11.4, ProcDump v5.12, SDelete v1.61
Autoruns v11.4 : Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug. Procdump v5.12 : This Procdump update fixes a bug introduced in v5.11 where it doesn’t save...
11 Jan 2013
Updates: ProcDump v1.7, AccessChk v4.24, Sigcheck v1.64, Desktops v1.01, LiveKd v3.13
ProcDump v1.7: This update to ProcDump, a command-line utility that will generate memory dumps of processes based on various selectable criteria, now supports periodic timed dumps as well as dumps based on virtual memory thresholds. AccessChk v4.24: AccessChk, a utility that shows effective security...
11 Jan 2010
Updates: ProcDump v1.71
ProcDump v1.71: This fixed a bug in the exception handling dump condition logic.
14 Jan 2010
Updates: Autoruns v9.53, ProcDump v1.3, Process Monitor v2.6 | New Mark's Blog post: The Case of the Temporary Registry Profiles | Download Windows Internals 5 sample chapter
Mark’s Blog: The Case of the Temporary Registry Profiles : In the latest post in Mark’s “Case of the Unexplained” series, he documents a perplexing case affecting many Microsoft and Citrix customers that Microsoft Customer Support Services solved with the use of Process Monitor’s boot logging and stack...
13 Aug 2009
Updates: ProcDump v1.72, Desktops v1.02, Sigcheck v1.65, DiskView v2.3
ProcDump v1.72: This update changes the dump file date and time format to be ISO compliant and fixes a bug that prevented ProcDump from exiting when the process termination condition was active. Desktops v1.02: v 1.02 works around another issue that could prevent Alt+Tab from working on alternate...
19 Jan 2010
Updates: Process Explorer v14.1, VMMap v3.03, ProcDump v3.03, and Zero Day is now Available!
Zero Day is Now Available! Mark’s first novel, a cyberthriller called Zero Day, is now available for order. If you like Sysinternals tools, Mark’s Case of the Unexplained blog posts, Michael Crichton and Tom Clancy, you’re sure to like Zero Day. Process Explorer v14.1: This update...
15 Mar 2011
Updates: ProcDump v3.02, Contig v1.6, TCPView v3.03 and a New Mark's Blog Post
ProcDump v3.02: This update to ProcDump, a command-line utility that can capture process dumps based on performance or behavioral triggers, adds more information to the minidump plus dump type, and ignores breakpoint exceptions unless overridden with the new -b switch. It also leverages the installed...
1 Feb 2011
Updates: Autoruns v10, Process Explorer v12.04, Sigcheck v1.7, ProcDump v1.8 and a new Case of the Unexplained
Mark’s Blog: The Case of the Unexplained IE Crash - Mark goes on a detective hunt to find out the likely culprit of an IE crash he recently experienced. In the post, he shows how to find which process out of multiple running the same executable crashed and how to get additional information from...
8 Jun 2010
Updates: ProcDump v1.4
Procdump v1.4: This fixes a bug introduced in v1.3 that broke compatibility with Windows XP and Windows Server 2003.
18 Aug 2009
Updates: Accesschk v5.11, Procdump v6.0, RAMMap v1.22, Strings v2.51
AccessChk v5.11 : AccessChk, a command line utility for dumping the effective permissions and security descriptors for files, registry keys, processes, tokens, object manager objects, now prefixes Windows 8 application container SIDs with the word “Package”, and includes several minor bug...
17 May 2013
Update ProcDump v3.01
ProcDump v3.01: This release fixes a bug that could cause ProcDump to crash when used with the miniplus dump option (-mp).
15 Dec 2010
Updates: Process Monitor v2.7, ProcDump v1.5, VMMap v2.3, Autoruns v9.54
Process Monitor v2.7 : This update to Process Monitor, a system monitoring utility, adds a new option to the process tree dialog that direct it to show just the timeline for displayed events, uses kernel-based thread profiling on Vista and higher for better performance, and includes a number of minor...
18 Sep 2009
Updates: Autoruns v11.34, ProcDump v5.0, Sigcheck v1.8, VMMap v3.11
Autoruns v11.34 : This release of Autoruns fixes a bug that caused it to not show some Internet Explorer extensions. ProcDump v5.0 : Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and...
12 Sep 2012
Updates: ProcDump v2.01, Autoruns v10.03, Process Monitor v2.93
ProcDump v2.01: ProcDump now generates a dump file name based on the date and time if no file name is specified, adds support for per-process performance counters, and reports in the dump comment for performance counter triggers the biggest CPU consuming thread. Autoruns v10.03: This update adds a...
30 Sep 2010
Updates: LiveKd v3.1, BgInfo v4.16, ProcDump v1.6, Autoruns v9.55 | New Marks Blog Post: Pushing the Limits of Windows: Handles | New video: Mark Talks About Windows 7 and Windows Server 2008 R2 at Intel Developer Forum
Mark’s Blog: Pushing the Limits of Windows: Handles : Mark’s latest post in his Pushing the Limits of Windows series goes inside the limits that affect handle usage. He explains the role of handles, describes how the system manages them, and shows you how to identify and debug handle leaks. Mark...
1 Oct 2009
Updates: ProcDump v3.0, AccessChk v5.01 and a new Mark's Blog Post
ProcDump v3.0: This update to ProcDump, a flexible command-line utility for capturing process dumps based on time, CPU, memory, or performance counter thresholds, adds a new dump type, Minidump Plus, that uses heuristics to create the equivalent of full dumps for very large processes, but with large...
9 Dec 2010
© 2014 Microsoft Corporation.
Privacy & Cookies