See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sysinternals Site Discussion
mark Russinovich live
sysinternals administrator's reference
TechEd North America
Zero Day Malware Cleaning
Browse by Tags
Sysinternals Site Discussion
Update: LiveKd v5.4, Autoruns v13.2, Sigcheck v2.2, Process Explorer v16.05
LiveKd v5.4 This update to Livekd, a tool that enables live kernel debugging for Windows systems and Hyper-V guest Windows virtual machines, now includes ‘live dump’ support for generating fast-snapshot crash-consistent kernel dump files using support introduced in Windows 8.1 and Windows...
10 Mar 2015
Updates: Handle v4.0. Procdump v7.01, Procexp v16.04, Regjump v1.02, Autoruns v12.03
Handle v4 : Handle is a command-line utility that can show which processes have a handle to a file or other resource open, or show all open handles. Version 4 now works with standard-user rights, allowing standard users to identify the handles open by their processes. ProcDump v7.01 : This release...
12 Sep 2014
New: Sysmon v1.0; Updates: Autoruns v12.01, Coreinfo v3.3, Procexp v16.03
Sysmon v1.0 : We’re excited to announce Sysmon, a new Sysinternals utility that monitors and reports key system activity via the Windows event log, including detailed information about process creation, network connections and file creation timestamp changes. With Sysmon installed on your systems...
8 Aug 2014
Updates: Process Explorer v16.02, Process Monitor v3.1, PSExec v2.1, Sigcheck v2.03
Process Explorer v16.02 : This minor update adds a refresh button to the thread’s stack dialog and ensures that the Virus Total terms of agreement dialog box remains above the main Process Explorer window. Process Monitor v.3.1 : This release adds registry create file disposition (create vs...
7 Mar 2014
Updates: Process Explorer v16.01, Sigcheck v2.02
Process Explorer v16.0 : This release fixes a bug that could cause a crash when the VirusTotal column is added to the process view, and another that could cause a crash when verifying digital signatures. Sigcheck 2.02 : This release fixes a bug that caused the –u switch to filter results incorrectly...
4 Feb 2014
Updates: Process Explorer v16.0, PsPing v2.01
Process Explorer v16.0 : Thanks to collaboration with the team at VirusTotal, this Process Explorer update introduces integration with VirusTotal.com, an online antivirus analysis service. When enabled, Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal...
29 Jan 2014
Updates: Process Explorer v11.3, Handle v3.42 | A new Mark's blog post | 2 New Mark's webcasts: Case of the Unexplained and Inside Windows Server 2008 R2 Virtualization and VHD Improvements
Process Explorer v11.3: This update to Process Explorer includes numerous enhancements and bug fixes, including a physical memory history graph, options to configure memory tray icons, asyncronous thread symbol resolution and security ID lookup, dynamic recognition of new volume drive letters, multiple...
19 Nov 2008
Updates: Coreinfo v3, DebugView v4.77, SDelete v1.6, and Process Explorer v15.04
Coreinfo v3 : Coreinfo is a command-line utility that reports detailed information about processor cores and topology, including cache sizes, core-to-socket mappings and NUMA memory latencies. It now shows the processor features supported by the system’s processors. For example, Coreinfo will show...
2 Sep 2011
Updates: release of The Windows Sysinternals Administrator's Reference, Process Explorer v15, Listdlls v3.1, new utility Findlinks v1, and Mark to Speak at Black Hat US 2011
The Windows Sysinternals Administrator's Reference : We are excited and proud to announce the release of the official Sysinternals book, The Windows Sysinternals Administrator's Reference, from Microsoft Press. Written by Sysinternals founder and tool author Mark Russinovich, and Windows expert Aaron...
18 Jul 2011
Updates: Process Explorer 11.11
Process Explorer v11.11: Fixes a bug in the driver that could cause a crash when viewing the handle table of a process that exits.
28 Feb 2008
Autoruns v11.70, Bginfo v4.20, Disk2vhd v1.64, Process Explorer v15.40
Autoruns v11.70 : This release of Autoruns, a powerful utility for scanning and disabling autostart code, adds a new option to have it show only per-user locations, something that is useful when analyzing the autostarts of different accounts than the one that Autoruns is running under. Bginfo v4.20...
2 Aug 2013
Updates: Process Explorer v15.2, Testlimit v5.21, Pskill v1.14
Process Explorer v15.2 : This major update to Process Explorer, a Task Manager replacement, merges Autoruns functionality by adding a new Autostart Location column and property to the process and DLL views that indicates where an image is configured to automatically start or load. It also adds .NET stack...
7 Jun 2012
Updates: Process Explorer v15.01 and TCPView v3.05
Process Explorer v15.01 : This update adds the ability to select a custom graph background color, adds paged and nonpaged pool quota columns to the process view, fixes incorrect information on the disk and network process properties dialog on 32-bit Windows, and fixes a GPU tray icon bug. TCPView...
25 Jul 2011
Updates: Autoruns v11.32, Process Explorer v15.21, Process Monitor v3.02, PSKill v1.15, RAMMap v1.2
Autoruns v11.32 : This update fixes a bug that prevented Autoruns from correctly elevating when the Run as Administrator option is selected. Process Explorer v15.21 : This update fixes a bug related to the autostart functionality introduced in v15.2, a tooltip display bug, and a bug that prevented...
28 Jun 2012
Updates: Process Explorer v12.01
Process Explorer v12.01: This update fixes a bug that prevented DEP status being shown on Windows XP and the threads page of the process properties dialog from showing service names on Windows Vista.
1 Apr 2010
Updates: ZoomIt v4.2, Process Explorer v14.11, and ProcDump v3.04
ZoomIt v4.2 : This update to ZoomIt, a screen magnification and annotation utility, now adjusts the drawing pen size when you enter drawing mode from live zoom to match the static zoom pen size. Process Explorer v14.11 : Process Explorer v14.11 includes the ability to configure network and disk activity...
3 May 2011
Updates: Process Explorer v12, VMMap v2.62, DiskView v2.4
Process Explorer v12: This Process Explorer release includes several significant new features, including the showing the web hosted in IE8 processes in the process tooltip, display of a svchost’s service host category in its tooltip, mapping of service names to threads on the threads tab and TCP/IP tabs...
25 Mar 2010
Updates: Process Explorer v11.12, Process Monitor v1.30, Handle v3.31, and a new blog post from Mark
Process Explorer v11.12: This update includes a number of minor enhancements and bug fixes, including support for tracking commit and non-paged pool limits. Process Monitor v1.30: This major update adds support for importing and exporting filters, records system information in log files, presents...
8 Apr 2008
Updates: Process Monitor v2.03, Autoruns v9.36, Disk Usage v1.33, Process Explorer v11.31
Process Monitor v2.03: This update to Process Monitor, a real-time file, registry, process and network monitor, adds the ability to import and export configuration settings, shows an icon in the operations column depicting the event class of the operation, and fixes a symbol configuration bug on Windows...
11 Dec 2008
Updates: Pendmoves v1.2, Process Explorer v15.3, Sigcheck v1.91, Zoomit v4.42
Pendmoves v1.2 : This update to Pendmoves adds support for 64-bit directories. Process Explorer v15.3 : This major Process Explorer release includes heat-map display for process CPU, private bytes, working set and GPU columns, sortable security groups in the process properties security page, and tooltip...
5 Feb 2013
Update: Process Explorer v12.03
Process Explorer v12.03: This update revs the driver name so that it is used even when the previous driver is already loaded.
15 Apr 2010
Updates: VMMap v3.1, RAMMap v1.11, Handle v3.46, Process Explorer v14.12 and Mark’s Blog: Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 3
VMMap v3.1 : VMMap, a process virtual and physical memory analyzer, now shows the ASLR status of images and reports “unusable” virtual memory regions. RAMMap v1.11 : This update to RAMMap, a system memory usage analyzer, adds command-line options for loading files and exporting scans...
18 May 2011
New: PsPing v1.0; Updates: DebugView v4.8, Process Explorer v15.23, Sigcheck v1.81
PsPing v1.0 : PsPing is a new Sysinternals PsTools command-line utility for measuring network performance. In addition to standard ICMP ping functionality, it can report the latency of connecting to TCP ports, the latency of TCP round-trip communication between systems, and the TCP bandwidth available...
4 Oct 2012
Updates: Process Explorer v11.33, Autoruns v9.39, ZoomIt v3.02
Process Explorer v11.33: This update fixes a bug where the history graph tooltips could display the wrong data point and reduces the memory footprint of the structures that store graph history. Autoruns v9.39: This Autoruns update fixes a couple of minor bugs and adds a new Windows 7 location. ...
5 Feb 2009
Updates: Process Explorer v11.20, ZoomIt v2.0, Sigcheck v1.53, Handle v3.4 and introducing Sysinternals Live beta.
Sysinternals Live: We're excited to announce the beta of Sysinternals Live, a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as \\live...
28 May 2008
© 2015 Microsoft Corporation.
Privacy & Cookies