See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sysinternals Site Discussion
mark Russinovich live
sysinternals administrator's reference
TechEd North America
Zero Day Malware Cleaning
Browse by Tags
Sysinternals Site Discussion
Update: Sysmon v3.0, Autornus v13.3, Regjump v1.1, Process Monitor v3.11
Sysmon v3.0 This release of Sysmon, an advanced background monitor that records process-related activity to the event log for use in intrusion detection and forensics, adds the process name to process terminate events, reports remote thread creation events, and improves the simplicity and flexibility...
21 Apr 2015
Updates: Process Explorer v16.02, Process Monitor v3.1, PSExec v2.1, Sigcheck v2.03
Process Explorer v16.02 : This minor update adds a refresh button to the thread’s stack dialog and ensures that the Virus Total terms of agreement dialog box remains above the main Process Explorer window. Process Monitor v.3.1 : This release adds registry create file disposition (create vs...
7 Mar 2014
Updates: ListDLLs v3.0, Handle v3.43, and Process Monitor v2.94
ListDLLs v3.0: This update to ListDLLs, a command-line utility for listing the DLLs that processes have loaded, is compatible with 64-bit processes and includes a number of bug fixes. Handle v3.43: Handle is a command-line utility for displaying the kernel handles processes have open. V3.43 shows...
17 Jan 2011
Updates: Process Monitor v2.7, ProcDump v1.5, VMMap v2.3, Autoruns v9.54
Process Monitor v2.7 : This update to Process Monitor, a system monitoring utility, adds a new option to the process tree dialog that direct it to show just the timeline for displayed events, uses kernel-based thread profiling on Vista and higher for better performance, and includes a number of minor...
18 Sep 2009
Updates: ProcDump v2.01, Autoruns v10.03, Process Monitor v2.93
ProcDump v2.01: ProcDump now generates a dump file name based on the date and time if no file name is specified, adds support for per-process performance counters, and reports in the dump comment for performance counter triggers the biggest CPU consuming thread. Autoruns v10.03: This update adds a...
30 Sep 2010
Updates: Process Monitor v2.9, Process Explorer v12.02, Testlimit v5.02 | A new Mark's blog post and Mark to speak at the Windows Summit and TechEd US
Process Monitor v2.9: This update to Process Monitor adds translations for more error codes, the ability to disable individual filter entries, and a debugging API so that developers can insert debug output into the Process Monitor event stream (John Robbins has implemented helper classes for generating...
15 Apr 2010
Updates: ZoomIt v2.10, Process Monitor v1.34, BgInfo v4.13
ZoomIt v2.10: Includes a zoom-out effect when you exit zoom mode and enables you to specify a background bitmap for the break timer. Process Monitor v1.34: This update adds the ability to filter on result values. BgInfo v4.13: Now displays correct version information for Windows Server 2008.
24 Jun 2008
Updates: Autoruns v9.53, ProcDump v1.3, Process Monitor v2.6 | New Mark's Blog post: The Case of the Temporary Registry Profiles | Download Windows Internals 5 sample chapter
Mark’s Blog: The Case of the Temporary Registry Profiles : In the latest post in Mark’s “Case of the Unexplained” series, he documents a perplexing case affecting many Microsoft and Citrix customers that Microsoft Customer Support Services solved with the use of Process Monitor’s boot logging and stack...
13 Aug 2009
Updates: Autoruns v11.6, Procexp v15.31, Procmon v3.05, Sigcheck v1.92
Autoruns v11.6 : Autoruns is a utility for enumerating and disabling executables and DLLs configured to activate in dozens of autostart registration points. This update fixes some minor bugs and adds Authenticode SHA1 and SHA256 hash reporting to Autorunsc output. Sigcheck v1.92 : Sigcheck is a command...
4 Jun 2013
Updates: Process Monitor v2.0, ZoomIt v2.11, Sigcheck v1.54, Contig v1.55 | A new Mark's Blog post: The Case of the Sloooow System | New Vista Springboard webcast
Process Monitor v2.0: This major update to Process Monitor adds real-time TCP and UDP monitoring to its existing process, thread, DLL, file system and registry monitoring. You can now see the TCP and UDP activity processes performed, including the operation (e.g. connect, send, receive), local and remote...
30 Sep 2008
Updates: Handle v3.5, Process Explorer v15.22, Process Monitor v3.03, RAMMap v1.21, ZoomIt v4.3
Handle v3.5 : This update to Handle, a command-line utility that lists open handles, uses the most recent Process Explorer driver so that it now resolves system process handles and types. Process Explorer v15.22 : This release addresses a bug that caused Process Explorer to crash when viewing .NET...
16 Jul 2012
Updates: Coreinfo v2.1, Process Monitor v2.91, Disk Usage v1.34 and a book Making it Big in Software
Coreinfo v2.1: Memory access from a processor to memory on remote NUMA nodes takes longer than local-node memory accesses. In addition to dumping NUMA topology information, Coreinfo now measures and displays the internode access costs on NUMA systems. Process Monitor v2.91: This update to Process...
19 May 2010
Updates: Process Monitor v1.37, Handle v3.41, Process Explorer v11.21, DebugView 4.75 | Mark's Events: Keynote speaker at Virtualization Congress
Process Monitor v1.37: Process Monitor, a system monitoring utility, now prevents you from inadvertently closing the filter dialog without saving edits and fixes a subtle race condition bug in the driver. Handle v3.41: Handle, a command-line tool for dumping information on open operating system handles...
8 Aug 2008
Updates: Autoruns v9.2, Process Monitor v1.33, AccessChk v4.1
Autoruns v9.2: In order to better support assisted troubleshooting, Autoruns - an autostart analyzer - now exports and imports scan results to enable viewing results on other systems, adds support for enabling and deleting Winsock notification DLLs, and fixes a number of 64-bit Windows issues. Process...
12 May 2008
Updates: ProcDump v4.0, Process Monitor v2.96, Process Explorer v15.02, Mark’s Blog: The Case of the Hung Game Launcher, and Zero Day Malware Cleaning with the Sysinternals Tools
ProcDump v4.0 : This update for ProcDump, a trigger-based process dump capture utility, enables you to control the contents of the dump with your own minidump callback DLL and adds a new switch, -w, that has ProcDump wait for a specified process to start. Process Monitor v2.96 : This release changes...
17 Aug 2011
Updates: Autoruns v9.35, Process Monitor v2.01, DebugView v4.76, AccessChk v4.21
Autoruns v9.35: This Autoruns update adds additional autostart locations, including lsastart, s0initialization, savedumpstart, and servicecontrollerstart, and fixes serveral bugs. Process Monitor v2.01: This release fixes several bugs, including compatibility with Windows 2000, excessive exit delays...
17 Oct 2008
Updates: ProcDump v2.0, Process Monitor v2.92, and a new Mark's Blog Post
ProcDump v2.0: This major update to ProcDump, a tool that captures process dumps based on process CPU usage, memory consumption, and other behaviors, can now be configured to generate dumps based on the values of system performance counters. Process Monitor v2.92: This update adds a toolbar button...
30 Aug 2010
Updates: Process Monitor v2.04, TCPView v2.54, VMMap v1.02, Testlimit v5.01, and Notmyfault
Process Monitor v2.04: This update shows file mapping operations in basic mode, adds more translations of error numbers to text, fixes a bug that limited support for more boot log files larger than 4GB, and displays version numbers using the same formatting as Windows. TCPView v2.54: F ixes bugs...
17 Mar 2009
Updates: AccessChk v 5.03, Autoruns & Autorunsc v 11.22, ProcMon v 3.0, PsList v 1.3
Accesschk v5.03 : The -l switch, which has AccessChk show detailed security descriptor information, now reports the object owner as well as security descriptor flags. Autoruns v11.22 : This release of Autoruns fixes a bug in the XML output structure, jump-to-folder functionality for scheduled task...
26 Mar 2012
Updates: Autoruns v11.32, Process Explorer v15.21, Process Monitor v3.02, PSKill v1.15, RAMMap v1.2
Autoruns v11.32 : This update fixes a bug that prevented Autoruns from correctly elevating when the Run as Administrator option is selected. Process Explorer v15.21 : This update fixes a bug related to the autostart functionality introduced in v15.2, a tooltip display bug, and a bug that prevented...
28 Jun 2012
Updates: Process Monitor v1.35
Process Monitor v1.35: This fixes a bug introduced in v1.34 that prevented Process Monitor's driver from loading on Windows 2000.
26 Jun 2008
Updates: Autoruns v11.5, Du (Disk Usage) v1.5, Procdump v5.14, Procmon v3.04, Ru (Registry Usage) v1.0
Autoruns v11.5 : This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved...
27 Mar 2013
Updates: Process Monitor v2.95, TCPView v3.04, Autoruns v10.07, and a new blog post and webcast from Mark.
Process Monitor v2.95 : This update to Process Monitor reports the write-through flag on file I/O, shows DLL version information on the process page of the event properties dialog, automatically launches the correct version of Process Monitor to match the bitness (32 or 64) of a logfile, and fixes several...
13 Apr 2011
Updates: Process Explorer v11.12, Process Monitor v1.30, Handle v3.31, and a new blog post from Mark
Process Explorer v11.12: This update includes a number of minor enhancements and bug fixes, including support for tracking commit and non-paged pool limits. Process Monitor v1.30: This major update adds support for importing and exporting filters, records system information in log files, presents...
8 Apr 2008
Updates: Process Monitor v2.03, Autoruns v9.36, Disk Usage v1.33, Process Explorer v11.31
Process Monitor v2.03: This update to Process Monitor, a real-time file, registry, process and network monitor, adds the ability to import and export configuration settings, shows an icon in the operations column depicting the event class of the operation, and fixes a symbol configuration bug on Windows...
11 Dec 2008
© 2015 Microsoft Corporation.
Privacy & Cookies