See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sysinternals Site Discussion
mark Russinovich live
sysinternals administrator's reference
TechEd North America
Zero Day Malware Cleaning
Browse by Tags
Sysinternals Site Discussion
Update: LiveKd v5.4, Autoruns v13.2, Sigcheck v2.2, Process Explorer v16.05
LiveKd v5.4 This update to Livekd, a tool that enables live kernel debugging for Windows systems and Hyper-V guest Windows virtual machines, now includes ‘live dump’ support for generating fast-snapshot crash-consistent kernel dump files using support introduced in Windows 8.1 and Windows...
10 Mar 2015
Updates: AccessChk v5.2; PsExec v2.11; Sigcheck v2.1; VMMap v3.12
AccessChk v5.2 : This release of AccessChk, a security command-line utility that reports the effective access and permissions of files, registry keys, processes, and more, adds support for file and printer shares. In addition, it adds filtering options for viewing accesses related to specified accounts...
2 May 2014
Updates: Process Explorer v16.02, Process Monitor v3.1, PSExec v2.1, Sigcheck v2.03
Process Explorer v16.02 : This minor update adds a refresh button to the thread’s stack dialog and ensures that the Virus Total terms of agreement dialog box remains above the main Process Explorer window. Process Monitor v.3.1 : This release adds registry create file disposition (create vs...
7 Mar 2014
Updates: Process Explorer v16.01, Sigcheck v2.02
Process Explorer v16.0 : This release fixes a bug that could cause a crash when the VirusTotal column is added to the process view, and another that could cause a crash when verifying digital signatures. Sigcheck 2.02 : This release fixes a bug that caused the –u switch to filter results incorrectly...
4 Feb 2014
Updates: AdExplorer v1.3, VMMap v2.6, Disk2vhd v1.5, LiveKd v3.14, Sigcheck v1.66
AdExplorer v1.3: This update to AdExplorer, an Active Directory editor, has major node expansion performance improvements and a number of minor bug fixes. VMMap v2.6: VMMap, a powerful process virtual and physical memory analysis tool, now shows both graphical and numeric breakdowns of private virtual...
3 Mar 2010
New: PsPing v1.0; Updates: DebugView v4.8, Process Explorer v15.23, Sigcheck v1.81
PsPing v1.0 : PsPing is a new Sysinternals PsTools command-line utility for measuring network performance. In addition to standard ICMP ping functionality, it can report the latency of connecting to TCP ports, the latency of TCP round-trip communication between systems, and the TCP bandwidth available...
4 Oct 2012
Updates: Autoruns v11.34, ProcDump v5.0, Sigcheck v1.8, VMMap v3.11
Autoruns v11.34 : This release of Autoruns fixes a bug that caused it to not show some Internet Explorer extensions. ProcDump v5.0 : Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and...
12 Sep 2012
Updates: Process Explorer v11.20, ZoomIt v2.0, Sigcheck v1.53, Handle v3.4 and introducing Sysinternals Live beta.
Sysinternals Live: We're excited to announce the beta of Sysinternals Live, a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as \\live...
28 May 2008
Updates: RAMMap v1.32, Sigcheck v2.01
RAMMap v1.32 : This fixes a bug in v1.30 that caused RAMMap to fail on Windows 8. Sigcheck v2.01 : This update fixes a bug in the handling of the -u option that sometimes resulted in Sigcheck reporting signed files.
1 Nov 2013
New: ShellRunas v1.0 Updates: Autoruns v9.13, Process Explorer v11.10, Sigcheck v1.52
ShellRunas v1.0: ShellRunas provides functionality similar to that of the Runas tool to launch programs as a different user via a convenient shell context-menu entry. This makes it more convenient than Runas for heavy Explorer users. Process Explorer v11.10: This Process Explorer update adds a number...
27 Feb 2008
Updates: PsExec v2.0, RAMMap v1.3, Sigcheck v2.0
PsExec v2.0 : PsExec, a popular utility for executing processes on remote systems, introduces a new option, -r, that specifies the name PsExec assigns to its remote service. This can improve performance when multiple users are interacting concurrently with a system, since each will have a dedicated PsExec...
23 Oct 2013
Updates: LiveKd v5.0 - and a related Mark's Blog post, Disk2vhd v1.63, Sigcheck v1.71
LiveKd v5.0: LiveKd, a tool that enables live kernel debugging of Windows systems, can now debug and generate kernel dump files of Hyper-V Windows virtual machines from the parent partition without having to boot the target virtual machine in debug mode. See Mark’s most recent blog post, “...
14 Oct 2010
Updates: VMMap v2.5, Disk2vhd v1.4; Sigcheck v1.63; Autoruns v9.57; PsExec v1.97; PsKill v1.13 and a new Mark's Windows Internals Session video from PDC 2009
Mark’s Windows Internals Session at the Professional Developer’s Conference, Part 1 Mark’s Windows Internals Session at the Professional Developer’s Conference, Part 2 : Mark dives deep to cover Windows 7 and Windows Server 2008 R2 kernel changes in his top-rated session from...
1 Dec 2009
Updates: Autoruns v11.41, Handle v3.51, Movefile v1.01, Procdump v5.13, Sigcheck v1.9
Autoruns v11.41 : This Autoruns update reports the hosting image target of link shortcut references. Handle v3.51 : This minor update to Handle, a command-line utility that dumps process handle tables, fixes a bug in its file share drive letter formatting. Movefile v1.01 : Movefile, a utility for...
24 Jan 2013
Updates: Disk2vhd v1.3, Sigcheck v1.61, Process Monitor v2.8, LiveKd v3.12 and a new Mark's blog post
NewSID Retirement and the Machine SID Duplication Myth: Mark’s latest blog post debunks the myth that having duplicate machine SIDs causes problems, explaining why the Sysinternals NewSID tool has been retired. Disk2vhd v1.3: This update to Disk2vhd makes more Windows XP and Windows Server 2003...
3 Nov 2009
Updates: Pendmoves v1.2, Process Explorer v15.3, Sigcheck v1.91, Zoomit v4.42
Pendmoves v1.2 : This update to Pendmoves adds support for 64-bit directories. Process Explorer v15.3 : This major Process Explorer release includes heat-map display for process CPU, private bytes, working set and GPU columns, sortable security groups in the process properties security page, and tooltip...
5 Feb 2013
Updates: ProcDump v1.7, AccessChk v4.24, Sigcheck v1.64, Desktops v1.01, LiveKd v3.13
ProcDump v1.7: This update to ProcDump, a command-line utility that will generate memory dumps of processes based on various selectable criteria, now supports periodic timed dumps as well as dumps based on virtual memory thresholds. AccessChk v4.24: AccessChk, a utility that shows effective security...
11 Jan 2010
Updates: Sigcheck v1.6, Strings v2.41, VMMap v1.01
Sigcheck v1.6: This update adds checking for .NET strong signatures and extends the output of the -i option, which shows the image signers, to also print the path of the catalog that stores a file's signature. Strings v2.41: This Strings update fixes a bug that sometimes resulted in the omission of...
2 Mar 2009
Updates: Autoruns v11.6, Procexp v15.31, Procmon v3.05, Sigcheck v1.92
Autoruns v11.6 : Autoruns is a utility for enumerating and disabling executables and DLLs configured to activate in dozens of autostart registration points. This update fixes some minor bugs and adds Authenticode SHA1 and SHA256 hash reporting to Autorunsc output. Sigcheck v1.92 : Sigcheck is a command...
4 Jun 2013
Updates: ProcDump v1.72, Desktops v1.02, Sigcheck v1.65, DiskView v2.3
ProcDump v1.72: This update changes the dump file date and time format to be ISO compliant and fixes a bug that prevented ProcDump from exiting when the process termination condition was active. Desktops v1.02: v 1.02 works around another issue that could prevent Alt+Tab from working on alternate...
19 Jan 2010
Updates: Process Monitor v2.0, ZoomIt v2.11, Sigcheck v1.54, Contig v1.55 | A new Mark's Blog post: The Case of the Sloooow System | New Vista Springboard webcast
Process Monitor v2.0: This major update to Process Monitor adds real-time TCP and UDP monitoring to its existing process, thread, DLL, file system and registry monitoring. You can now see the TCP and UDP activity processes performed, including the operation (e.g. connect, send, receive), local and remote...
30 Sep 2008
Updates: Autoruns v10, Process Explorer v12.04, Sigcheck v1.7, ProcDump v1.8 and a new Case of the Unexplained
Mark’s Blog: The Case of the Unexplained IE Crash - Mark goes on a detective hunt to find out the likely culprit of an IE crash he recently experienced. In the post, he shows how to find which process out of multiple running the same executable crashed and how to get additional information from...
8 Jun 2010
© 2015 Microsoft Corporation.
Privacy & Cookies