Autoruns v11.34 : This release of Autoruns fixes a bug that caused it to not show some Internet Explorer extensions. ProcDump v5.0 : Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and...

VMMap v3.1 : VMMap, a process virtual and physical memory analyzer, now shows the ASLR status of images and reports “unusable” virtual memory regions. RAMMap v1.11 : This update to RAMMap, a system memory usage analyzer, adds command-line options for loading files and exporting scans,...

Zero Day is Now Available! Mark’s first novel, a cyberthriller called Zero Day, is now available for order. If you like Sysinternals tools, Mark’s Case of the Unexplained blog posts, Michael Crichton and Tom Clancy, you’re sure to like Zero Day. Process Explorer v14.1: This update...

Mark on Channel 9 Cloud Cover: Check out the most recent Cloud Cover episode, where Mark is the guest and he talks about the Windows Azure fabric controller, cyber terrorism and his novel, Zero Day. VMMap v3.02: This release fixes several bugs. WinObj v2.22: A number of bugs, including on affecting...

VMMap v3.01: This release fixes a bug that caused tracing to fail on 32-bit Windows and a bug that prevented VMMap from running on 32-bit Windows XP.

VMMap v3.0: This major update to VMMap, an advanced process memory-analysis utility, now shows locked virtual memory, records multiple memory snapshots, and has a timeline view that enables you to load older snapshots into the main view and compare any two snapshots from a given execution. In addition...

Process Explorer v12: This Process Explorer release includes several significant new features, including the showing the web hosted in IE8 processes in the process tooltip, display of a svchost’s service host category in its tooltip, mapping of service names to threads on the threads tab and TCP/IP tabs...

VMMap v2.61: This fixes a minor bug in the calculation of the Unknown category total.

AdExplorer v1.3: This update to AdExplorer, an Active Directory editor, has major node expansion performance improvements and a number of minor bug fixes. VMMap v2.6: VMMap, a powerful process virtual and physical memory analysis tool, now shows both graphical and numeric breakdowns of private virtual...

Mark’s Windows Internals Session at the Professional Developer’s Conference, Part 1 Mark’s Windows Internals Session at the Professional Developer’s Conference, Part 2 : Mark dives deep to cover Windows 7 and Windows Server 2008 R2 kernel changes in his top-rated session from...

Disk2vhd v1.1: Disk2vhd now supports command-line options for automation and fixes a bug that could result in an “invalid user buffer” error during a conversion. ZoomIt v4.1: ZoomIt is a screen magnification and annotation utility that’s useful for technical presentations. With this...

Process Monitor v2.7 : This update to Process Monitor, a system monitoring utility, adds a new option to the process tree dialog that direct it to show just the timeline for displayed events, uses kernel-based thread profiling on Vista and higher for better performance, and includes a number of minor...

Windows Internals 5th Edition Released! The 5 th Edition of Windows Internals , the official book on the architecture and internals of the Windows operating system, is now available. This release is 25% larger than the 4 th Edition and is updated to cover Windows Vista and Windows Server 2008. Visit...

VMMap v2.0 : VMMap now breaks out information on memory used by the .NET CLR, enabling detailed memory analysis of managed applications. ClockRes v2.0 : This update to Clockres, a system utility that reports the frequency of the system clock, now shows the upper and lower resolution of the system...

VMMap v1.1 This update to VMMap, an advanced process memory analysis tool, makes it easy to view the changes between subsequent refreshes. Using the new “show changes” option enables you to measure the impact of specific application functionality by comparing memory usage before and after the functionality...

Process Monitor v2.04: This update shows file mapping operations in basic mode, adds more translations of error numbers to text, fixes a bug that limited support for more boot log files larger than 4GB, and displays version numbers using the same formatting as Windows. TCPView v2.54: F ixes bugs...

Sigcheck v1.6: This update adds checking for .NET strong signatures and extends the output of the -i option, which shows the image signers, to also print the path of the catalog that stores a file's signature. Strings v2.41: This Strings update fixes a bug that sometimes resulted in the omission of...

VMMap v1.0: VMMap is a new utility for analyzing process address spaces and working sets. Aimed primarily at developers, its detailed graphical and textual breakdown of exactly what types of memory contribute to a process’s memory footprint make it a powerful performance analysis and tuning tool. ...