See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Compatability & Converters
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sysinternals Site Discussion
mark Russinovich live
sysinternals administrator's reference
TechEd North America
Zero Day Malware Cleaning
Browse by Tags
Sysinternals Site Discussion
Updates: Sigcheck v1.6, Strings v2.41, VMMap v1.01
Sigcheck v1.6: This update adds checking for .NET strong signatures and extends the output of the -i option, which shows the image signers, to also print the path of the catalog that stores a file's signature. Strings v2.41: This Strings update fixes a bug that sometimes resulted in the omission of...
2 Mar 2009
Updates: Process Explorer v14.1, VMMap v3.03, ProcDump v3.03, and Zero Day is now Available!
Zero Day is Now Available! Mark’s first novel, a cyberthriller called Zero Day, is now available for order. If you like Sysinternals tools, Mark’s Case of the Unexplained blog posts, Michael Crichton and Tom Clancy, you’re sure to like Zero Day. Process Explorer v14.1: This update...
15 Mar 2011
Updates: VMMap v3.1, RAMMap v1.11, Handle v3.46, Process Explorer v14.12 and Mark’s Blog: Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 3
VMMap v3.1 : VMMap, a process virtual and physical memory analyzer, now shows the ASLR status of images and reports “unusable” virtual memory regions. RAMMap v1.11 : This update to RAMMap, a system memory usage analyzer, adds command-line options for loading files and exporting scans...
18 May 2011
Updates: AdExplorer v1.3, VMMap v2.6, Disk2vhd v1.5, LiveKd v3.14, Sigcheck v1.66
AdExplorer v1.3: This update to AdExplorer, an Active Directory editor, has major node expansion performance improvements and a number of minor bug fixes. VMMap v2.6: VMMap, a powerful process virtual and physical memory analysis tool, now shows both graphical and numeric breakdowns of private virtual...
3 Mar 2010
Updates: VMMap v3.02, WinObj v2.22 and an Interview - Mark on Channel 9 Cloud Cover
Mark on Channel 9 Cloud Cover: Check out the most recent Cloud Cover episode, where Mark is the guest and he talks about the Windows Azure fabric controller, cyber terrorism and his novel, Zero Day. VMMap v3.02: This release fixes several bugs. WinObj v2.22: A number of bugs, including on affecting...
14 Feb 2011
Updates: Process Monitor v2.7, ProcDump v1.5, VMMap v2.3, Autoruns v9.54
Process Monitor v2.7 : This update to Process Monitor, a system monitoring utility, adds a new option to the process tree dialog that direct it to show just the timeline for displayed events, uses kernel-based thread profiling on Vista and higher for better performance, and includes a number of minor...
18 Sep 2009
Updates: Autoruns v11.34, ProcDump v5.0, Sigcheck v1.8, VMMap v3.11
Autoruns v11.34 : This release of Autoruns fixes a bug that caused it to not show some Internet Explorer extensions. ProcDump v5.0 : Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and...
12 Sep 2012
Update: VMMap v3.01
VMMap v3.01: This release fixes a bug that caused tracing to fail on 32-bit Windows and a bug that prevented VMMap from running on 32-bit Windows XP.
1 Nov 2010
Update: VMMap v3.0
VMMap v3.0: This major update to VMMap, an advanced process memory-analysis utility, now shows locked virtual memory, records multiple memory snapshots, and has a timeline view that enables you to load older snapshots into the main view and compare any two snapshots from a given execution. In addition...
28 Oct 2010
Updates: VMMap v2.0, ClockRes v2.0
VMMap v2.0 : VMMap now breaks out information on memory used by the .NET CLR, enabling detailed memory analysis of managed applications. ClockRes v2.0 : This update to Clockres, a system utility that reports the frequency of the system clock, now shows the upper and lower resolution of the system...
4 Jun 2009
Updates: VMMap v2.5, Disk2vhd v1.4; Sigcheck v1.63; Autoruns v9.57; PsExec v1.97; PsKill v1.13 and a new Mark's Windows Internals Session video from PDC 2009
Mark’s Windows Internals Session at the Professional Developer’s Conference, Part 1 Mark’s Windows Internals Session at the Professional Developer’s Conference, Part 2 : Mark dives deep to cover Windows 7 and Windows Server 2008 R2 kernel changes in his top-rated session from...
1 Dec 2009
Updates: VMMap v2.61
VMMap v2.61: This fixes a minor bug in the calculation of the Unknown category total.
8 Mar 2010
Updates: Process Monitor v2.04, TCPView v2.54, VMMap v1.02, Testlimit v5.01, and Notmyfault
Process Monitor v2.04: This update shows file mapping operations in basic mode, adds more translations of error numbers to text, fixes a bug that limited support for more boot log files larger than 4GB, and displays version numbers using the same formatting as Windows. TCPView v2.54: F ixes bugs...
17 Mar 2009
Updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4
Disk2vhd v1.1: Disk2vhd now supports command-line options for automation and fixes a bug that could result in an “invalid user buffer” error during a conversion. ZoomIt v4.1: ZoomIt is a screen magnification and annotation utility that’s useful for technical presentations. With this...
21 Oct 2009
Updates: VMMap v1.1, Active Directory Explorer v1.2
VMMap v1.1 This update to VMMap, an advanced process memory analysis tool, makes it easy to view the changes between subsequent refreshes. Using the new “show changes” option enables you to measure the impact of specific application functionality by comparing memory usage before and after the functionality...
22 Apr 2009
Updates: Process Explorer v12, VMMap v2.62, DiskView v2.4
Process Explorer v12: This Process Explorer release includes several significant new features, including the showing the web hosted in IE8 processes in the process tooltip, display of a svchost’s service host category in its tooltip, mapping of service names to threads on the threads tab and TCP/IP tabs...
25 Mar 2010
New Tool: VMMap v1.0 | Mark speaking at Microsoft TechEd 2009
VMMap v1.0: VMMap is a new utility for analyzing process address spaces and working sets. Aimed primarily at developers, its detailed graphical and textual breakdown of exactly what types of memory contribute to a process’s memory footprint make it a powerful performance analysis and tuning tool. ...
23 Feb 2009
New Tool: ProcDump v1.0 | Updates: Autoruns v9.51, VMMap v2.1, PsExec v1.96 | Book released: Windows Internals 5th Edition Released!| Webcast: Case of the Unexplained 2009
Windows Internals 5th Edition Released! The 5 th Edition of Windows Internals , the official book on the architecture and internals of the Windows operating system, is now available. This release is 25% larger than the 4 th Edition and is updated to cover Windows Vista and Windows Server 2008. Visit...
1 Jul 2009
© 2014 Microsoft Corporation.
Privacy & Cookies