Mark's Blog

Mark Russinovich's technical blog covering topics such as Windows troubleshooting, technologies and security.

Hunting Down and Killing Ransomware

Scareware, a type of malware that mimics antimalware software, has been around for a decade and...

Author: Mark Russinovich Date: 01/02/2013

Windows Azure Host Updates: Why, When, and How

Windows Azure’s compute platform, which includes Web Roles, Worker Roles, and Virtual Machines, is...

Author: Mark Russinovich Date: 08/22/2012

Announcing Trojan Horse, the Novel!

Many of you have read Zero Day, my first novel. It’s a cyberthriller that features Jeff Aiken...

Author: Mark Russinovich Date: 05/06/2012

The Case of My Mom’s Broken Microsoft Security Essentials Installation

As a reader of this blog I suspect that you, like me, are the IT support staff for your family and...

Author: Mark Russinovich Date: 01/03/2012

The Case of the Installer Service Error

This case unfolds with a network administrator charged with the rollout of the Microsoft Windows...

Author: Mark Russinovich Date: 11/27/2011

Fixing Disk Signature Collisions

Disk cloning has become common as IT professionals virtualize physical servers using tools like...

Author: Mark Russinovich Date: 11/06/2011

The Case of the Mysterious Reboots

This case opens when a Sysinternals power user, who also works as a system administrator at a large...

Author: Mark Russinovich Date: 10/02/2011

Troubleshooting with the New Sysinternals Administrator’s Reference

Aaron Margosis and I are thrilled to announce that the long awaited, and some say long overdue,...

Author: Mark Russinovich Date: 07/03/2011

The Zero Day Book Trailer

I just got back the finished version of the video trailer for my new cyber thriller Zero Day, which...

Author: Mark Russinovich Date: 05/03/2011

Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 3

In the first post of this series, I used Autoruns, Process Explorer and VMMap to statically analyze...

Author: Mark Russinovich Date: 04/17/2011

Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 2

In Part 1 I began my investigation of an example infection of the infamous Stuxnet worm with the...

Author: Mark Russinovich Date: 04/15/2011

Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1

Though I didn’t realize what I was seeing, Stuxnet first came to my attention on July 5 last summer...

Author: Mark Russinovich Date: 03/26/2011

Zero Day is Here!

I’m excited to announce that my first novel, a cyber thriller entitled Zero Day, is now available at...

Author: Mark Russinovich Date: 03/13/2011

The Case of the Unusable System

This post continues in the malware hunting theme of the last couple of posts as Zero Day...

Author: Mark Russinovich Date: 03/13/2011

The Case of the Sysinternals-Blocking Malware

Continuing the theme of focusing on malware-related cases (last week I posted The Case of the...

Author: Mark Russinovich Date: 03/06/2011

The Case of the Malicious Autostart

Given that my novel, Zero Day, will be published in a few weeks and is based on malware’s use as a...

Author: Mark Russinovich Date: 02/26/2011

Announcing Zero Day, the Novel!

You’ve seen the news if you’re my friend on Facebook, follow me on Twitter, or subscribe...

Author: Mark Russinovich Date: 01/18/2011

“Blue Screens” in Designer Colors with One Click

My last blog post described how to use local kernel debugging to change the colors of the Windows...

Author: Mark Russinovich Date: 01/09/2011

A Bluescreen By Any Other Color

Note: for an easier way to customize the blue screen’s colors, see my next blog post, “Blue Screens...

Author: Mark Russinovich Date: 12/13/2010

The Cases of the Blue Screens: Finding Clues in a Crash Dump and on the Web

My last couple of posts have looked at the lighter side of blue screens by showing you how to...

Author: Mark Russinovich Date: 12/12/2010

The Case of the Slow Project File Opens

If you’ve seen one of my Case of the Unexplained presentations (like the one I delivered at TechEd...

Author: Mark Russinovich Date: 12/06/2010

LiveKd for Virtual Machine Debugging

When Dave Solomon and I were writing the 3rd edition of the Windows Internals book series Inside...

Author: Mark Russinovich Date: 10/09/2010

The Case of the Random IE Crash

While I long for the day when I no longer experience the effects of buggy software, there’s...

Author: Mark Russinovich Date: 06/01/2010

The Case of the Printing Failure

The most interesting cases I receive are those that demonstrate a unique troubleshooting technique...

Author: Mark Russinovich Date: 04/12/2010

Pushing the Limits of Windows: USER and GDI Objects – Part 2

Last time, I covered the limits and how to measure usage of one of the two key window manager...

Author: Mark Russinovich Date: 03/31/2010

Pushing the Limits of Windows: USER and GDI Objects – Part 1

So far in the Pushing the Limits of Windows series, I’ve focused on resources managed by the Windows...

Author: Mark Russinovich Date: 02/24/2010

The Machine SID Duplication Myth (and Why Sysprep Matters)

On November 3 2009, Sysinternals retired NewSID, a utility that changes a computers machine Security...

Author: Mark Russinovich Date: 11/03/2009

Channel 9: Inside Windows 7 Redux

Windows 7 hit general availability today, putting it in stores and on new PC’s. There are...

Author: Mark Russinovich Date: 10/22/2009

Recent and Upcoming Speaking Engagements

I wanted to update you on my recent and upcoming speaking engagements. First, I’ve been...

Author: Mark Russinovich Date: 10/08/2009

Pushing the Limits of Windows: Handles

This is the fifth post in my Pushing the Limits of Windows series where I explore the upper bound on...

Author: Mark Russinovich Date: 09/29/2009

The Case of the Temporary Registry Profiles

Microsoft Customer Support Services (CSS) is one of the biggest customers of the Sysinternals tools...

Author: Mark Russinovich Date: 08/10/2009

Windows Internals 5th Edition is Available!

I’m proud to announce that Windows Internals, 5th Edition is now available. It’s been a long road,...

Author: Mark Russinovich Date: 07/06/2009

Pushing the Limits of Windows: Processes and Threads

This is the fourth post in my Pushing the Limits of Windows series that explores the boundaries of...

Author: Mark Russinovich Date: 07/05/2009

The Case of the Slow Keynote Demo

A couple of weeks ago I participated for the first time in the keynote at Microsoft’s Teched US...

Author: Mark Russinovich Date: 05/23/2009

Pushing the Limits of Windows: Paged and Nonpaged Pool

In previous Pushing the Limits posts, I described the two most basic system resources, physical...

Author: Mark Russinovich Date: 03/10/2009

The Case of the Crashed Phone Call

David Solomon, my coauthor for the Windows Internals books, was recently in the middle of an...

Author: Mark Russinovich Date: 12/30/2008

The Case of the Phantom Desktop Files

A few weeks ago, my wife mentioned that she sometimes saw files in her desktop folder that didn’t...

Author: Mark Russinovich Date: 12/28/2008

Pushing the Limits of Windows: Virtual Memory

In my first Pushing the Limits of Windows post, I discussed physical memory limits, including the...

Author: Mark Russinovich Date: 11/17/2008

The Case of the Random IE and WMP Crashes

When I experienced a crash in Internet Explorer (IE) on my home 64-bit gaming system one day, I...

Author: Mark Russinovich Date: 06/02/2008

Guest Post: The Case of the FrontPage Error

Welcome to the first guest "Case Of" blog post! I've received numerous great troubleshooting cases...

Author: Mark Russinovich Date: 05/13/2008

The Case of the System Process CPU Spikes

As you’ve probably surmised by my blog posts and other writings, I like knowing exactly what my...

Author: Mark Russinovich Date: 04/07/2008

Inside Vista SP1 File Copy Improvements

Windows Vista SP1 includes a number of enhancements over the original Vista release in the areas of...

Author: Mark Russinovich Date: 02/04/2008

Next>