Sysinternals Site Discussion

Updates: Disk2vhd v1.3, Sigcheck v1.61, Process Monitor v2.8, LiveKd v3.12 and a new Mark's blog post

NewSID Retirement and the Machine SID Duplication Myth: Mark’s latest blog post debunks the myth that having duplicate machine SIDs causes problems, explaining why the Sysinternals NewSID tool has been retired.

Disk2vhd v1.3: This update to Disk2vhd makes more Windows XP and Windows Server 2003 VHDs bootable by updating their MBR and boot sectors to be compatible with Hyper-V and Virtual PC and by installing the Intelide driver if it it’s not already installed. It also optimizes image creation by not copying paging and hibernation files.

Sigcheck v1.62: This update to Sigcheck, a utility that displays file version and digital signature information, removes a file size limit for generating file hashes, works on 64-bit MSI files, and reports expired signatures.

Process Monitor v2.8: Displays new Windows 7 CreateFile options, includes file-delete operations in the Category filter’s Write subcategory, and displays names for more IOCTLs and result codes.

LiveKd v3.12: This release fixes compatibility with 64-bit Windows XP and Windows Server 2003.

Updates: Disk2vhd v1.21

Disk2vhd v1.21: The target volume size calculation is now based on the required size of the source volumes instead of the total size.

New Video: Windows 7 General Availability and Mark on Channel 9

Windows 7 General Availability and Mark on Channel 9:  Check out Mark’s latest Channel 9 interview on Windows 7 and Windows Server 2008 R2 kernel changes, released today to coincide with Windows 7’s general availability. He talks about memory management, process reflection and more, and shows a couple of demos on a 256-processor system.

Updates: Disk2vhd v1.2

Disk2vhd v1.2: This version fixes the space requirement calculation for the volume to which the VHD will be written.

Updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4

Disk2vhd v1.1: Disk2vhd now supports command-line options for automation and fixes a bug that could result in an “invalid user buffer” error during a conversion.

ZoomIt v4.1: ZoomIt is a screen magnification and annotation utility that’s useful for technical presentations. With this update, you can now easily switch between LiveZoom (supported on Vista and Windows 7) and drawing mode.

Coreinfo v2.0: Coreinfo now supports IA64 and Windows Server 2008 R2 systems with more than 64 logical processors.

VMMap v2.4: This release fixes a rare bug that could result in inaccurate summary statistics.

Updates: Autoruns v9.56

Autoruns v9.56: This update enables Autoruns to view registry entries that have permissions only allowing the System account access and fixes a bug that caused some rundll32-hosted entries to not display correctly.

New Tool: Disk2vhd v1.0

Disk2vhd v1.0: We’re excited to announce a new Sysinternals tool, Disk2vhd, that simplifies the migration of physical systems into virtual machines (p2v). Just run Disk2vhd on the system you want to migrate and specify the volumes for which you want data included, and Disk2vhd creates a consistent point-in-time volume snapshot followed by an export of the selected volumes into one or more VHDs that you can add to a new or existing Hyper-V or Virtual PC virtual machine.

Updates: LiveKd v3.1, BgInfo v4.16, ProcDump v1.6, Autoruns v9.55 | New Marks Blog Post: Pushing the Limits of Windows: Handles | New video: Mark Talks About Windows 7 and Windows Server 2008 R2 at Intel Developer Forum

Mark’s Blog: Pushing the Limits of Windows: Handles: Mark’s latest post in his Pushing the Limits of Windows series goes inside the limits that affect handle usage. He explains the role of handles, describes how the system manages them, and shows you how to identify and debug handle leaks.

Mark Talks About Windows 7 and Windows Server 2008 R2 at Intel Developer Forum: Mark gave a joint presentation with Shiv Kaushik, an Intel Fellow, at IDF in San Francisco on how Microsoft and Intel collaborated during the development process to make sure that Windows takes advantage of new Intel processor features and enhancements.

LiveKd v3.1: This update to LiveKd, a tool that enables you to perform local kernel debugging using the Windbg tool, adds support for systems with more than 4GB of RAM and now works on x64 systems even when they aren’t booted in debugging mode.

BgInfo v4.16: Bginfo now correctly reports Windows Server 2008 R2.

ProcDump v1.6: This minor update sets the thread context in a dump file to the thread that trips the CPU threshold so that it’s stack can be viewed simply by entering a stack dump command.

Autoruns v9.55: A bug that prevented some 64-bit entries from being disabled is addressed in this update.

FileMon and Regmon Retired. NewSID End of Life

Filemon and Regmon Retired: As we forwarned, Filemon and Regmon have been retired from the site, since their functionality is subsumed by the much more powerful and scalable Process Monitor utility.

NewSID End of Life: NewSID will be retired from Sysinternals on November 2, 2009.

Updates: Process Monitor v2.7, ProcDump v1.5, VMMap v2.3, Autoruns v9.54

Process Monitor v2.7: This update to Process Monitor, a system monitoring utility, adds a new option to the process tree dialog that direct it to show just the timeline for displayed events, uses kernel-based thread profiling on Vista and higher for better performance, and includes a number of minor fixes and enhancements.

ProcDump v1.5: ProcDump now includes a new switch that enables the creation of a process dump upon process termination, which can help with troubleshooting unexpected process termination. It also fixes a bug where the -ma switch wouldn’t generate a full dump when combined with -r , the Windows 7-specific process reflection switch.

VMMap v2.3: VMMap, a process virtual and physical memory analysis tool has an improved copy-to-clipboard functionality and a fix for a bug that could in some cases result in inaccurate difference-view reporting.

Autoruns v9.54: This update includes several bug fixes, the introduction of additional 32-bit autostart locations for 64-bit Windows, some user interface improvements, and brings back compatibility with .ARN files created by older versions.

Updates: ProcDump v1.4

Procdump v1.4: This fixes a bug introduced in v1.3 that broke compatibility with Windows XP and Windows Server 2003.

Updates: Autoruns v9.53, ProcDump v1.3, Process Monitor v2.6 | New Mark's Blog post: The Case of the Temporary Registry Profiles | Download Windows Internals 5 sample chapter

Updates: Zoomit 4.0, procdump v1.2

ProcDump v1.2: This ProcDump now automatically generates 32-bit dumps for 32-bit processes on 64-bit Windows for easier debugging.

Updates: Autoruns v9.52, VMMap v2.2, procdump v1.1, procmon v2.5 | Marks Blog: Pushing the Limits of Windows: Processes and Threads

Procdump v1.1: This release fixes a bug that prevented Procdump from generating full dumps for the /ma switch.

Autoruns v9.52: Autoruns v9.52 fixes some minor bugs including one where Ctrl+C didn’t copy the entire entry to the clipboard.

VMMap v2.2: VMMap v2.2 includes a fix for a bug that prevented VMMap from working on 32-bit Windows XP.

Procmon v2.5: This significant update to Process Monitor adds a number of enhancements, including new by-extension and by-directory views in the File Summary dialog, a new Network Summary view, quick filtering in all the summary views, additional IOCTL and error result decoding, and a number of bug fixes.

Filemon and Regmon End of Life on 9/1/09

Process Monitor is the replacement for Filemon and Regmon and is much more advanced and scalable than its predecessors. We only aim to make Sysinternals tools work on Windows XP and higher,  we’ve decided that it’s time to retire these venerable utilities that were born in the early days of Sysinternals (then NTinternals) back in 1996. So that you have a chance to say goodbye, we’re announcing now that they will be removed from the site on September 1.

Mark’s Blog:Pushing the Limits of Windows: Processes and Threads

Mark’s latest installment in his Pushing the Limits of Windows blog series looks at how many processes and threads you can create on Windows and explains what determines the limits.

New Tool: ProcDump v1.0 | Updates: Autoruns v9.51, VMMap v2.1, PsExec v1.96 | Book released: Windows Internals 5th Edition Released!| Webcast: Case of the Unexplained 2009

Windows Internals 5th Edition Released! The 5^th Edition of Windows Internals, the official book on the architecture and internals of the Windows operating system, is now available. This release is 25% larger than the 4^th Edition and is updated to cover Windows Vista and Windows Server 2008. Visit the official book page and watch Mark and David’s Channel 9 interview on the book

New Webcast: Case of the Unexplained 2009: Watch Mark’s top-10 rated TechEd session and third installment of the Case of the Unexplained, where he shows how to use the Sysinternals tools like Process Explorer, Process Monitor and Autoruns to solve problems with real-world cases as examples.

Autoruns v9.51: This fixes a bug with the Run As Administrator functionality on 64-bit Windows 7, a copy-to-clipboard bug where part of a line’s content was truncated, and is updated to show Windows 7 Sidebar Gadget configuration.

VMMap v2.1: VMMap now shows process private byte and working set usage in the process picker, shows the size of the displayed strings in the strings dialog, and fixes a bug with automatic .vmp file association and running the 32-bit version on 64-bit systems.

PsExec v1.96: This release fixes a bug where remote command-line output was not displayed when the target system was 64-bit Windows XP.

ProcDump v1.0: This new command-line utility is aimed at capturing process dumps of otherwise difficult to isolate and reproduce CPU spikes. It also serves as a general process dump creation utility and can also monitor and generate process dumps when a process has a hung window or unhandled exception.