Sysinternals Site Discussion

Updates: Autoruns v9.21

Autoruns v9.21: This corrects the version number in the about box.

Updates: Autoruns v9.2, Process Monitor v1.33, AccessChk v4.1

Autoruns v9.2: In order to better support assisted troubleshooting, Autoruns - an autostart analyzer - now exports and imports scan results to enable viewing results on other systems, adds support for enabling and deleting Winsock notification DLLs, and fixes a number of 64-bit Windows issues.

Process Monitor v1.33: This update to Process Monitor, a real-time file, thread, DLL and performance monitoring utility, improves 32-bit stack walking on 64-bit Windows, fixes a driver bug that could cause crashes on 64-bit Windows, and preserves profiling information by default when saving log files.

AccessChk v4.1: AccessChk, a command-line utility for analyzing effective permissions on files, registry keys, process and more, now interprets Windows Vista process owner rights and can show permissions on active threads.

Updates: Process Monitor v1.32

Process Monitor v1.32: This fixes a dependency introduced in v1.31 that prevented Procmon from running on Windows 2000.

Updates: Process Explorer v11.13, Process Monitor v1.31, and Handle v3.31

Process Explorer v11.13: This includes bug fixes for viewing thread stacks of system threads and 64-bit thread stacks. It also fixes compatibility with Windows 9x and NT 4.

Process Monitor v1.31: This update fixes a bug that could result in a deadlock when exiting or disabling capture with thread profiling enabled.

Handle v3.31: No functional change and hence no version number update, but has version field that enables it to work again on Windows 9x and NT 4.

Updates: Process Explorer v11.12, Process Monitor v1.30, Handle v3.31, and a new blog post from Mark

Process Explorer v11.12: This update includes a number of minor enhancements and bug fixes, including support for tracking commit and non-paged pool limits.

Process Monitor v1.30: This major update adds support for importing and exporting filters, records system information in log files, presents more information about specific operations, includes translation of additional operation error codes, and tracks CPU and memory activity that it displays in a revamped process summary dialog.

Handle v3.31: This update unifies the drivers used by Handle and Process Explorer.

Marks Blog: "The Case of the System Process CPU Spikes" - See Mark's latest blog entry where he demonstrates how he used Process Explorer to track down a device driver causing CPU usage spikes.

Updates: ZoomIt v1.8, Inside Windows Server 2008 article, and a new webcast on deploying Windows Vista

ZoomIt v1.8: This update to the popular screen magnifier and annotation presentation tool adds support for undo while drawing and resizable text fonts.

Inside Windows Server 2008 Kernel Changes: Mark goes deep inside the Server 2008 kernel to describe enhancements to memory management and I/O processing, as well as how Server 2008 implements new features like Hyper-V, self-healing NTFS, SMB2, and more. This article complements the three-part series Windows Vista kernel changes series and UAC internals articles Mark also published in TechNet Magazine.

Mark Hosts Virtual Roundtable on Deploying Vista: Watch Mark Russinovich and a panel of industry experts and IT pros have an interactive roundtable discussion on Windows Vista adoption and deployment, including challenges, workarounds, and solutions.

Updates: ShellRunas v1.01

ShellRunas v1.01: Fixes bug where /quiet wasn’t honored for /unreg.

Updates: Process Explorer 11.11

Process Explorer v11.11:  Fixes a bug in the driver that could cause a crash when viewing the handle table of a process that exits.

New: ShellRunas v1.0 Updates: Autoruns v9.13, Process Explorer v11.10, Sigcheck v1.52

ShellRunas v1.0: ShellRunas provides functionality similar to that of the Runas tool to launch programs as a different user via a convenient shell context-menu entry. This makes it more convenient than Runas for heavy Explorer users.

Process Explorer v11.10: This Process Explorer update adds a number of enhancements, including support for high DPI, display of paging and standby list sizes on Vista, and display of  cycles consumed on threads tab on Vista. It also reports the COM object running inside of Dllhost processes and the tasks running inside of Vista Taskeng host processes in the process view hover tooltip.

Autoruns v9.13: Fixes bug where Autoruns could crash when looking at the icon properties of third-party DLLs.

Sigcheck v1.52: Works around images with malformed version blocks to show their version information.

Mark Hosts Virtual Roundtable on Deploying Vista: Join Mark Russinovich and a panel of industry experts and IT pros on March 5^th for a live, interactive roundtable discussion on Windows Vista adoption and deployment, including challenges, workarounds, and solutions.

 

Updates: Autoruns v9.11, Sigcheck v1.51

Autoruns v9.11: This release corrects a bug where the XML output incorrectly tagged image path field and the CSV headers didn't include the launch string.

Sigcheck v1.51: A bug in the processing of the -n option that could cause Sigcheck to crash is fixed in this update.

Updates: Autoruns v9.10, Sigcheck v1.50, Mark's new blog post and webcast

Autoruns v9.10: Autorunsc, the command-line version of Autoruns, has a new option to print output in XML format and now displays the MD5, SHA1 and SHA256 hashes of autostart images to more precisely identify files, which is especially useful in computer forensic investigations.

Sigcheck v1.50: Sigcheck, a command-line file version display and signature checking utility, adds a new option for displaying file hashes

The Case of the Unexplained…Live!: Mark’s “The Case of…”  blog posts come alive in this  recorded webcast of his #1-rated TechEd/ITforum session. Learn how to troubleshoot the toughest Windows and application problems by watching Mark use Sysinternals and other advanced tools to solve real-world examples.

Inside Vista SP1 File Copy Improvements: Find out how Windows Vista SP1 improves copy file performance in Mark’s latest blog post where he describes the evolution of the file copy.

Updates: AutoRuns v9.02, PsService v2.22, TcpView v2.53

 

AutoRuns v9.02: This update fixes a bug where Autoruns would crash when deleting the last item on the Everything page.

 

PsService v2.22: Fixes a crash when displaying services that have empty descriptions.

 

TcpView v2.53: Addresses a memory leak.

 

Updates: AutoRuns v9.01, PsExec v1.94, TcpView v2.52, Sigcheck v1.41, Mark's New Blog

Mark’s Blog: The Case of the Missing AutoPlay: Check out Mark’s latest blog entry where he shows how he used Process Monitor to track down why AutoPlay wasn’t working in his ReadyBoost demonstrations.

Autoruns v9.01: Autoruns v9.01 fixes a bug in the way that it handles certain shell extension points and adds awareness of several additional shell extensions.

PsExec v1. 94: This update fixes a bug in the timeout option and it makes it possible to use more options when launching local processes, like processor affinity, without administrative rights.

Tcpview v2.52: Tcpview v2.52 fixes a bug that causes partial display of UDP endpoints on Windows XP. 

Sigcheck v1.41: This Sigcheck update correctly displays long comments in file version information.

Updates: AutoRuns v9.0, PsExec v1.93, New Video, New Site Front-End

Autoruns v9.0: This major update to Autoruns shows an entry’s raw launch string in its image details area, lists Explorer and IE COM classes names and icons, is aware of several more autostart locations, including additional shell extensions, Windows Vista scheduled tasks and Windows Vista Sidebar gadgets, and has better support for alternate online search engines.

PsExec v1.93: Version 1.93 fixes a bug in the implementation of the -x option.

New Video - Channel 9: Mark talks about working at Microsoft, the Windows Server 2008 kernel, MinWin versus Server Core, Hyper-V and application virtualization.

New Site Front-End: The Sysinternals TechNet TechCenter has been migrated to a new web front-end. The new front-end will allow us to provide a wider range of cross-linking down the road as well as new content types.

Updates: ZoomIt v1.72, PsExec v1.92, DebugView v4.74, AdExplorer

ZoomIt v1.72: This Zoomit update enables you to center the mouse with the space bar when in drawing mode, adds an option to view time elapsed after the break timer expires, and reverses the keys used to draw lines and arrows.

PsExec v1.92: PsExec’s new release fixes a bug in the -i option that prevented it from correctly displaying windows on the console desktop.

DebugView v4.74: This update fixes another race condition that could cause system hangs on first run.

AdExplorer (no version change): Simply removes obsolete options from the usage dialog.