Sysinternals Site Discussion

Updates: Process Monitor v1.35

Process Monitor v1.35: This fixes a bug introduced in v1.34 that prevented Process Monitor's driver from loading on Windows 2000.

Updates: ZoomIt v2.10, Process Monitor v1.34, BgInfo v4.13

ZoomIt v2.10: Includes a zoom-out effect when you exit zoom mode and enables you to specify a background bitmap for the break timer.

Process Monitor v1.34: This update adds the ability to filter on result values.

BgInfo v4.13: Now displays correct version information for Windows Server 2008.

Updates: Process Explorer v11.20, ZoomIt v2.0, Sigcheck v1.53, Handle v3.4 and introducing Sysinternals Live beta.

Sysinternals Live: We're excited to announce the beta of Sysinternals Live, a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as \\live.sysinternals.com\tools\<toolname> or view the entire Sysinternals Live tools directory in a browser at http://live.sysinternals.com.

Process Explorer v11.20: Process Explorer now shows thread permissions, adds process working set minimum and maximum columns, and fixes a bug that allows it to run from read-only locations on 64-bit Windows.

ZoomIt v2.0: This major ZoomIt update adds the drawing color pink, adds screen blanking to the undo history, extends the maximum pen size from 9 to 19 pixels, has an option to hide the tray icon and makes it easy to save zoomed and annotated screens as bitmap files.

Sigcheck v1.53: The CSV column headers have been fixed to correctly reflect the extended version and hash options.

Handle v3.4: This release fixes a bug that allows it to run from read-only locations on 64-bit Windows and adds an option to show the sizes of pagefile-backed sections.

Updates: Autoruns v9.21

Autoruns v9.21: This corrects the version number in the about box.

Updates: Autoruns v9.2, Process Monitor v1.33, AccessChk v4.1

Autoruns v9.2: In order to better support assisted troubleshooting, Autoruns - an autostart analyzer - now exports and imports scan results to enable viewing results on other systems, adds support for enabling and deleting Winsock notification DLLs, and fixes a number of 64-bit Windows issues.

Process Monitor v1.33: This update to Process Monitor, a real-time file, thread, DLL and performance monitoring utility, improves 32-bit stack walking on 64-bit Windows, fixes a driver bug that could cause crashes on 64-bit Windows, and preserves profiling information by default when saving log files.

AccessChk v4.1: AccessChk, a command-line utility for analyzing effective permissions on files, registry keys, process and more, now interprets Windows Vista process owner rights and can show permissions on active threads.

Updates: Process Monitor v1.32

Process Monitor v1.32: This fixes a dependency introduced in v1.31 that prevented Procmon from running on Windows 2000.

Updates: Process Explorer v11.13, Process Monitor v1.31, and Handle v3.31

Process Explorer v11.13: This includes bug fixes for viewing thread stacks of system threads and 64-bit thread stacks. It also fixes compatibility with Windows 9x and NT 4.

Process Monitor v1.31: This update fixes a bug that could result in a deadlock when exiting or disabling capture with thread profiling enabled.

Handle v3.31: No functional change and hence no version number update, but has version field that enables it to work again on Windows 9x and NT 4.

Updates: Process Explorer v11.12, Process Monitor v1.30, Handle v3.31, and a new blog post from Mark

Process Explorer v11.12: This update includes a number of minor enhancements and bug fixes, including support for tracking commit and non-paged pool limits.

Process Monitor v1.30: This major update adds support for importing and exporting filters, records system information in log files, presents more information about specific operations, includes translation of additional operation error codes, and tracks CPU and memory activity that it displays in a revamped process summary dialog.

Handle v3.31: This update unifies the drivers used by Handle and Process Explorer.

Marks Blog: "The Case of the System Process CPU Spikes" - See Mark's latest blog entry where he demonstrates how he used Process Explorer to track down a device driver causing CPU usage spikes.

Updates: ZoomIt v1.8, Inside Windows Server 2008 article, and a new webcast on deploying Windows Vista

ZoomIt v1.8: This update to the popular screen magnifier and annotation presentation tool adds support for undo while drawing and resizable text fonts.

Inside Windows Server 2008 Kernel Changes: Mark goes deep inside the Server 2008 kernel to describe enhancements to memory management and I/O processing, as well as how Server 2008 implements new features like Hyper-V, self-healing NTFS, SMB2, and more. This article complements the three-part series Windows Vista kernel changes series and UAC internals articles Mark also published in TechNet Magazine.

Mark Hosts Virtual Roundtable on Deploying Vista: Watch Mark Russinovich and a panel of industry experts and IT pros have an interactive roundtable discussion on Windows Vista adoption and deployment, including challenges, workarounds, and solutions.

Updates: ShellRunas v1.01

ShellRunas v1.01: Fixes bug where /quiet wasn’t honored for /unreg.

Updates: Process Explorer 11.11

Process Explorer v11.11:  Fixes a bug in the driver that could cause a crash when viewing the handle table of a process that exits.

New: ShellRunas v1.0 Updates: Autoruns v9.13, Process Explorer v11.10, Sigcheck v1.52

ShellRunas v1.0: ShellRunas provides functionality similar to that of the Runas tool to launch programs as a different user via a convenient shell context-menu entry. This makes it more convenient than Runas for heavy Explorer users.

Process Explorer v11.10: This Process Explorer update adds a number of enhancements, including support for high DPI, display of paging and standby list sizes on Vista, and display of  cycles consumed on threads tab on Vista. It also reports the COM object running inside of Dllhost processes and the tasks running inside of Vista Taskeng host processes in the process view hover tooltip.

Autoruns v9.13: Fixes bug where Autoruns could crash when looking at the icon properties of third-party DLLs.

Sigcheck v1.52: Works around images with malformed version blocks to show their version information.

Mark Hosts Virtual Roundtable on Deploying Vista: Join Mark Russinovich and a panel of industry experts and IT pros on March 5^th for a live, interactive roundtable discussion on Windows Vista adoption and deployment, including challenges, workarounds, and solutions.

 

Updates: Autoruns v9.11, Sigcheck v1.51

Autoruns v9.11: This release corrects a bug where the XML output incorrectly tagged image path field and the CSV headers didn't include the launch string.

Sigcheck v1.51: A bug in the processing of the -n option that could cause Sigcheck to crash is fixed in this update.

Updates: Autoruns v9.10, Sigcheck v1.50, Mark's new blog post and webcast

Autoruns v9.10: Autorunsc, the command-line version of Autoruns, has a new option to print output in XML format and now displays the MD5, SHA1 and SHA256 hashes of autostart images to more precisely identify files, which is especially useful in computer forensic investigations.

Sigcheck v1.50: Sigcheck, a command-line file version display and signature checking utility, adds a new option for displaying file hashes

The Case of the Unexplained…Live!: Mark’s “The Case of…”  blog posts come alive in this  recorded webcast of his #1-rated TechEd/ITforum session. Learn how to troubleshoot the toughest Windows and application problems by watching Mark use Sysinternals and other advanced tools to solve real-world examples.

Inside Vista SP1 File Copy Improvements: Find out how Windows Vista SP1 improves copy file performance in Mark’s latest blog post where he describes the evolution of the file copy.

Updates: AutoRuns v9.02, PsService v2.22, TcpView v2.53

 

AutoRuns v9.02: This update fixes a bug where Autoruns would crash when deleting the last item on the Everything page.

 

PsService v2.22: Fixes a crash when displaying services that have empty descriptions.

 

TcpView v2.53: Addresses a memory leak.