Sysinternals Site Discussion

New Tool: ProcDump v1.0 | Updates: Autoruns v9.51, VMMap v2.1, PsExec v1.96 | Book released: Windows Internals 5th Edition Released!| Webcast: Case of the Unexplained 2009

Windows Internals 5th Edition Released! The 5^th Edition of Windows Internals, the official book on the architecture and internals of the Windows operating system, is now available. This release is 25% larger than the 4^th Edition and is updated to cover Windows Vista and Windows Server 2008. Visit the official book page and watch Mark and David’s Channel 9 interview on the book

New Webcast: Case of the Unexplained 2009: Watch Mark’s top-10 rated TechEd session and third installment of the Case of the Unexplained, where he shows how to use the Sysinternals tools like Process Explorer, Process Monitor and Autoruns to solve problems with real-world cases as examples.

Autoruns v9.51: This fixes a bug with the Run As Administrator functionality on 64-bit Windows 7, a copy-to-clipboard bug where part of a line’s content was truncated, and is updated to show Windows 7 Sidebar Gadget configuration.

VMMap v2.1: VMMap now shows process private byte and working set usage in the process picker, shows the size of the displayed strings in the strings dialog, and fixes a bug with automatic .vmp file association and running the 32-bit version on 64-bit systems.

PsExec v1.96: This release fixes a bug where remote command-line output was not displayed when the target system was 64-bit Windows XP.

ProcDump v1.0: This new command-line utility is aimed at capturing process dumps of otherwise difficult to isolate and reproduce CPU spikes. It also serves as a general process dump creation utility and can also monitor and generate process dumps when a process has a hung window or unhandled exception.

Mark’s latest TechNet Magazine article: Inside Windows 7 User Account Control

Inside Windows 7 User Account Control 

Check out Mark’s latest TechNet Magazine article where he goes inside the changes in Windows 7’s implementation of UAC, including the two new UAC modes and how certain Windows images are automatically elevated to administrative rights in the default mode.

5 minute - Sysinternals Customer Survey

Sysinternals Customer Survey – We could use your help.  We're looking into who uses the Sysinternals tools and what other Microsoft tools you use. Please take this very short questionnaire (7 questions max. depending on how you answer). We won’t ask you who you are, your email or anything that can identify you. - Thanks

Updates: VMMap v2.0, ClockRes v2.0

VMMap v2.0: VMMap now breaks out information on memory used by the .NET CLR, enabling detailed memory analysis of managed applications.

 

ClockRes v2.0: This update to Clockres, a system utility that reports the frequency of the system clock, now shows the upper and lower resolution of the system clock.

Mark Demos Windows 7 and MDOP IT Pro Features at TechEd Keynote

Mark Demos Windows 7 and MDOP IT Pro Features at TechEd Keynote: Mark has spoken at every US TechEd since 2001, but this the first time he’s been in the keynote. Bill Veghte talks about Windows 7 client features, Iain McDonald shows off virtualization advances in Windows Server 2008 R2, and Mark demos Powershell v2, Applocker, MEDV, App-V and native VHD support (if you want to see just Mark’s segment, go to minute 42).

Updates: Autoruns v9.5, PsLoglist v2.7, PsExec v1.95

Autoruns v9.5: This update to Autoruns, a powerful autostart manager, adds display of audio and video codecs, which are gaining popularity as an extension mechanism used by malware to gain automatic execution.

 

PsLoglist v2.7: This version of PsLoglist, a command-line event log display utility, now properly displays event log entries for default event log sources on Windows Vista and higher and accepts wildcard matching for event sources.

 

PsExec v1.95: This version of PsExec, a utility for executing applications remotely, fixes an issue that prevented the -i (interactive) switch from working on Windows XP systems with a recent hotfix and includes a number of minor bug fixes.

Updates: VMMap v1.1, Active Directory Explorer v1.2

VMMap v1.1

This update to VMMap, an advanced process memory analysis tool, makes it easy to view the changes between subsequent refreshes. Using the new “show changes” option enables you to measure the impact of specific application functionality by comparing memory usage before and after the functionality executes. The release also has a number of user interface improvements, such as always highlighting the currently selected listview items and making the total row’s position in the summary list sort-independent.

 

Active Directory Explorer v1.2

ADExplorer v1.2, an Active Directory object browser, adds the ability to copy the properties of an object to the clipboard, back and forward navigation shortcut keys, and an option to change the base used for integer display.

 

Sysinternals wishes Channel 9 a Happy Birthday!

Channel 9, Microsoft’s direct connection to developers, turned five a few days ago. Mark frequently gives interviews on Channel 9, including his latest on Windows 7 kernel changes, which is Channel 9’s most viewed interview of all time at 550,000 views. Mark was one of the Niners to give Channel 9 a special birthday wish.

Updates: Autoruns v9.41

Autoruns v9.41: This release fixes a bug with the hide-Microsoft images options when the signature verification option is enabled.

Updates: Autoruns v9.4, BgInfo v4.15, ZoomIt v3.03 | New Mark's Blog post: Pushing the Limits of Windows: Paged and Nonpaged Pool

Autoruns v9.4: This Autoruns update shows manual start Windows services, fixes a bug that affected the display of autostart locations that could include multiple startup registrations, and fixes a bug in the Jump To functionality on 64-bit Windows.

BgInfo v4.15: Bginfo now supports access to 64-bit registry keys in custom fields, fixes a bug with oversized wallpaper on multiple monitor configurations, and sets its default output directory to %TEMP%.

ZoomIt v3.03: Fixes a GDI handle leak that could cause Zoomit’s drawing functionality to eventually stop working.

Mark’s Blog: Pushing the Limits of Windows: Paged and Nonpaged Pool - Check out Mark’s latest entry in his Pushing the Limits of Windows series, where he describes the role of the kernel’s paged and nonpaged pool resources, their limits, how the system behaves when they run out, and how to track down a driver that’s leaking pool.

Updates: Process Monitor v2.04, TCPView v2.54, VMMap v1.02, Testlimit v5.01, and Notmyfault

 

Process Monitor v2.04: This update shows file mapping operations in basic mode, adds more translations of error numbers to text, fixes a bug that limited support for more boot log files larger than 4GB, and displays version numbers using the same formatting as Windows.

 

TCPView v2.54: Fixes bugs that prevented the display of IPv6 TCP endpoints and the correct display of IPv6 UDP endpoints

 

VMMap v1.02: Now shows all image subsections, even if they reside within the same allocation region. It also fixes a bug in image name sorting and makes the UAC elevation smoother on 64-bit Windows.

 

Testlimit v5.01: This fixes a bug in the implementation of the -d option.

 

Notmyfault: Updated with options to leak paged or nonpaged pool, and it now frees leaked pool on exit.

 

Updates: Sigcheck v1.6, Strings v2.41, VMMap v1.01

Sigcheck v1.6: This update adds checking for .NET strong signatures and extends the output of the -i option, which shows the image signers, to also print the path of the catalog that stores a file's signature.

Strings v2.41: This Strings update fixes a bug that sometimes resulted in the omission of strings that crossed 64K boundries in a file and it now prints strings in the same order they appear in the file.

VMMap v1.01: This release fixes a bug in the identification of heap memory and a bug that prevented VMMap from working on 64-bit Windows XP and 64-bit Windows Server 2003.

New Tool: VMMap v1.0 | Mark speaking at Microsoft TechEd 2009

VMMap v1.0: VMMap is a new utility for analyzing process address spaces and working sets. Aimed primarily at developers, its detailed graphical and textual breakdown of exactly what types of memory contribute to a process’s memory footprint make it a powerful performance analysis and tuning tool.

Mark to Speak at TechEd 2009:Come see the 2009 version of Mark’s popular “Case of the Unexplained” session, where he demonstrates the use of Sysinternals tools with real-world troubleshooting examples. Mark’s Windows 7 and Windows Server 2008 R2 session expands on his Channel 9 interview to dive deep on system-level enhancements and improvements, and his Inside Windows Server 2008R2 Virtualization and VHD Enhancements session takes you on a tour of new features like Live Migration, Second Level Address Translation, and native VHD support.

 

Updates: Process Explorer v11.33, Autoruns v9.39, ZoomIt v3.02

Process Explorer v11.33: This update fixes a bug where the history graph tooltips could display the wrong data point and reduces the memory footprint of the structures that store graph history.

Autoruns v9.39: This Autoruns update fixes a couple of minor bugs and adds a new Windows 7 location.

ZoomIt v3.02: This release addresses a bug that could cause Zoomit to refuse to enter drawing mode once zoomed.

 

Updates: ZoomIt v3.0, Process Explorer v11.32, Autoruns v9.38

ZoomIt v3.0: This major update to ZoomIt, the Sysinternals screen magnification and annotation utility, adds a LiveZoom mode on Windows Vista and higher, allows you to change the typing and break timer font, adds the ability to copy the magnified screen to the clipboard with Ctrl+C, and introduces a new configuration interface.

Process Explorer v11.32: This update fixes a bug in the process security page's name resolution and uses history graph tooltips that track the mouse.

Autoruns v9.38: This fixes a bug that prevented v9.37 from viewing the system account's profile on 32-bit Windows.