View Full Version : Sysinternals Suite
along the lines of the NIRLAUNCHER post i made earlier, this pack is also in my opinion invaluable to any one who reguraly uses a windows system for fault diagnostics and other tasks.
Sysinternals Suite is a pack put together by Mark Russinovich of microsoft and can even be incorporated into the nirlauncher GUI for ease of use and portability.
the latest pack was updated on November 23, 2010 and contains the following apps.
---------------------------------------------------------
Introduction
The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault.
The Suite is a bundling of the following selected Sysinternals Utilities:
AccessChk
AccessEnum
AdExplorer
AdRestore
Autologon
Autoruns
BgInfo
CacheSet
ClockRes
Contig
Coreinfo
Ctrl2Cap
DebugView
Desktops
Disk2vhd
DiskExt
DiskMon
DiskView
Disk Usage (DU)
EFSDump
Handle
Hex2dec
Junction
LDMDump
ListDLLs
LiveKd
LoadOrder
LogonSessions
NTFSInfo
PageDefrag
PendMoves
PipeList
PortMon
ProcDump
Process Explorer
Process Monitor
ProcFeatures
PsExec
PsFile
PsGetSid
PsInfo
PsKill
PsList
PsLoggedOn
PsLogList
PsPasswd
PsService
PsShutdown
PsSuspend
RAMMap
RegDelNull
RegJump
RootkitRevealer
SDelete
ShareEnum
ShellRunas
SigCheck
Streams
Strings
Sync
TCPView
VMMap
VolumeID
WhoIs
WinObj
ZoomIt
download here
http://download.sysinternals.com/Files/SysinternalsSuite.zip
Sysinternals Suite
By Mark Russinovich
Updated: December 9, 2010
DOWNLOAD
http://download.sysinternals.com/Files/SysinternalsSuite.zip
What's New (January 17, 2011)
ListDLLs v3.0
This update to ListDLLs, a command-line utility for listing the DLLs that processes have loaded, is compatible with 64-bit processes and includes a number of bug fixes.
Handle v3.43
Handle is a command-line utility for displaying the kernel handles processes have open. V3.43 shows handle object types, includes improved error messages, displays volume snapshot handle object names, and supports 64-bit Windows 7.
DOWNLOAD 12.9MB
http://download.sysinternals.com/Files/SysinternalsSuite.zip
================================================== ====
Sysinternals Suite
By Mark Russinovich
Updated: February 1, 2011
Sysinternals Utilities Index
Sysinternals Suite
The entire set of Sysinternals Utilities rolled up into a single download.
AccessChk
v5.01 (December 9, 2010)
AccessChk is a command-line tool for viewing the effective permissions on files, registry keys, services, processes, kernel objects, and more.
AccessEnum
v1.32 (November 1, 2006)
This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions.
AdExplorer
v1.42 (July 29, 2010)
Active Directory Explorer is an advanced Active Directory (AD) viewer and editor.
AdInsight
v1.01 (November 20, 2007)
An LDAP (Light-weight Directory Access Protocol) real-time monitoring tool aimed at troubleshooting Active Directory client applications.
AdRestore
v1.1 (November 1, 2006)
Undelete Server 2003 Active Directory objects.
Autologon
v3.0 (June 23, 2010)
Bypass password screen during logon.
Autoruns
v10.06 (November 29, 2010)
See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.
BgInfo
v4.16 (October 1, 2009)
This fully-configurable program automatically generates desktop backgrounds that include important information about the system including IP addresses, computer name, network adapters, and more.
BlueScreen
v3.2 (November 1, 2006)
This screen saver not only accurately simulates Blue Screens, but simulated reboots as well (complete with CHKDSK), and works on Windows NT 4, Windows 2000, Windows XP, Server 2003 and Windows 9x.
CacheSet
v1.0 (November 1, 2006)
CacheSet is a program that allows you to control the Cache Manager's working set size using functions provided by NT. It's compatible with all versions of NT.
ClockRes
v2.0 (June 4, 2009)
View the resolution of the system clock, which is also the maximum timer resolution.
Contig
v1.6 (February 1, 2011)
Wish you could quickly defragment your frequently used files? Use Contig to optimize individual files, or to create new files that are contiguous.
Coreinfo
v2.11 (May 21, 2010)
Coreinfo is a new command-line utility that shows you the mapping between logical processors and the physical processor, NUMA node, and socket on which they reside, as well as the cache’s assigned to each logical processor.
Ctrl2cap
v2.0 (November 1, 2006)
This is a kernel-mode driver that demonstrates keyboard input filtering just above the keyboard class driver in order to turn caps-locks into control keys. Filtering at this level allows conversion and hiding of keys before NT even "sees" them. Ctrl2cap also shows how to use NtDisplayString() to print messages to the initialization blue-screen.
DebugView
v4.76 (October 16, 2008)
Another first from Sysinternals: This program intercepts calls made to DbgPrint by device drivers and OutputDebugString made by Win32 programs. It allows for viewing and recording of debug session output on your local machine or across the Internet without an active debugger.
Desktops
v1.02 (January 19, 2010)
This new utility enables you to create up to four virtual desktops and to use a tray interface or hotkeys to preview what’s on each desktop and easily switch between them.
Disk2vhd
v1.63 (October 14, 2010)
Disk2vhd simplifies the migration of physical systems into virtual machines (p2v).
DiskExt
v1.1 (May 14, 2007)
Display volume disk-mappings.
Diskmon
v2.01 (November 1, 2006)
This utility captures all hard disk activity or acts like a software disk activity light in your system tray.
DiskView
v2.4 (March 25, 2010)
Graphical disk sector utility.
Disk Usage (DU)
v1.34 (May 19, 2010)
View disk usage by directory.
EFSDump
v1.02 (November 1, 2006)
View information for encrypted files.
Handle
v3.45 (January 25, 2011)
This handy command-line utility will show you what files are open by which processes, and much more.
Hex2dec
v1.0 (November 1, 2006)
Convert hex numbers to decimal and vice versa.
Junction
v1.06 (September 8, 2010)
Create Win2K NTFS symbolic links.
LDMDump
v1.02 (November 1, 2006)
Dump the contents of the Logical Disk Manager's on-disk database, which describes the partitioning of Windows 2000 Dynamic disks.
ListDLLs
v3.0 (January 17, 2011)
List all the DLLs that are currently loaded, including where they are loaded and their version numbers. Version 2.0 prints the full path names of loaded modules.
LiveKd
v5.0 (October 14, 2010)
Use Microsoft kernel debuggers to examine a live system.
LoadOrder
v1.0 (November 1, 2006)
See the order in which devices are loaded on your WinNT/2K system.
LogonSessions
v1.21 (May 6, 2010)
List the active logon sessions on a system.
MoveFile
v1.0 (November 1, 2006)
Allows you to schedule move and delete commands for the next reboot.
NTFSInfo
v1.0 (November 1, 2006)
Use NTFSInfo to see detailed information about NTFS volumes, including the size and location of the Master File Table (MFT) and MFT-zone, as well as the sizes of the NTFS meta-data files.
PageDefrag
v2.32 (November 1, 2006)
Defragment your paging files and Registry hives.
PendMoves
v1.1 (November 1, 2006)
Enumerate the list of file rename and delete commands that will be executed the next boot.
PipeList
(November 1, 2006)
Displays the named pipes on your system, including the number of maximum instances and active instances for each pipe.
PortMon
v3.02 (November 1, 2006)
Monitor serial and parallel port activity with this advanced monitoring tool. It knows about all standard serial and parallel IOCTLs and even shows you a portion of the data being sent and received. Version 3.x has powerful new UI enhancements and advanced filtering capabilities.
ProcDump
v3.02 (February 1, 2010)
This new command-line utility is aimed at capturing process dumps of otherwise difficult to isolate and reproduce CPU spikes. It also serves as a general process dump creation utility and can also monitor and generate process dumps when a process has a hung window or unhandled exception.
Process Explorer
v14.01 (November 23, 2010)
Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.
Process Monitor
v2.94 (January 17, 2011)
Monitor file system, Registry, process, thread and DLL activity in real-time.
ProcFeatures
v1.10 (November 1, 2006)
This applet reports processor and Windows support for Physical Address Extensions and No Execute buffer overflow protection.
PsExec
v1.98 (April 28, 2010)
Execute processes on remote systems.
PsFile
v1.02 (December 4, 2006)
See what files are opened remotely.
PsGetSid
v1.44 (April 28, 2010)
Displays the SID of a computer or a user.
PsInfo
v1.77 (April 28, 2010)
Obtain information about a system.
PsKill
v1.13 (December 1, 2009)
Terminate local or remote processes.
PsList
v1.29 (April 28, 2010)
Show information about processes and threads.
PsLoggedOn
v1.34 (April 28, 2010)
Show users logged on to a system.
PsLogList
v2.71 (April 28, 2010)
Dump event log records.
PsPasswd
v1.22 (December 4, 2006)
Changes account passwords.
PsService
v2.24 (April 28, 2010)
View and control services.
PsShutdown
v2.52 (December 4, 2006)
Shuts down and optionally reboots a computer.
PsSuspend
v1.06 (December 4, 2006)
Suspend and resume processes.
PsTools
(July 1, 2009)
The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.
RAMMap
v1.1 (June 23, 2010)
An advanced physical memory usage analysis utility that presents usage information in different ways on its several different tabs.
RegDelNull
v1.10 (November 1, 2006)
Scan for and delete Registry keys that contain embedded null-characters that are otherwise undeleteable by standard Registry-editing tools.
RegJump
v1.01 (November 1, 2006)
Jump to the registry path you specify in Regedit.
RootkitRevealer
v1.71 (November 1, 2006)
Scan your system for rootkit-based malware.
SDelete
v1.51 (November 1, 2006)
Securely overwrite your sensitive files and cleanse your free space of previously deleted files using this DoD-compliant secure delete program.
ShareEnum
v1.6 (November 1, 2006)
Scan file shares on your network and view their security settings to close security holes.
ShellRunas
v1.01 (February 28, 2008)
Launch programs as a different user via a convenient shell context-menu entry.
Sigcheck
v1.71 (October 14, 2010)
Dump file version information and verify that images on your system are digitally signed.
Streams
v1.56 (April 27, 2007)
Reveal NTFS alternate streams.
Strings
v2.41 (March 2, 2009)
Search for ANSI and UNICODE strings in binaryimages.
Sync
v2.0 (November 1, 2006)
Flush cached data to disk.
TCPView
v3.03 (February 1, 2011)
Active socket command-line viewer.
VMMap
v3.01 (November 1, 2010)
VMMap is a process virtual and physical memory analysis utility.
VolumeId
v2.0 (November 1, 2006)
Set Volume ID of FAT or NTFS drives.
Whois
v1.01 (November 1, 2006)
See who owns an Internet address.
WinObj
v2.21 (September 13, 2010)
The ultimate Object Manager namespace viewer is here.
ZoomIt
v4.1 (October 21, 2009)
Presentation utility for zooming and drawing on the screen.
http://download.sysinternals.com/Files/SysinternalsSuite.zip
Sysinternals Suite
By Mark Russinovich
Updated: February 14, 2011
http://download.sysinternals.com/Files/SysinternalsSuite.zip
Sysinternals Suite
By Mark Russinovich
Updated: February 23, 2011
http://download.sysinternals.com/Files/SysinternalsSuite.zip
updated pack 13.04.11
Sysinternals Utilities Index
Sysinternals Suite
The entire set of Sysinternals Utilities rolled up into a single download.
AccessChk
v5.01 (December 9, 2010)
AccessChk is a command-line tool for viewing the effective permissions on files, registry keys, services, processes, kernel objects, and more.
AccessEnum
v1.32 (November 1, 2006)
This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions.
AdExplorer
v1.42 (July 29, 2010)
Active Directory Explorer is an advanced Active Directory (AD) viewer and editor.
AdInsight
v1.01 (November 20, 2007)
An LDAP (Light-weight Directory Access Protocol) real-time monitoring tool aimed at troubleshooting Active Directory client applications.
AdRestore
v1.1 (November 1, 2006)
Undelete Server 2003 Active Directory objects.
Autologon
v3.01 (February 23, 2011)
Bypass password screen during logon.
Autoruns
v10.07 (April 13, 2011)
See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.
BgInfo
v4.16 (October 1, 2009)
This fully-configurable program automatically generates desktop backgrounds that include important information about the system including IP addresses, computer name, network adapters, and more.
BlueScreen
v3.2 (November 1, 2006)
This screen saver not only accurately simulates Blue Screens, but simulated reboots as well (complete with CHKDSK), and works on Windows NT 4, Windows 2000, Windows XP, Server 2003 and Windows 9x.
CacheSet
v1.0 (November 1, 2006)
CacheSet is a program that allows you to control the Cache Manager's working set size using functions provided by NT. It's compatible with all versions of NT.
ClockRes
v2.0 (June 4, 2009)
View the resolution of the system clock, which is also the maximum timer resolution.
Contig
v1.6 (February 1, 2011)
Wish you could quickly defragment your frequently used files? Use Contig to optimize individual files, or to create new files that are contiguous.
Coreinfo
v2.11 (May 21, 2010)
Coreinfo is a new command-line utility that shows you the mapping between logical processors and the physical processor, NUMA node, and socket on which they reside, as well as the cache’s assigned to each logical processor.
Ctrl2cap
v2.0 (November 1, 2006)
This is a kernel-mode driver that demonstrates keyboard input filtering just above the keyboard class driver in order to turn caps-locks into control keys. Filtering at this level allows conversion and hiding of keys before NT even "sees" them. Ctrl2cap also shows how to use NtDisplayString() to print messages to the initialization blue-screen.
DebugView
v4.76 (October 16, 2008)
Another first from Sysinternals: This program intercepts calls made to DbgPrint by device drivers and OutputDebugString made by Win32 programs. It allows for viewing and recording of debug session output on your local machine or across the Internet without an active debugger.
Desktops
v1.02 (January 19, 2010)
This new utility enables you to create up to four virtual desktops and to use a tray interface or hotkeys to preview what’s on each desktop and easily switch between them.
Disk2vhd
v1.63 (October 14, 2010)
Disk2vhd simplifies the migration of physical systems into virtual machines (p2v).
DiskExt
v1.1 (May 14, 2007)
Display volume disk-mappings.
Diskmon
v2.01 (November 1, 2006)
This utility captures all hard disk activity or acts like a software disk activity light in your system tray.
DiskView
v2.4 (March 25, 2010)
Graphical disk sector utility.
Disk Usage (DU)
v1.34 (May 19, 2010)
View disk usage by directory.
EFSDump
v1.02 (November 1, 2006)
View information for encrypted files.
Handle
v3.45 (January 25, 2011)
This handy command-line utility will show you what files are open by which processes, and much more.
Hex2dec
v1.0 (November 1, 2006)
Convert hex numbers to decimal and vice versa.
Junction
v1.06 (September 8, 2010)
Create Win2K NTFS symbolic links.
LDMDump
v1.02 (November 1, 2006)
Dump the contents of the Logical Disk Manager's on-disk database, which describes the partitioning of Windows 2000 Dynamic disks.
ListDLLs
v3.0 (January 17, 2011)
List all the DLLs that are currently loaded, including where they are loaded and their version numbers. Version 2.0 prints the full path names of loaded modules.
LiveKd
v5.0 (October 14, 2010)
Use Microsoft kernel debuggers to examine a live system.
LoadOrder
v1.0 (November 1, 2006)
See the order in which devices are loaded on your WinNT/2K system.
LogonSessions
v1.21 (May 6, 2010)
List the active logon sessions on a system.
MoveFile
v1.0 (November 1, 2006)
Allows you to schedule move and delete commands for the next reboot.
NTFSInfo
v1.0 (November 1, 2006)
Use NTFSInfo to see detailed information about NTFS volumes, including the size and location of the Master File Table (MFT) and MFT-zone, as well as the sizes of the NTFS meta-data files.
PageDefrag
v2.32 (November 1, 2006)
Defragment your paging files and Registry hives.
PendMoves
v1.1 (November 1, 2006)
Enumerate the list of file rename and delete commands that will be executed the next boot.
PipeList
(November 1, 2006)
Displays the named pipes on your system, including the number of maximum instances and active instances for each pipe.
PortMon
v3.02 (November 1, 2006)
Monitor serial and parallel port activity with this advanced monitoring tool. It knows about all standard serial and parallel IOCTLs and even shows you a portion of the data being sent and received. Version 3.x has powerful new UI enhancements and advanced filtering capabilities.
ProcDump
v3.03 (March 15, 2011)
This new command-line utility is aimed at capturing process dumps of otherwise difficult to isolate and reproduce CPU spikes. It also serves as a general process dump creation utility and can also monitor and generate process dumps when a process has a hung window or unhandled exception.
Process Explorer
v14.1 (March 15, 2011)
Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.
Process Monitor
v2.95 (April 13, 2011)
Monitor file system, Registry, process, thread and DLL activity in real-time.
ProcFeatures
v1.10 (November 1, 2006)
This applet reports processor and Windows support for Physical Address Extensions and No Execute buffer overflow protection.
PsExec
v1.98 (April 28, 2010)
Execute processes on remote systems.
PsFile
v1.02 (December 4, 2006)
See what files are opened remotely.
PsGetSid
v1.44 (April 28, 2010)
Displays the SID of a computer or a user.
PsInfo
v1.77 (April 28, 2010)
Obtain information about a system.
PsKill
v1.13 (December 1, 2009)
Terminate local or remote processes.
PsList
v1.29 (April 28, 2010)
Show information about processes and threads.
PsLoggedOn
v1.34 (April 28, 2010)
Show users logged on to a system.
PsLogList
v2.71 (April 28, 2010)
Dump event log records.
PsPasswd
v1.22 (December 4, 2006)
Changes account passwords.
PsService
v2.24 (April 28, 2010)
View and control services.
PsShutdown
v2.52 (December 4, 2006)
Shuts down and optionally reboots a computer.
PsSuspend
v1.06 (December 4, 2006)
Suspend and resume processes.
PsTools
(July 1, 2009)
The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.
RAMMap
v1.1 (June 23, 2010)
An advanced physical memory usage analysis utility that presents usage information in different ways on its several different tabs.
RegDelNull
v1.10 (November 1, 2006)
Scan for and delete Registry keys that contain embedded null-characters that are otherwise undeleteable by standard Registry-editing tools.
RegJump
v1.01 (November 1, 2006)
Jump to the registry path you specify in Regedit.
RootkitRevealer
v1.71 (November 1, 2006)
Scan your system for rootkit-based malware.
SDelete
v1.51 (November 1, 2006)
Securely overwrite your sensitive files and cleanse your free space of previously deleted files using this DoD-compliant secure delete program.
ShareEnum
v1.6 (November 1, 2006)
Scan file shares on your network and view their security settings to close security holes.
ShellRunas
v1.01 (February 28, 2008)
Launch programs as a different user via a convenient shell context-menu entry.
Sigcheck
v1.71 (October 14, 2010)
Dump file version information and verify that images on your system are digitally signed.
Streams
v1.56 (April 27, 2007)
Reveal NTFS alternate streams.
Strings
v2.41 (March 2, 2009)
Search for ANSI and UNICODE strings in binaryimages.
Sync
v2.0 (November 1, 2006)
Flush cached data to disk.
TCPView
v3.04 (April 13, 2011)
Active socket command-line viewer.
VMMap
v3.03 (March 15, 2011)
VMMap is a process virtual and physical memory analysis utility.
VolumeId
v2.0 (November 1, 2006)
Set Volume ID of FAT or NTFS drives.
Whois
v1.01 (November 1, 2006)
See who owns an Internet address.
WinObj
v2.22 (February 14, 2011)
The ultimate Object Manager namespace viewer is here.
ZoomIt
v4.1 (October 21, 2009)
Presentation utility for zooming and drawing on the screen.
http://download.sysinternals.com/Files/SysinternalsSuite.zip
What's New (May 3, 2011)
ZoomIt v4.2
This update to ZoomIt, a screen magnification and annotation utility, now adjusts the drawing pen size when you enter drawing mode from live zoom to match the static zoom pen size.
Process Explorer v14.11
Process Explorer v14.11 includes the ability to configure network and disk activity icons in the tray.
Sysinternals Suite
By Mark Russinovich
Updated: May 3, 2011
http://download.sysinternals.com/Files/SysinternalsSuite.zip
Sysinternals Suite
By Mark Russinovich
Updated: July 18, 2011
What's New (July 18, 2011)
The Windows Sysinternals Administrator's Reference
We are excited and proud to announce the release of the official Sysinternals book, The Windows Sysinternals Administrator's Reference, from Microsoft Press. Written by Sysinternals founder and tool author Mark Russinovich, and Windows expert Aaron Margosis, the book is over 450 pages and covers all 70+ tools in detail, with full chapters on the major tools like Process Explorer and Autoruns. In addition to tips and tricks in the tool chapters, it includes 17 "Case of the Unexplained…" examples of the tools used by users to solve real-world problems. Buy the book today and take your Windows troubleshooting and systems management skills to the next level.
Process Explorer v15.0
Process Explorer v15 celebrates the release of the Sysinternals Administrator Reference and the upcoming 15th anniversary of Sysinternals. This major update to Process Explorer, a powerful tool for inspecting and controlling processes, threads, loaded DLLs, and more, adds GPU utilization and memory monitoring on Vista and higher. It also adds the ability to restart services, has a smaller memory footprint, and has visually cleaner performance graphs.
ListDLLs v3.1
ListDLLs, a command-line utility for listing and searching for loaded DLLs, now dumps full file version information, including digital signatures. It also adds a new option designed to aid in malware hunting that filters output to include only unsigned DLLs.
FindLinks v1.0
This new command-line utility lists the hard links associated with a specified file.
http://download.sysinternals.com/Files/SysinternalsSuite.zip
What's New What's New
What's New (September 20, 2011)
Autoruns v11
This update to Autoruns, a GUI and command-line tool that lists executables configured to run when you boot, logon or run common applications, adds a “jump to folder” command and several additional autostart locations. The command-line version, Autorunsc, adds a new switch to show file hashes and an option to display the autostart entries for all user accounts registered on a system.
Mark at BUILD: Introduction to Windows Azure, Inside Windows Azure
Mark’s highly-related BUILD sessions are now available for on-demand viewing. In Introduction to Windows Azure: The Cloud OS, Mark defines cloud computing, presents the different types and positions Windows Azure. Then he describes Windows Azure’s implementation of Platform-as-a-Service (PaaS), including how it makes it easy for developers to write highly-available, highly-scalable cloud applications. In Inside Windows Azure: The Cloud OS, Mark goes deeper than ever before to show Microsoft’s datacenter architecture and explain the steps Windows Azure follows to deploy and runs cloud applications. He concludes by revealing how the Windows Azure team develops and operates Windows Azure.
What's New (September 1, 2011)
Coreinfo v3
Coreinfo is a command-line utility that reports detailed information about processor cores and topology, including cache sizes, core-to-socket mappings and NUMA memory latencies. It now shows the processor features supported by the system's processors. For example, Coreinfo will show if the processor supports hardware-assisted virtualization and advanced virtualization features like Second Level Address Translation.
What's New (August 16, 2011)
ProcDump v4.0
This update for ProcDump, a trigger-based process dump capture utility, enables you to control the contents of the dump with your own minidump callback DLL and adds a new switch, -w, that has ProcDump wait for a specified process to start.
Mark’s Blog: The Case of the Hung Game Launcher
Read Mark’s latest blog post where he uses the Sysinternals utilities to solve a problem he ran into one Sunday morning when trying to play a computer game.
Zero Day Malware Cleaning with the Sysinternals Tools
Mark has posted the slides from the highly-attended and well received Blackhat 2011 Workshop he delivered last week, Zero Day Malware Cleaning with the Sysinternals Tools, which demonstrates how to use the Sysinternals tools to hunt down and eliminate malware.
http://download.sysinternals.com/Files/SysinternalsSuite.zip
What's New (May 14, 2012)
Autoruns v11.3
This update to Autoruns, a utility that shows the executables, drivers, and DLLs configured to autostart, adds several new autostart locations, sets a file association for its log file extension, reports the target of Rundll32 and other host executables, and fixes several bugs.
LiveKd v5.2
LiveKd, a command-line utility for performing live read-only debugging of the local system and virtual machines, now includes an option that has it generate a fully-consistent kernel dump file of a running system.
Strings v2.5
Strings, a command-line utility that dumps a file’s printable UNICODE and ASCII strings, adds an option to specify the starting offset in the file from where it will scan for strings.
Trojan Horse, Mark’s Sequel to Zero Day, Available for Pre-Order
The sequel to Mark’s popular cyberthriller Zero Day is now available for pre-order. Check out the video trailer, learn more about Jeff Aiken’s fight against cyber-espionage on a global scale, and preorder your hard cover or ebook copy today at the Trojan Horse web site.
What's New (April 16, 2012)
Windows Internals 6th Edition, Part 1
We’re excited to announce that Part 1 of Windows Internals, 6th Edition, is now available for order in hard copy and multiple ebook formats. This edition, like previous ones, makes heavy use of the Sysinternals tools to demonstrate key concepts. It covers Windows 7 and Windows Server 2008 R2 and the amount of new material required splitting the book into two volumes (Part 2 will be available soon). The first volume includes system concepts; architecture overview; system mechanisms; management mechanisms; processes, threads and jobs; security; and networking.
Testlimit v5.2
Testlimit, a demonstration tool used in the Windows Internals books to illustrate resource usage concepts, has minor enhancements including filling memory that it allocates with an identifiable string.
Notmyfault
Notmyfault is a tool used in the Windows Internals books to show how common device driver bugs affect a system. This update includes numerous enhancements contributed by Dan Pearson, including new crash types, a revamped user interface, and it reports of the amount of pool it has leaked.
Mark’s Webcasts - Zero Day: A Non-Fiction View
Mark makes the case for how his hit cyberthriller, Zero Day, is likely to be realized in non-fiction form in this 20-minute short version of his popular RSA Conference session
What's New (March 23, 2012)
Process Monitor v3.0
This update to Process Monitor, a real-time file, registry, process and network monitor, adds bookmark support so that you can flag specific lines in a trace for easy reference later. Shortcut keys enable you to move quickly between bookmarks and you can even add bookmarks to existing trace files. You can also convert a highlight filter to an include filter and shortcut keys move between highlighted lines. Finally, process Monitor now records process environment variables and current working directory for process create events (thanks to Dmitri Davydok for his contribution) and displays the names of new Windows 8 file system control codes.
What's New (Febuary 16, 2012)
DebugView v4.78
This update to DebugView, a utility for capturing and logging user-mode and kernel-mode debug output messages, can now capture output generated by Metro applications on Windows 8.
LiveKd v5.1
LiveKd, a utility for leveraging kernel debuggers to analyze live physical systems or Hyper-V virtual machines, now supports newer Intel processors that implement the XSAVE instruction.
What's New (January 12, 2012)
CoreInfo v3.03
Coreinfo, a command-line utility that dumps information about a system’s CPU topology and capabilities, now reports the presence of TSC (timestamp counter) Invariant support.
Process Explorer v15.12
This update to Process Explorer makes the search dialog asynchronous and reports the types of found items. It also fixes several bugs, including showing a small font when run after an older version, a bug in the restart-process functionality, working set columns not showing data, and again shows information about service processes when run from an unprivileged user account.
Mark’s Blog: The Case of My Mom’s Broken Microsoft Security Essentials Installation
Mark goes deep with the Sysinternals tools to fix a corrupt installation of MSE on his mom’s PC over the holidays.
Mark to Speak at RSA 2012
Mark will be speaking at the RSA Conference 2012 in San Francisco at the end of February in two sessions. He’ll be interviewed in the conference’s new Author’s Studio track about his novel Zero Day, joining luminaries such as Mark Bowden (Worm and Blackhawk Down) and Bruce Schneier (Applied Cryptography). In his second session, he’ll present Zero Day: A Non-Fiction View, where he’ll explore the feasibility and risk of an attack like the one he presents in Zero Day.
What's New (December 5, 2011)
Disk Usage (DU) v1.4
This update to DU, a command line utility for analyzing the disk space consumed by directories, adds a CSV output option, accounts for the file system cluster size in its on-disk size calculations, and includes alternate data streams.
Process Explorer v15.1
This update of Process Explorer, a Task Manager replacement, adds support for new Windows 8 features by giving the processes hosting immersive applications a distinct highlight color, shows immersive application package names in process tooltips and as a new process view column, lists AppContainer and capability SIDs in the process security properties, and updates the GPU support to be compatible with Windows 8. Other enhancements include GPU memory counters with more descriptive labels, display of the logon session ID on the security properties, and reporting of suspended processes as suspended in the CPU usage column.
Mark’s Blog: Case of the Installer Service Error
Follow along with Mark in another of his popular ‘Case of the Unexplained’ troubleshooting examples where he retraces the steps of a network administrator that used Process Monitor to figure out why the Windows Intune installer failed on one of his systems and goes on to fix the problem.
What's New (November 10, 2011)
Autoruns v11.1
This update to Autoruns adds several new autostart locations, reports the active filter in the status bar, and highlights unsigned images and those with no company name or description to make them easy to spot.
Microsoft Security Intelligence Report v11
Microsoft’s regular report on the state of malware covering January through June of 2011 is out and includes a primer by Mark on using the Sysinternals tools to identify and clean malware.
What's New What's New
What's New (October 17, 2012)
Desktops v2.0
Desktops, a virtual desktop utility for Windows that lets you create up to three additional workspaces, is now compatible with Windows 8, properly supporting Winkey hotkey sequences (like Winkey+R to bring up the Run dialog) on alternate desktops and switching back to the primary desktop’s start screen when you hit Winkey.
Livekd v5.3
LiveKd, a command-line utility that enables you to use the Windows kernel debuggers to examine live systems as well as virtual machines, now supports Windows 8.
Coreinfo v3.1
This update to Coreinfo, a command line utility that reports detailed information about a system’s processor topology, CPU features, and cache topology, fixes a bug affecting the calculation of NUMA node costs and adds support for several more processor features, including RDRAND, LAHF/SAHF, Prefetchw and Intel Speedstep.
What's New (October 3, 2012)
Mark Talks Sysinternals History on Defrag Tools
Defrag Tools, a Channel 9 series that features diagnostic and troubleshooting utilities including Sysinternals tools, invited Mark on to talk about how Sysinternals started, the evolution of the tools and how Mark decides when to add features and write new tools.
Windows Internals 6th Edition, Part 2 Published
Part 2 of Windows Internals 6th Edition, is now available. The 6th edition covers kernel and system changes in Windows 7 and Windows Server 2008 R2 and adds 250 pages of expanded feature coverage and hand-on experiments.
PsPing v1.0
PsPing is a new Sysinternals PsTools command-line utility for measuring network performance. In addition to standard ICMP ping functionality, it can report the latency of connecting to TCP ports, the latency of TCP round-trip communication between systems, and the TCP bandwidth available to a connection between systems. Besides obtaining min, max, and average values in 0.01ms resolution, you can also use PsPing to generate histograms of the results that are easy to import into spreadsheets.
What's New (September 10, 2012)
Mark Publishes New Technothriller: Trojan Horse
Mark’s sequel to his popular debut technothriller Zero Day is now available in ebook and hard cover. Watch the video trailer and read the reviews on Mark’s website.
ProcDump v5.0
Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and exceptions. Version 5.0 is a major upgrade that adds the ability to configure exception filters based on managed and native exception types, extends support to Windows 8 modern applications, and integrates with Process Monitor’s debug output logging.
Sigcheck v1.8
This update to Sigcheck, a command-line file version and digital signature verification utility, shows detailed certificate information such as certificate usage, validity dates, and thumbprints, and also shows a file’s counter-signing chain if it has one.
What's New (August 2, 2012)
AccessChk v5.1
This update to AccessChk, a command-line utility that shows the security settings and effective access on many object types, including registry keys and files, now reports Windows 8 claims and capabilities, shows the token of processes running as local system, lists security descriptor flags, and checks for remote interactive logon rights.
Whois v1.1
Whois is a command-line utility that looks up domain name registration information. This release fixes a bug that could cause an infinite loop and a command-line option, -v, that prints verbose information about domain registration referrals.
What's New (July 16, 2012)
Mark’s Blog: The Case of the Veeerrry Slow Logons
Mark’s latest troubleshooting blog post documents how he used Process Monitor to fix a problem with slow logons he started experiencing while travelling at the TechEd North America conference.
ZoomIt v4.3
This update to ZoomIt, a screen magnification and annotation utility, adds an option that enables you to configure it to automatically start when you login.
What's New (June 28, 2012)
RAMMap v1.2
This release to RAMMap, a utility that displays a detailed map of a system’s physical memory usage, now supports systems with more than 16GB of RAM, Windows 8, and includes keyboard navigation improvements.
What's New (June 25, 2012)
Channel 9: Mark Russinovich: On Windows Azure IaaS, Sysinternals, Cybersecurity, Trojan Horse
Mark joins Channel 9 for an impromptu conversation about what he's been up to lately. Topics include the newly added Windows Azure Infrastructure as a Service (IaaS) support (as part of the Windows Azure June 2012 Release), virtual machines, software security, Sysinternals and Mark's soon-to-be released sequel to Zero Day, Trojan Horse.
Mark’s TechEd North America Presentations
Check out Mark’s top-rated sessions from TechEd North America, now available for on-demand viewing, including the always-popular Case of the Unexplained, Malware Hunting with the Sysinternals Tools, Windows Azure Virtual Machines and Virtual Networking, and Windows Azure Internals.
What's New (June 6, 2012)
Process Explorer v15.2
This major update to Process Explorer, a Task Manager replacement, merges Autoruns functionality by adding a new Autostart Location column and property to the process and DLL views that indicates where an image is configured to automatically start or load. It also adds .NET stack walking support to the thread stack dialog, adds a process timeline column that graphically depicts a process’s lifetime relative other processes, and uses the Windows 8 private ETW logger which enables better coexistence with other ETW-based tools.
http://download.sysinternals.com/files/SysinternalsSuite.zip
What's New (March 21, 2013)
Autoruns v11.5
This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved to navigate directly to files rather than their parent directory.
Registry Usage (RU) v1.0
Ru (Registry Usage) is a new command-line utility that reports the size, value and subkey counts of registry keys. Like its Sysinternals Du (Disk Usage) counterpart, Ru can help you find the keys that contribute to registry bloat.
What's New (February 5, 2013)
Process Explorer v15.3
This major Process Explorer release includes heat-map display for process CPU, private bytes, working set and GPU columns, sortable security groups in the process properties security page, and tooltip reporting of tasks executing in Windows 8 Taskhostex processes. It also creates dump files that match the bitness of the target process and works around a bug introduced in Windows 8 disk counter reporting.
What's New (January 24, 2013)
Procdump v5.13
This update to Procdump, a command-line utility that generates on-demand and trigger-based process crash dump files, now supports triggers for when process CPU usage, memory consumption or arbitrary performance counters fall below a specified value.
Sigcheck v1.9
Sigcheck, a command-line file-version and signature verification tool, now reports certificate publisher names, capitalizes hash values, and fixes a certificate chain validation bug.
What's New (January 11, 2013)
Mark’s Blog: Hunting Down and Killing Ransomware
In Mark’s latest post he takes you behind the scenes of the current ransomware scourge, showing examples of how they try and coerce users to paying, explaining how they work and detailing how you can use Sysinternals tools to clean them from an infected system.
Autoruns v11.4
Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug.
What's New (December 4, 2012)
ZoomIt v4.41
This update to ZoomIt, a screen magnification and annotation utility, includes smoother zooming behavior, adds the ability to specify the initial zoom level, and maintains the window focus when initiating live zooming.
What's New (November15, 2012)
Contig v1.7
Contig is a command-line file defragmentation and fragmentation analysis utility. v1.7 has more detailed fragmentation analysis reporting, fixes a bug that enables creation of contiguous files larger than 8GB, and adds support for setting the valid data length on files to avoid zero-fill overhead.
CoreInfo v3.2
Coreinfo, a command-line utility that dumps processor topology and feature support, now reports the presence of many additional features, including SMAP, RDSEED, BMI1, ADX, HLE, RTM, and INVPCID.
ProcDump v5.1
This major update to Procdump, a command-line utility for creating process crash dump files based on triggers or on-demand, adds support for Silverlight applications and the ability to register Procdump as the just-in-time (JIT) debugger for more advanced scenarios.
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.