Sysinternals

TechEd On-Demand Webcast: Windows Hang and Crash Dump Analysis

Tue, 11 Jul 2006 19:40:40 -0500

Watch the recording of Mark's top-rated TechEd session in this free webcast from Microsoft TechNet. Learn to analyze Microsoft Windows crash dumps, diagnose the cause, pinpoint a solution, and resolve the problem. Intended for system administrators, this webcast explains how system crashes occur and what happens when you reboot a crashed system. Mark leads you through the crash dump analysis process step by step, introducing the latest tools from Microsoft and handy tricks for isolating the cause of a crash.

PsExec v1.72

Mon, 10 Jul 2006 14:51:26 -0500

You can launch windows on the Winlogon desktop with the new PsExec -x switch.

Process Explorer v10.2

Mon, 10 Jul 2006 14:47:15 -0500

This release targets Windows Vista with new integrity level and virtualized columns as well as a signed driver for 64-bit Vista for x64 processors.

ZoomIt v1.15

Mon, 10 Jul 2006 14:48:34 -0500

ZoomIt v1.15 fixes a multimonitor drawing bug.

Autoruns v8.53

Mon, 10 Jul 2006 14:47:38 -0500

This update fixes issues related to malformed Registry entries and listview drawing flicker during scans.

Strings v2.3

Mon, 10 Jul 2006 14:49:30 -0500

A new option has Strings print the offsets within a file at which strings are located.

ZoomIt v1.13

Tue, 27 Jun 2006 01:36:11 -0500

This update fixes a bug in 1.12 and adds a Draw item to the tray icon's context menu.

ZoomIt v1.12

Fri, 23 Jun 2006 09:21:39 -0500

This ZoomIt update now bounds the drawing cursor so that you can't lose track of it off the screen and includes new context menu entries and mouse behaviors so that its fully controllable with just a mouse.

Autoruns v8.52

Fri, 23 Jun 2006 09:21:20 -0500

Autoruns now includes an autostart location that's used by malware to hijack the desktop background.

Apple Hi-Res Screen Dump

Fri, 23 Jun 2006 09:21:06 -0500

Mark's first magazine article, one he published in Compute! in 1985 that describes a program he wrote to dump Apple ][ hi-resolution screen contents to Epson printers, is now on line!

The Sysinternals Video Library

Mon, 12 Jun 2006 05:19:49 -0500

We're pleased to announce The Sysinternals Video Library, a set of six DVDs that cover essential Windows troubleshooting topics. Each video is personally presented by Mark Russinovich and David Solomon. The complete set is available for pre-order at a discounted price and the first video, Tour of the Sysinternals Tools, is free for download.

RootkitRevealer Top 100 Products of 2006

Mon, 12 Jun 2006 05:20:14 -0500

RootkitRevealer has earned a spot in PC World's top 100 products of the year (it might be #100, but its still in)! We're honored to be in the company of products like the Xbox 360 and the iPod.

London Seminar Registration Reopened!

Tue, 6 Jun 2006 17:17:39 -0500

We've found a larger venue and so have reopened registration for our upcoming Windows Internals and Advanced Troubleshooting seminar in London June 26-30. Sign up now before we sell out again!

AccessChk v2.0

Tue, 6 Jun 2006 17:17:15 -0500

AccessChk now has an option to dump security descriptors and also has support for showing and filtering Vista object Integrity Levels

Handle v3.2

Tue, 6 Jun 2006 17:16:57 -0500

This Handle update includes an option for not prompting on handle closes and also reports the sharing flags configured for open files.

Windows Hang and Crash Dump Analysis Live Webcast

Tue, 6 Jun 2006 17:16:26 -0500

Process Explorer v10.11

Thu, 11 May 2006 15:30:51 -0500

Through support from HP, Process Explorer is now available on 64-bit Windows for Itanium-based systems to support increased market demand. In addition, this release adds I/O counter columns and process statistics, system-wide and per-process I/O history graphs, memory and I/O minigraphs, service permissions editing, and support for Vista process cycle counters.

AccessChk v1.0

Tue, 18 Apr 2006 12:38:59 -0500

This new security utility shows you what accesses that a user or group you specify has to files, Registry keys or Windows services.

ZoomIt v1.1

Tue, 18 Apr 2006 12:39:17 -0500

As a result of more field testing ZoomIt now includes a break timer hotkey and tweaks to its drawing behavior.

PsService v2.2

Sun, 9 Apr 2006 08:00:00 -0500

PsService now includes an option to dump service security descriptors.

Autoruns v8.51

Sun, 9 Apr 2006 08:00:00 -0500

This Autoruns update fixes bugs related to malformed paths.

DebugView v4.6

Mon, 10 Apr 2006 08:00:00 -0500

This DebugView release adds support for WIndows Vista and fixes a buffer overflow that could occur when the option to force carriage returns is off.

ZoomIt v1.0

Mon, 27 Mar 2006 09:09:24 -0500

ZoomIt is a presentation tool that let's you zoom the screen and move around, draw on a zoomed image, and display a fullscreen break countdown timer. Mark wrote it specifically for use during his presentations.

PsShutdown v2.51

Mon, 27 Mar 2006 09:09:46 -0500

This update fixes a bug that affected the use of the -v switch.

PsLoggedOn v1.22

Mon, 27 Mar 2006 09:10:25 -0500

A formatting bug caused by the -x switch is fixed in this release.

Contig v1.53

Mon, 27 Mar 2006 09:11:59 -0500

This version fixes filename wildcard parsing bugs.

PsExec v1.71

Tue, 7 Mar 2006 15:47:13 -0500

This version fixed a bug that sometimes caused the PsExec client to hang after running multiple times in quick succession.

Autoruns v8.5

Tue, 7 Mar 2006 15:46:57 -0500

This new Autoruns release adds scanning of LSA security, notification, and authentication providers as well as Explorer protocol handlers and extensions.

Mark to Speak at Microsoft TechEd 2006

Thu, 23 Feb 2006 05:59:53 -0500

Mark is copresenting a preconference tutorial on advanced malware cleaning at TechEd US in Boston on June 11. In addition, he's delivering breakout sessions on topics including Vista kernel changes, troubleshooting with Filemon and Regmon, analyzing Windows crashes and hangs, Vista security changes, and advanced malware cleaning techniques.

Process Explorer v10.06

Thu, 23 Feb 2006 05:57:33 -0500

This update includes a number of minor bug fixes (after the 10.0 release I quickly learned that people run Process Explorer with a vast array of diverse configurations).

Process Explorer v10.02

Wed, 8 Feb 2006 15:00:47 -0500

This major Process Explorer update has an extensive list of new features and enhancements aimed at usability and malware hunting. Just some of the examples include Runas and Run As Limited User commands, process restart, column sets, enhanced process tooltips for service-hosting and Rundll32 processes, working set breakdown columns, and DLL image verification and packed-image detection.

RootkitRevealer v1.7

Thu, 2 Feb 2006 13:53:45 -0500

This new RootkitRevealer release includes more sophisticated rootkit counter-measures, scanning of all Registry hives including user profiles, and numerous bug fixes.

Regdelnull v1.1

Fri, 13 Jan 2006 17:42:25 -0500

In response to the use of such keys by malware, RegDelNull can now unlock and delete keys that not only have embedded nulls, but that also have security permissions that make them otherwise inaccessible.

Sigcheck v1.3

Fri, 13 Jan 2006 17:41:57 -0500

Sigcheck, a powerful command-line file version information and signature verification tool, now includes a new flag that has it only show a file's version number.

PsExec v1.7

Fri, 13 Jan 2006 17:41:34 -0500

This PsExec update includes a new -l switch for use by administrative accounts to run processes with limited-user account privileges. Run a low-rights Internet Explorer before IE 7 comes out simply by creating a shortcut to launch it with the switch.

Autoruns v8.43

Wed, 7 Dec 2005 15:40:11 -0500

This update fixes several bugs and adds on-demand signature verification for individual items.

RootkitRevealer v1.6

Wed, 7 Dec 2005 15:39:54 -0500

This version runs from Windows XP remote desktop sessions, includes a number of bug fixes and reduces the number of false positive descrepancies.

PowerTools: PsLoglist

Wed, 7 Dec 2005 15:39:42 -0500

Check out the December issue of Windows IT Pro Magazine for Mark's column where he tells you how to get the most out of PsLoglist (subscription required).

Inside Sony's Rootkit

Wed, 7 Dec 2005 15:39:05 -0500

Mark dives into the technical details of Sony's rootkit implementation in the December issue of Virus Bulletin, the magazine for professional anti-malware researchers (subscription required).

Four Sysinternals Tools Picked as Pricelessware 2006

Mon, 28 Nov 2005 17:24:51 -0500

Filemon, Regmon, Process Explorer and Autoruns have been picked as the "best of the best" by alt.comp.freeware newsgroup participants.

RegDelNull v1.0

Mon, 28 Nov 2005 17:24:31 -0500

Use this new applet to find and delete Registry keys that are "undeleteable" by standard Registry-editing utilities because they have embedded null characters in their names.