Sysinternals Live

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/<toolname> or \\live.sysinternals.com\tools\<toolname>.

You can view the entire Sysinternals Live tools directory in a browser at http://live.sysinternals.com.

What's New

What's New (July 16, 2012)

• Mark’s Blog: The Case of the Veeerrry Slow Logons
  Mark’s latest troubleshooting blog post documents how he used Process Monitor to fix a problem with slow logons he started experiencing while travelling at the TechEd North America conference.
• ZoomIt v4.3
  This update to ZoomIt, a screen magnification and annotation utility, adds an option that enables you to configure it to automatically start when you login.

What's New (June 28, 2012)

• RAMMap v1.2
  This release to RAMMap, a utility that displays a detailed map of a system’s physical memory usage, now supports systems with more than 16GB of RAM, Windows 8, and includes keyboard navigation improvements.

What's New (June 25, 2012)

• Channel 9: Mark Russinovich: On Windows Azure IaaS, Sysinternals, Cybersecurity, Trojan Horse
  Mark joins Channel 9 for an impromptu conversation about what he's been up to lately. Topics include the newly added Windows Azure Infrastructure as a Service (IaaS) support (as part of the Windows Azure June 2012 Release), virtual machines, software security, Sysinternals and Mark's soon-to-be released sequel to Zero Day, Trojan Horse.
• Mark’s TechEd North America Presentations
  Check out Mark’s top-rated sessions from TechEd North America, now available for on-demand viewing, including the always-popular Case of the Unexplained, Malware Hunting with the Sysinternals Tools, Windows Azure Virtual Machines and Virtual Networking, and Windows Azure Internals.

What's New (June 6, 2012)

• Process Explorer v15.2
  This major update to Process Explorer, a Task Manager replacement, merges Autoruns functionality by adding a new Autostart Location column and property to the process and DLL views that indicates where an image is configured to automatically start or load. It also adds .NET stack walking support to the thread stack dialog, adds a process timeline column that graphically depicts a process’s lifetime relative other processes, and uses the Windows 8 private ETW logger which enables better coexistence with other ETW-based tools.

What's New (May 14, 2012)

• Autoruns v11.3
  This update to Autoruns, a utility that shows the executables, drivers, and DLLs configured to autostart, adds several new autostart locations, sets a file association for its log file extension, reports the target of Rundll32 and other host executables, and fixes several bugs.
• LiveKd v5.2
  LiveKd, a command-line utility for performing live read-only debugging of the local system and virtual machines, now includes an option that has it generate a fully-consistent kernel dump file of a running system.
• Strings v2.5
  Strings, a command-line utility that dumps a file’s printable UNICODE and ASCII strings, adds an option to specify the starting offset in the file from where it will scan for strings.
• Trojan Horse, Mark’s Sequel to Zero Day, Available for Pre-Order
  The sequel to Mark’s popular cyberthriller Zero Day is now available for pre-order. Check out the video trailer, learn more about Jeff Aiken’s fight against cyber-espionage on a global scale, and preorder your hard cover or ebook copy today at the Trojan Horse web site.

What's New (April 16, 2012)

• Windows Internals 6th Edition, Part 1
  We’re excited to announce that Part 1 of Windows Internals, 6th Edition, is now available for order in hard copy and multiple ebook formats. This edition, like previous ones, makes heavy use of the Sysinternals tools to demonstrate key concepts. It covers Windows 7 and Windows Server 2008 R2 and the amount of new material required splitting the book into two volumes (Part 2 will be available soon). The first volume includes system concepts; architecture overview; system mechanisms; management mechanisms; processes, threads and jobs; security; and networking.
• Testlimit v5.2
  Testlimit, a demonstration tool used in the Windows Internals books to illustrate resource usage concepts, has minor enhancements including filling memory that it allocates with an identifiable string.
• Notmyfault
  Notmyfault is a tool used in the Windows Internals books to show how common device driver bugs affect a system. This update includes numerous enhancements contributed by Dan Pearson, including new crash types, a revamped user interface, and it reports of the amount of pool it has leaked.
• Mark’s Webcasts - Zero Day: A Non-Fiction View
  Mark makes the case for how his hit cyberthriller, Zero Day, is likely to be realized in non-fiction form in this 20-minute short version of his popular RSA Conference session

What's New (March 23, 2012)

• Process Monitor v3.0
  This update to Process Monitor, a real-time file, registry, process and network monitor, adds bookmark support so that you can flag specific lines in a trace for easy reference later. Shortcut keys enable you to move quickly between bookmarks and you can even add bookmarks to existing trace files. You can also convert a highlight filter to an include filter and shortcut keys move between highlighted lines. Finally, process Monitor now records process environment variables and current working directory for process create events (thanks to Dmitri Davydok for his contribution) and displays the names of new Windows 8 file system control codes.

What's New (Febuary 16, 2012)

• DebugView v4.78
  This update to DebugView, a utility for capturing and logging user-mode and kernel-mode debug output messages, can now capture output generated by Metro applications on Windows 8.
• LiveKd v5.1
  LiveKd, a utility for leveraging kernel debuggers to analyze live physical systems or Hyper-V virtual machines, now supports newer Intel processors that implement the XSAVE instruction.

What's New (January 12, 2012)

• CoreInfo v3.03
  Coreinfo, a command-line utility that dumps information about a system’s CPU topology and capabilities, now reports the presence of TSC (timestamp counter) Invariant support.
• Process Explorer v15.12
  This update to Process Explorer makes the search dialog asynchronous and reports the types of found items. It also fixes several bugs, including showing a small font when run after an older version, a bug in the restart-process functionality, working set columns not showing data, and again shows information about service processes when run from an unprivileged user account.
• Mark’s Blog: The Case of My Mom’s Broken Microsoft Security Essentials Installation
  Mark goes deep with the Sysinternals tools to fix a corrupt installation of MSE on his mom’s PC over the holidays.
• Mark to Speak at RSA 2012
  Mark will be speaking at the RSA Conference 2012 in San Francisco at the end of February in two sessions. He’ll be interviewed in the conference’s new Author’s Studio track about his novel Zero Day, joining luminaries such as Mark Bowden (Worm and Blackhawk Down) and Bruce Schneier (Applied Cryptography). In his second session, he’ll present Zero Day: A Non-Fiction View, where he’ll explore the feasibility and risk of an attack like the one he presents in Zero Day.

• Introduction to Windows Azure: the cloud operating system
• Inside Windows Azure: the cloud operating system
• Channel 9: Troubleshooting Active Directory Issues with Windows
• Channel 9: Troubleshooting Windows SMB/SMB2 Issues
• TechNet Edge: Interview with Mark Russinovich: the future of Sysinternals, Security, Windows
• Channel 9: Mark Russinovich: Inside Windows 7
• Channel 9: Mark Russinovich: From Winternals to Microsoft, On Windows Security, Windows CoreArch
• Channel 9: Mark Russinovich: On Working at Microsoft, Windows Server 2008 Kernel, MinWin vs ServerCore, HyperV

More Sysinternals Videos >