Sysinternals Live

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/<toolname> or \\live.sysinternals.com\tools\<toolname>.

You can view the entire Sysinternals Live tools directory in a browser at http://live.sysinternals.com.

What's New

What's New (September 10, 2012)

• Mark Publishes New Technothriller: Trojan Horse
  Mark’s sequel to his popular debut technothriller Zero Day is now available in ebook and hard cover. Watch the video trailer and read the reviews on Mark’s website.
• ProcDump v5.0
  Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and exceptions. Version 5.0 is a major upgrade that adds the ability to configure exception filters based on managed and native exception types, extends support to Windows 8 modern applications, and integrates with Process Monitor’s debug output logging.
• Sigcheck v1.8
  This update to Sigcheck, a command-line file version and digital signature verification utility, shows detailed certificate information such as certificate usage, validity dates, and thumbprints, and also shows a file’s counter-signing chain if it has one.

What's New (August 2, 2012)

• AccessChk v5.1
  This update to AccessChk, a command-line utility that shows the security settings and effective access on many object types, including registry keys and files, now reports Windows 8 claims and capabilities, shows the token of processes running as local system, lists security descriptor flags, and checks for remote interactive logon rights.
• Whois v1.1
  Whois is a command-line utility that looks up domain name registration information. This release fixes a bug that could cause an infinite loop and a command-line option, -v, that prints verbose information about domain registration referrals.

What's New (July 16, 2012)

• Mark’s Blog: The Case of the Veeerrry Slow Logons
  Mark’s latest troubleshooting blog post documents how he used Process Monitor to fix a problem with slow logons he started experiencing while travelling at the TechEd North America conference.
• ZoomIt v4.3
  This update to ZoomIt, a screen magnification and annotation utility, adds an option that enables you to configure it to automatically start when you login.

What's New (June 28, 2012)

• RAMMap v1.2
  This release to RAMMap, a utility that displays a detailed map of a system’s physical memory usage, now supports systems with more than 16GB of RAM, Windows 8, and includes keyboard navigation improvements.

What's New (June 25, 2012)

• Channel 9: Mark Russinovich: On Windows Azure IaaS, Sysinternals, Cybersecurity, Trojan Horse
  Mark joins Channel 9 for an impromptu conversation about what he's been up to lately. Topics include the newly added Windows Azure Infrastructure as a Service (IaaS) support (as part of the Windows Azure June 2012 Release), virtual machines, software security, Sysinternals and Mark's soon-to-be released sequel to Zero Day, Trojan Horse.
• Mark’s TechEd North America Presentations
  Check out Mark’s top-rated sessions from TechEd North America, now available for on-demand viewing, including the always-popular Case of the Unexplained, Malware Hunting with the Sysinternals Tools, Windows Azure Virtual Machines and Virtual Networking, and Windows Azure Internals.

What's New (June 6, 2012)

• Process Explorer v15.2
  This major update to Process Explorer, a Task Manager replacement, merges Autoruns functionality by adding a new Autostart Location column and property to the process and DLL views that indicates where an image is configured to automatically start or load. It also adds .NET stack walking support to the thread stack dialog, adds a process timeline column that graphically depicts a process’s lifetime relative other processes, and uses the Windows 8 private ETW logger which enables better coexistence with other ETW-based tools.

• Introduction to Windows Azure: the cloud operating system
• Inside Windows Azure: the cloud operating system
• Channel 9: Troubleshooting Active Directory Issues with Windows
• Channel 9: Troubleshooting Windows SMB/SMB2 Issues
• TechNet Edge: Interview with Mark Russinovich: the future of Sysinternals, Security, Windows
• Channel 9: Mark Russinovich: Inside Windows 7
• Channel 9: Mark Russinovich: From Winternals to Microsoft, On Windows Security, Windows CoreArch
• Channel 9: Mark Russinovich: On Working at Microsoft, Windows Server 2008 Kernel, MinWin vs ServerCore, HyperV

More Sysinternals Videos >