Last Updated: March 7, 2006
The Sysinternals web site provides you with advanced utilities, technical information, and source code related to Windows NT/2000/XP/2K3 and Windows 9x, Windows Me internals that you won't find anywhere else. Mark Russinovich and Bryce Cogswell alone write and update everything here. We welcome all suggestions and comments. Before you enter, please read our Licensing terms.
Mark to Speak at Microsoft TechEd 2006
Mark is copresenting a preconference tutorial on advanced malware cleaning at TechEd US in Boston on June 11. In addition, he's delivering breakout sessions on topics including Vista kernel changes, troubleshooting with Filemon and Regmon, analyzing Windows crashes and hangs, Vista security changes, and advanced malware cleaning techniques.
Hands-on Windows Internals and Advanced Troubleshooting: 2006
London : June 26-30, San Francisco : September 18-22, Austin : December 11-15
Join Mark Russinovich and Dave Solomon for a 5-day hands-on seminar that takes you deep inside Windows with the Windows kernel debugger and Sysinternals tools like Process Explorer, Filemon and Regmon.
Understanding Malware: Viruses, Spyware and Rootkits: on-demand webcast
Mark Russinovich gives an introduction to malware and manual cleaning techniques in one of the top-10 rated of all Microsoft webcasts.
Check out Mark's most recent blog entry: Running as Limited User - the Easy Way
This new Autoruns release adds scanning of LSA security, notification, and authentication providers as well as Explorer protocol handlers and extensions.
The Sysinternals Newsletter
Another issue of the Sysinternals newsletter has gone out to update you on what's going on at Sysinternals.
Mark to Speak at Microsoft TechEd 2006
Mark is copresenting a preconference tutorial on advanced malware cleaning at TechEd US in Boston on June 12. In addition, he's delivering breakout sessions on topics including Vista kernel changes, troubleshooting with Filemon and Regmon, analyzing Windows crashes and hangs, Vista security changes, and advanced malware cleaning techniques.
Sysinternals Licensing Update
The Sysinternals freeware license page now explains scenarios under which a paid commercial license is required for use.
Process Explorer v10.06
This major Process Explorer update has an extensive list of new features and enhancements aimed at usability and malware hunting. Just some of the examples include Runas and Run As Limited User commands, process restart, column sets, enhanced process tooltips for service-hosting and Rundll32 processes, working set breakdown columns, and DLL image verification and packed-image detection.
This new RootkitRevealer release includes more sophisticated rootkit counter-measures, scanning of all Registry hives including user profiles, and numerous bug fixes.
In response to the use of such keys by malware, RegDelNull can now unlock and delete keys that not only have embedded nulls, but that also have security permissions that make them otherwise inaccessible.
Sigcheck, a powerful command-line file version information and signature verification tool, now includes a new flag that has it only show a file's version number.
This PsExec update includes a new -l switch for use by administrative accounts to run processes with limited-user account privileges. Run a low-rights Internet Explorer before IE 7 comes out simply by creating a shortcut to launch it with the switch.
The Sony rootkit story Mark broke on Halloween in his blog has taken a major step forward.
Austin American-Statesman Profiles Mark
The major Austin daily ran a feature on Mark in the business section yesterday.
Check out all of Mark's blog postings on one page.
This update fixes several bugs and adds on-demand signature verification for individual items.
This version runs from Windows XP remote desktop sessions, includes a number of bug fixes and reduces the number of false positive descrepancies.
Inside Sony's Rootkit
Mark dives into the technical details of Sony's rootkit implementation in the December issue of Virus Bulletin, the magazine for professional anti-malware researchers (subscription required).
This version of Autoruns adds enumeration of kernel-mode drivers, yet another attack vector being used by malware.
Use this new applet to find and delete Registry keys that are "undeleteable" by standard Registry-editing utilities because they have embedded null characters in their names.
Four Sysinternals Tools Picked as Pricelessware 2006
Filemon, Regmon, Process Explorer and Autoruns have been picked as the "best of the best" by alt.comp.freeware newsgroup participants.