Sysinternals Freeware - Mark Russinovich & Bryce Cogswell

Last Updated: March 7, 2006

The Sysinternals web site provides you with advanced utilities, technical information, and source code related to Windows NT/2000/XP/2K3 and Windows 9x, Windows Me internals that you won't find anywhere else. Mark Russinovich and Bryce Cogswell alone write and update everything here. We welcome all suggestions and comments. Before you enter, please read our Licensing terms.

Events

Mark to Speak at Microsoft TechEd 2006
Mark is copresenting a preconference tutorial on advanced malware cleaning at TechEd US in Boston on June 11. In addition, he's delivering breakout sessions on topics including Vista kernel changes, troubleshooting with Filemon and Regmon, analyzing Windows crashes and hangs, Vista security changes, and advanced malware cleaning techniques.

Hands-on Windows Internals and Advanced Troubleshooting: 2006
London : June 26-30, San Francisco : September 18-22, Austin : December 11-15
Join Mark Russinovich and Dave Solomon for a 5-day hands-on seminar that takes you deep inside Windows with the Windows kernel debugger and Sysinternals tools like Process Explorer, Filemon and Regmon.

Understanding Malware: Viruses, Spyware and Rootkits: on-demand webcast
Mark Russinovich gives an introduction to malware and manual cleaning techniques in one of the top-10 rated of all Microsoft webcasts.

What's New

RSS 2.0

Mark's Blog

Check out Mark's most recent blog entry: Running as Limited User - the Easy Way

March 7

Autoruns v8.5
This new Autoruns release adds scanning of LSA security, notification, and authentication providers as well as Explorer protocol handlers and extensions.

March 2

The Sysinternals Newsletter
Another issue of the Sysinternals newsletter has gone out to update you on what's going on at Sysinternals.

February 22

Mark to Speak at Microsoft TechEd 2006
Mark is copresenting a preconference tutorial on advanced malware cleaning at TechEd US in Boston on June 12. In addition, he's delivering breakout sessions on topics including Vista kernel changes, troubleshooting with Filemon and Regmon, analyzing Windows crashes and hangs, Vista security changes, and advanced malware cleaning techniques.

February 14

Sysinternals Licensing Update
The Sysinternals freeware license page now explains scenarios under which a paid commercial license is required for use.

February 7

Process Explorer v10.06
This major Process Explorer update has an extensive list of new features and enhancements aimed at usability and malware hunting. Just some of the examples include Runas and Run As Limited User commands, process restart, column sets, enhanced process tooltips for service-hosting and Rundll32 processes, working set breakdown columns, and DLL image verification and packed-image detection.

February 2

RootkitRevealer v1.7
This new RootkitRevealer release includes more sophisticated rootkit counter-measures, scanning of all Registry hives including user profiles, and numerous bug fixes.

January 13

RegDelNull v1.1
In response to the use of such keys by malware, RegDelNull can now unlock and delete keys that not only have embedded nulls, but that also have security permissions that make them otherwise inaccessible.

Sigcheck v1.3
Sigcheck, a powerful command-line file version information and signature verification tool, now includes a new flag that has it only show a file's version number.

PsExec v1.7
This PsExec update includes a new -l switch for use by administrative accounts to run processes with limited-user account privileges. Run a low-rights Internet Explorer before IE 7 comes out simply by creating a shortcut to launch it with the switch.

December 30

Sony Settles
The Sony rootkit story Mark broke on Halloween in his blog has taken a major step forward.

Austin American-Statesman Profiles Mark
The major Austin daily ran a feature on Mark in the business section yesterday.

Blog Index
Check out all of Mark's blog postings on one page.

December 7

Autoruns v8.43
This update fixes several bugs and adds on-demand signature verification for individual items.

RootkitRevealer v1.6
This version runs from Windows XP remote desktop sessions, includes a number of bug fixes and reduces the number of false positive descrepancies.

PowerTools: PsLoglist
Check out the December issue of Windows IT Pro Magazine for Mark's column where he tells you how to get the most out of PsLoglist (subscription required).

Inside Sony's Rootkit
Mark dives into the technical details of Sony's rootkit implementation in the December issue of Virus Bulletin, the magazine for professional anti-malware researchers (subscription required).

November 28

Autoruns v8.42
This version of Autoruns adds enumeration of kernel-mode drivers, yet another attack vector being used by malware.

RegDelNull v1.01
Use this new applet to find and delete Registry keys that are "undeleteable" by standard Registry-editing utilities because they have embedded null characters in their names.

Four Sysinternals Tools Picked as Pricelessware 2006
Filemon, Regmon, Process Explorer and Autoruns have been picked as the "best of the best" by alt.comp.freeware newsgroup participants.


What's New Continued...

Sponsored By: New Winternals Adminstrator's Pak 5.0