Sysinternals Live

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/<toolname> or \\live.sysinternals.com\tools\<toolname>.

You can view the entire Sysinternals Live tools directory in a browser at http://live.sysinternals.com.

What's New

What's New (April 16, 2012)

• Windows Internals 6th Edition, Part 1
  We’re excited to announce that Part 1 of Windows Internals, 6th Edition, is now available for order in hard copy and multiple ebook formats. This edition, like previous ones, makes heavy use of the Sysinternals tools to demonstrate key concepts. It covers Windows 7 and Windows Server 2008 R2 and the amount of new material required splitting the book into two volumes (Part 2 will be available soon). The first volume includes system concepts; architecture overview; system mechanisms; management mechanisms; processes, threads and jobs; security; and networking.
• Testlimit v5.2
  Testlimit, a demonstration tool used in the Windows Internals books to illustrate resource usage concepts, has minor enhancements including filling memory that it allocates with an identifiable string.
• Notmyfault
  Notmyfault is a tool used in the Windows Internals books to show how common device driver bugs affect a system. This update includes numerous enhancements contributed by Dan Pearson, including new crash types, a revamped user interface, and it reports of the amount of pool it has leaked.
• Mark’s Webcasts - Zero Day: A Non-Fiction View
  Mark makes the case for how his hit cyberthriller, Zero Day, is likely to be realized in non-fiction form in this 20-minute short version of his popular RSA Conference session

What's New (March 23, 2012)

• Process Monitor v3.0
  This update to Process Monitor, a real-time file, registry, process and network monitor, adds bookmark support so that you can flag specific lines in a trace for easy reference later. Shortcut keys enable you to move quickly between bookmarks and you can even add bookmarks to existing trace files. You can also convert a highlight filter to an include filter and shortcut keys move between highlighted lines. Finally, process Monitor now records process environment variables and current working directory for process create events (thanks to Dmitri Davydok for his contribution) and displays the names of new Windows 8 file system control codes.

What's New (Febuary 16, 2012)

• DebugView v4.78
  This update to DebugView, a utility for capturing and logging user-mode and kernel-mode debug output messages, can now capture output generated by Metro applications on Windows 8.
• LiveKd v5.1
  LiveKd, a utility for leveraging kernel debuggers to analyze live physical systems or Hyper-V virtual machines, now supports newer Intel processors that implement the XSAVE instruction.

What's New (January 12, 2012)

• CoreInfo v3.03
  Coreinfo, a command-line utility that dumps information about a system’s CPU topology and capabilities, now reports the presence of TSC (timestamp counter) Invariant support.
• Process Explorer v15.12
  This update to Process Explorer makes the search dialog asynchronous and reports the types of found items. It also fixes several bugs, including showing a small font when run after an older version, a bug in the restart-process functionality, working set columns not showing data, and again shows information about service processes when run from an unprivileged user account.
• Mark’s Blog: The Case of My Mom’s Broken Microsoft Security Essentials Installation
  Mark goes deep with the Sysinternals tools to fix a corrupt installation of MSE on his mom’s PC over the holidays.
• Mark to Speak at RSA 2012
  Mark will be speaking at the RSA Conference 2012 in San Francisco at the end of February in two sessions. He’ll be interviewed in the conference’s new Author’s Studio track about his novel Zero Day, joining luminaries such as Mark Bowden (Worm and Blackhawk Down) and Bruce Schneier (Applied Cryptography). In his second session, he’ll present Zero Day: A Non-Fiction View, where he’ll explore the feasibility and risk of an attack like the one he presents in Zero Day.

What's New (December 5, 2011)

• Disk Usage (DU) v1.4
  This update to DU, a command line utility for analyzing the disk space consumed by directories, adds a CSV output option, accounts for the file system cluster size in its on-disk size calculations, and includes alternate data streams.
• Process Explorer v15.1
  This update of Process Explorer, a Task Manager replacement, adds support for new Windows 8 features by giving the processes hosting immersive applications a distinct highlight color, shows immersive application package names in process tooltips and as a new process view column, lists AppContainer and capability SIDs in the process security properties, and updates the GPU support to be compatible with Windows 8. Other enhancements include GPU memory counters with more descriptive labels, display of the logon session ID on the security properties, and reporting of suspended processes as suspended in the CPU usage column.
• Mark’s Blog: Case of the Installer Service Error
  Follow along with Mark in another of his popular ‘Case of the Unexplained’ troubleshooting examples where he retraces the steps of a network administrator that used Process Monitor to figure out why the Windows Intune installer failed on one of his systems and goes on to fix the problem.

What's New (November 10, 2011)

• Autoruns v11.1
  This update to Autoruns adds several new autostart locations, reports the active filter in the status bar, and highlights unsigned images and those with no company name or description to make them easy to spot.
• Microsoft Security Intelligence Report v11
  Microsoft’s regular report on the state of malware covering January through June of 2011 is out and includes a primer by Mark on using the Sysinternals tools to identify and clean malware.

• Introduction to Windows Azure: the cloud operating system
• Inside Windows Azure: the cloud operating system
• Channel 9: Troubleshooting Active Directory Issues with Windows
• Channel 9: Troubleshooting Windows SMB/SMB2 Issues
• TechNet Edge: Interview with Mark Russinovich: the future of Sysinternals, Security, Windows
• Channel 9: Mark Russinovich: Inside Windows 7
• Channel 9: Mark Russinovich: From Winternals to Microsoft, On Windows Security, Windows CoreArch
• Channel 9: Mark Russinovich: On Working at Microsoft, Windows Server 2008 Kernel, MinWin vs ServerCore, HyperV

More Sysinternals Videos >