Skip to main content
Sign in
Home Learn Downloads Community

Windows Sysinternals

The Sysinternals web site was created in 1996 by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications.

Get up to speed fast!

Utilities

Additional Resources

Top 10 Downloads

Sysinternals Live

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/<toolname> or  \\live.sysinternals.com\tools\<toolname>.

You can view the entire Sysinternals Live tools directory in a browser at http://live.sysinternals.com.

What's New What's New

What's New (August 1, 2013)

  • Autoruns V11.70
    This release of Autoruns, a powerful utility for scanning and disabling autostart code, adds a new option to have it show only per-user locations, something that is useful when analyzing the autostarts of different accounts than the one that Autoruns is running under.
  • Process Explorer v15.40
    Process Explorer, a Task Manager replacement, now shows WMI providers hosted in Wmiprvse processes (thanks to Mohamed Elghetany for contributions); includes an option that configures it to automatically run when you logon; and introduces a process view column that shows process DPI awareness support on Windows 8.1 systems.

What's New (June 20, 2013)

  • Mark’s TechEd Sessions Available On-Demand
    Mark delivered four top-rated sessions at Microsoft’s TechEd US conference two weeks ago, and the recordings are available now for on-demand viewing. In Windows Azure Infrastructure Services, he gives an overview of the deployment and operation of Virtual Machines and Virtual Networks; in Windows Azure Internals Mark goes under the hood of Windows Azure to show its physical and logical datacenter architecture and operation; in Case of the Unexplained you’ll see how to use the Sysinternals tools to solve impossible problems; and in Malware Hunting with the Sysinternals Tools you’ll learn how to use Sysinternals tools to identify and clean malware infestations.
  • Zoomit v4.5
    Zoomit is a screen zooming and annotation tool for technical presentations, and this release introduces better support for zooming in on Windows 8 Windows Store applications.

What's New (June 4, 2013)

  • Autoruns v11.6
    Autoruns is a utility for enumerating and disabling executables and DLLs configured to activate in dozens of autostart registration points.  This update fixes some minor bugs and adds Authenticode SHA1 and SHA256 hash reporting to Autorunsc output.
  • Sigcheck v1.92
    Sigcheck is a command-line utility for reporting image version and signature information.  With this update, Sigcheck now includes support for Authenticode SHA256 hashes, which is the same hash type used to identify images by AppLocker.

What's New (May 16, 2013)

  • ProcDump v6.0
    Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and exceptions. Version 6.0 is a major upgrade that adds the ability to specify multiple filters, attach to a process by service name, and display/filter-on the message text of a CLR or JScript exception.

What's New (March 21, 2013)

  • Autoruns v11.5
    This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved to navigate directly to files rather than their parent directory.
  • Registry Usage (RU) v1.0
    Ru (Registry Usage) is a new command-line utility that reports the size, value and subkey counts of registry keys. Like its Sysinternals Du (Disk Usage) counterpart, Ru can help you find the keys that contribute to registry bloat.

What's New (February 5, 2013)

  • Process Explorer v15.3
    This major Process Explorer release includes heat-map display for process CPU, private bytes, working set and GPU columns, sortable security groups in the process properties security page, and tooltip reporting of tasks executing in Windows 8 Taskhostex processes. It also creates dump files that match the bitness of the target process and works around a bug introduced in Windows 8 disk counter reporting.

What's New (January 24, 2013)

  • Procdump v5.13
    This update to Procdump, a command-line utility that generates on-demand and trigger-based process crash dump files, now supports triggers for when process CPU usage, memory consumption or arbitrary performance counters fall below a specified value.
  • Sigcheck v1.9
    Sigcheck, a command-line file-version and signature verification tool, now reports certificate publisher names, capitalizes hash values, and fixes a certificate chain validation bug.

What's New (January 11, 2013)

  • Mark’s Blog: Hunting Down and Killing Ransomware
    In Mark’s latest post he takes you behind the scenes of the current ransomware scourge, showing examples of how they try and coerce users to paying, explaining how they work and detailing how you can use Sysinternals tools to clean them from an infected system.
  • Autoruns v11.4
    Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug.

Featured Sysinternal Videos Featured Sysinternal Videos

More Sysinternals Videos >

© 2013 Microsoft