I haven’t posted any updates on Sysinternals in quite some time, so here are the latest updates from Sysinternals. It’s nice to see that my favorite applications are being regularly updated ie. Process Explorer and Autoruns.

What’s New (February 5, 2013)

• Process Explorer v15.3
  This major Process Explorer release includes heat-map display for process CPU, private bytes, working set and GPU columns, sortable security groups in the process properties security page, and tooltip reporting of tasks executing in Windows 8 Taskhostex processes. It also creates dump files that match the bitness of the target process and works around a bug introduced in Windows 8 disk counter reporting.

What’s New (January 24, 2013)

• Procdump v5.13
  This update to Procdump, a command-line utility that generates on-demand and trigger-based process crash dump files, now supports triggers for when process CPU usage, memory consumption or arbitrary performance counters fall below a specified value.
• Sigcheck v1.9
  Sigcheck, a command-line file-version and signature verification tool, now reports certificate publisher names, capitalizes hash values, and fixes a certificate chain validation bug.

What’s New (January 11, 2013)

• Mark’s Blog: Hunting Down and Killing Ransomware
  In Mark’s latest post he takes you behind the scenes of the current ransomware scourge, showing examples of how they try and coerce users to paying, explaining how they work and detailing how you can use Sysinternals tools to clean them from an infected system.
• Autoruns v11.4
  Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug.

Remember that these guys didn’t always work for Microsoft, they had process explorer and other applications way back in the day, and since then it had matured to the point where the authors were hired by Microsoft. If you have used task manager in Windows 8, it looks quite similar to Process Explorer.

Autoruns v1.1
This update to Autoruns, a GUI and command-line tool that lists executables configured to run when you boot, logon or run common applications, adds a “jump to folder” command and several additional autostart locations. The command-line version, Autorunsc, adds a new switch to show file hashes and an option to display the autostart entries for all user accounts registered on a system.

As well as an Introduction to Windows Azure.

Mark at BUILD: Introduction to Windows Azure, Inside Windows Azure
Mark’s highly-related BUILD sessions are now available for on-demand viewing. In Introduction to Windows Azure: The Cloud OS, Mark defines cloud computing, presents the different types and positions Windows Azure. Then he describes Windows Azure’s implementation of Platform-as-a-Service (PaaS), including how it makes it easy for developers to write highly-available, highly-scalable cloud applications. In Inside Windows Azure: The Cloud OS, Mark goes deeper than ever before to show Microsoft’s datacenter architecture and explain the steps Windows Azure follows to deploy and runs cloud applications. He concludes by revealing how the Windows Azure team develops and operates Windows Azure.

Check them out here. You can also download each and every application of the sysinternals suite from here.

ProcDump v2.0

This major update to ProcDump, a tool that captures process dumps based on process CPU usage, memory consumption, and other behaviors, can now be configured to generate dumps based on the values of system performance counters.

Process Monitor v2.92

This update adds a toolbar button that makes the process tree dialog more accessible. In order to make it easy to zoom in on a particular time range in a trace, it also introduces two quick-filter context menu items that enable you to filter out events before or after a selected event.

Mark’s Blog: The Compound Case of the Outlook Hangs

Mark’s latest blog post comes directly from Microsoft support services and highlights the use of a relatively new Sysinternals tool to troubleshoot two issues causing long Outlook hangs.

TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.

Download the application here also read about it in greater detail. If you want to check out the whole suite, go here, downloads and details are all  there.

-NS

Run it from live.sysinternals.com

Insert from Sysinternals

Disk2vhd is a utility that creates VHD (Virtual Hard Disk – Microsoft’s Virtual Machine disk format) versions of physical disks for use in Microsoft Virtual PC or Microsoft Hyper-V virtual machines (VMs). The difference between Disk2vhd and other physical-to-virtual tools is that you can run Disk2vhd on a system that’s online. Disk2vhd uses Windows’ Volume Snapshot capability, introduced in Windows XP, to create consistent point-in-time snapshots of the volumes you want to include in a conversion. You can even have Disk2vhd create the VHDs on local volumes, even ones being converted (though performance is better when the VHD is on a disk different than ones being converted).

Process Monitor v2.7
This update to Process Monitor, a system monitoring utility, adds a new option to the process tree dialog that direct it to show just the timeline for displayed events, uses kernel-based thread profiling on Vista and higher for better performance, and includes a number of minor fixes and enhancements.

ProcDump v1.5
ProcDump now includes a new switch that enables the creation of a process dump upon process termination, which can help with troubleshooting unexpected process termination. It also fixes a bug where the -ma switch wouldn’t generate a full dump when combined with -r , the Windows 7-specific process reflection switch.

If you want to download these apps go to the Systinternals Live Site or go here for the whole updated package.

Posted in August that is Definitely worth a read.

Mark’s Blog: The Case of the Temporary Registry Profiles
In the latest post in Mark’s “Case of the Unexplained” series, he documents a perplexing case affecting many Microsoft and Citrix customers that Microsoft Customer Support Services solved with the use of Process Monitor’s boot logging and stack trace features.