Windows Sysinternals

The Sysinternals web site was created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications.

• Read the official guide to the Sysinternals tools, Troubleshooting with the Windows Sysinternals Tools
• Watch Mark’s top-rated Case-of-the-Unexplained troubleshooting presentations and other webcasts
• Read Mark’s Blog which highlight use of the tools to solve real problems
• Check out the Sysinternals Learning Resources page
• Post your questions in the Sysinternals Forum

Sysinternals Live

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as live.sysinternals.com/<toolname> or \\live.sysinternals.com\tools\<toolname>.

You can view the entire Sysinternals Live tools directory in a browser at https://live.sysinternals.com/.

What's New

What's New (May 16, 2017)

• ProcDump v9.0
  This major update to ProcDump, a utility that enables process dump capture based on a variety of triggers, introduces the ability to take capture multiple dumps sizes. This is particularly useful when capturing crash dumps of applications susceptible to termination due to unresponsiveness (e.g. IIS Ping killing w3wp.exe). This release also adds support for an associated Kernel Dump of the process that includes the kernel stacks of the process.

What's New (February 17, 2017)

• Sysmon v6
  This release of Sysmon, a background monitor that records activity to the event log for use in security incident detection and forensics, introduces an option that displays event schema, adds an event for Sysmon configuration changes, interprets and displays registry paths in their common format, and adds named pipe create and connection events (thanks to Giulia Biagini for the contribution). Check out the related presentation from Mark’s RSA Conference, “How to Go From Responding to Hunting with Sysinternals Sysmon.”
• Autoruns v13.7
  Autoruns, an autostart entry point management utility, now reports print providers, registrations in the WMI\Default namespace, fixes a KnownDLLs enumeration bug, and has improved toolbar usability on high-DPI displays.
• AccessChk v6.1
  This update to AccessChk, a command-line utility that shows effective and actual permissions for file, registry, service, process object manager, and event logs, now reports Windows 10 process trust access control entries and token security attributes.

What's New (November 28, 2016)

• Announcing a new book, Troubleshooting with the Windows Sysinternals Tools
  Become a Windows troubleshooting master and get the most out of the Sysinternals tools. Completely updated and expanded, this book by Sysinternals co-creator Mark Russinovich and Windows expert Aaaron Margosis covers all the tools, with full chapters on the major tools like Process Explorer, Process Monitor, Autoruns, and has 45 “case of the unexplained…” examples of the tools solving real-world problems.