Sigcheck 2.70, BgInfo v4.26, and VMMap v3.22

Sigcheck v2.70 Windows WinVerifyTrust function reports signed MSI files that have malware appended to them as signed, so Sigcheck now indicates when appended content is present. BgInfo v4.26 BgInfo now honors AppLocker scripting policy. VMMap v3.22 This release of VMMap fixes bugs that excluded copy-on-write pages from the private bytes total and that double counted…

Bginfo v4.25

Bginfo v4.25 This release fixes a bug introduced in v4.20 that caused Bginfo to read ASCII text files incorrectly.

Bginfo v4.24

Bginfo v4.24 This update to Bginfo fixes reported regressions in v4.23 and is compatible with all .bgi files except those created by v4.23.


Autoruns v13.81, Bginfo v4.23, Handle v4.11

Autoruns v13.81 This update to Autoruns fixes a Wow64 bug in Autorunsc that could cause 32-bit paths to result in ‘file not found’ errors, and expands the set of images not considered part of Windows for the Windows filter in order to reveal malicious files masquerading as Windows images. Bginfo v4.23 This update to Bginfo…


Sysinternals Update: ProcDump v9, Autoruns v13.71, BgInfo v4.22, LiveKd v5.62, Process Monitor v3.33, Process Explorer v16.21

ProcDump v9 This major update to ProcDump, a utility that enables process dump capture based on a variety of triggers, introduces the ability to take capture multiple dumps sizes. This is particularly useful when capturing crash dumps of applications susceptible to termination due to unresponsiveness (e.g. IIS Ping killing w3wp.exe). This release also adds support…

Update: Autoruns v13.5, Sigcheck v2.3, RAMMap v1.4, BgInfo v4.21, Sysmon v3.11, ADInsight v1.2

Autoruns v13.5This update to Autoruns, the most comprehensive autostart viewer and manager available for Windows, now shows 32-bit Office addins and font drivers, and enables resubmission of known images to Virus Total for a new scan. Sigcheck v2.30Sigcheck, a command-line utility for displaying detailed file version information, image signing status, catalog and certificate store contents,…

Autoruns v11.70, Bginfo v4.20, Disk2vhd v1.64, Process Explorer v15.40

Autoruns v11.70: This release of Autoruns, a powerful utility for scanning and disabling autostart code, adds a new option to have it show only per-user locations, something that is useful when analyzing the autostarts of different accounts than the one thatAutoruns is running under. Bginfo v4.20: BgInfo, a utility that creates custom desktop backgrounds that…


Updates: LiveKd v3.1, BgInfo v4.16, ProcDump v1.6, Autoruns v9.55 | New Marks Blog Post: Pushing the Limits of Windows: Handles | New video: Mark Talks About Windows 7 and Windows Server 2008 R2 at Intel Developer Forum

Mark’s Blog: Pushing the Limits of Windows: Handles: Mark’s latest post in his Pushing the Limits of Windows series goes inside the limits that affect handle usage. He explains the role of handles, describes how the system manages them, and shows you how to identify and debug handle leaks.   Mark Talks About Windows 7…


Updates: Autoruns v9.4, BgInfo v4.15, ZoomIt v3.03 | New Mark’s Blog post: Pushing the Limits of Windows: Paged and Nonpaged Pool

Autoruns v9.4: This Autoruns update shows manual start Windows services, fixes a bug that affected the display of autostart locations that could include multiple startup registrations, and fixes a bug in the Jump To functionality on 64-bit Windows. BgInfo v4.15: Bginfo now supports access to 64-bit registry keys in custom fields, fixes a bug with…


Updates: ZoomIt v2.10, Process Monitor v1.34, BgInfo v4.13

ZoomIt v2.10: Includes a zoom-out effect when you exit zoom mode and enables you to specify a background bitmap for the break timer. Process Monitor v1.34: This update adds the ability to filter on result values.BgInfo v4.13: Now displays correct version information for Windows Server 2008.