Autoruns v13.93, Handle v4.21, Process Explorer v16.22, SDelete v2.02, Sigcheck v2.71, Sysmon v8.02 and VMMap v3.25

Autoruns 13.93 This Autoruns update fixes a bug that prevented UserInitMprLogonScript from being scanned and by-default enables HCKU scanning for the console version. Handle 4.21 This Handle release fixes a race condition that could cause a bluescreen. ProcessExplorer 16.22 This Process Explorer release fixes a race condition that could cause a bluescreen. Sdelete 2.02 SDelete…

Autoruns v13.81, Bginfo v4.23, Handle v4.11

Autoruns v13.81 This update to Autoruns fixes a Wow64 bug in Autorunsc that could cause 32-bit paths to result in ‘file not found’ errors, and expands the set of images not considered part of Windows for the Windows filter in order to reveal malicious files masquerading as Windows images. Bginfo v4.23 This update to Bginfo…


Updates: Handle v4.0. Procdump v7.01, Procexp v16.04, Regjump v1.02, Autoruns v12.03

Handle v4: Handle is a command-line utility that can show which processes have a handle to a file or other resource open, or show all open handles. Version 4 now works with standard-user rights, allowing standard users to identify the handles open by their processes.   ProcDump v7.01: This release fixes several bugs, including one…


Updates: Autoruns v11.41, Handle v3.51, Movefile v1.01, Procdump v5.13, Sigcheck v1.9

Autoruns v11.41: This Autoruns update reports the hosting image target of link shortcut references. Handle v3.51: This minor update to Handle, a command-line utility that dumps process handle tables, fixes a bug in its file share drive letter formatting. Movefile v1.01: Movefile, a utility for scheduling file delete and rename operations for when the system…


Updates: Handle v3.5, Process Explorer v15.22, Process Monitor v3.03, RAMMap v1.21, ZoomIt v4.3

Handle v3.5: This update to Handle, a command-line utility that lists open handles, uses the most recent Process Explorer driver so that it now resolves system process handles and types. Process Explorer v15.22: This release addresses a bug that caused Process Explorer to crash when viewing .NET thread stacks of 64-bit Windows XP and 64-bit…


Updates: VMMap v3.1, RAMMap v1.11, Handle v3.46, Process Explorer v14.12 and Mark’s Blog: Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 3

? VMMap v3.1: VMMap, a process virtual and physical memory analyzer, now shows the ASLR status of images and reports “unusable” virtual memory regions. RAMMap v1.11: This update to RAMMap, a system memory usage analyzer, adds command-line options for loading files and exporting scans, creates a file association and fixes several bugs. Handle v3.46: This update…


Update Handle v3.45

Handle v3.45: This release fixes a bug that could in some cases cause a system crash.


Update: Handle v3.44

Handle v3.44: This updates the driver to the newest version used by Process Explorer.


Updates: ListDLLs v3.0, Handle v3.43, and Process Monitor v2.94

ListDLLs v3.0: This update to ListDLLs, a command-line utility for listing the DLLs that processes have loaded, is compatible with 64-bit processes and includes a number of bug fixes. Handle v3.43: Handle is a command-line utility for displaying the kernel handles processes have open. V3.43 shows handle object types, includes improved error messages, displays volume…


Updates: Process Explorer v11.3, Handle v3.42 | A new Mark’s blog post | 2 New Mark’s webcasts: Case of the Unexplained and Inside Windows Server 2008 R2 Virtualization and VHD Improvements

Process Explorer v11.3: This update to Process Explorer includes numerous enhancements and bug fixes, including a physical memory history graph, options to configure memory tray icons, asyncronous thread symbol resolution and security ID lookup, dynamic recognition of new volume drive letters, multiple character matching in the process view, and a smaller memory footprint. Handle v3.42:…