Update: Sigcheck v2.5, Process Explorer v16.11, Whois v1.13, RAMMap v1.5

Sigcheck v2.5This update to Sigcheck, a command-line utility that reports detailed information about images, including their signatures and VirusTotal status, as well as certificate stores, now reports all the signatures of images that have multiple signers. Sysmon v3.21This update fixes a paged pool leak of token objects when image logging is enabled.  Process Explorer v16.11This…

Update: Autoruns v13.5, Sigcheck v2.3, RAMMap v1.4, BgInfo v4.21, Sysmon v3.11, ADInsight v1.2

Autoruns v13.5This update to Autoruns, the most comprehensive autostart viewer and manager available for Windows, now shows 32-bit Office addins and font drivers, and enables resubmission of known images to Virus Total for a new scan. Sigcheck v2.30Sigcheck, a command-line utility for displaying detailed file version information, image signing status, catalog and certificate store contents,…

Updates: RAMMap v1.32, Sigcheck v2.01

RAMMap v1.32: This fixes a bug in v1.30 that caused RAMMap to fail on Windows 8. Sigcheck v2.01: This update fixes a bug in the handling of the -u option that sometimes resulted in Sigcheck reporting signed files.


Update: RAMMap v1.31

RAMMap v1.31: This update fixes a bug in v1.30 that caused RAMMap to fail on Windows 8.


Updates: PsExec v2.0, RAMMap v1.3, Sigcheck v2.0

PsExec v2.0: PsExec, a popular utility for executing processes on remote systems, introduces a new option, -r, that specifies the name PsExec assigns to its remote service. This can improve performance when multiple users are interacting concurrently with a system, since each will have a dedicated PsExec service. RAMMap v1.3: RAMMap, a graphical utility that…


Updates: Accesschk v5.11, Procdump v6.0, RAMMap v1.22, Strings v2.51

AccessChk v5.11: AccessChk, a command line utility fordumping the effective permissions and security descriptors for files, registrykeys, processes, tokens, object manager objects, now prefixes Windows 8application container SIDs with the word “Package”, and includes several minor bug fixes. Procdump v6.0: Procdump is an advanced utility forcapturing process memory dumps based on a variety of triggers…


Updates: Handle v3.5, Process Explorer v15.22, Process Monitor v3.03, RAMMap v1.21, ZoomIt v4.3

Handle v3.5: This update to Handle, a command-line utility that lists open handles, uses the most recent Process Explorer driver so that it now resolves system process handles and types. Process Explorer v15.22: This release addresses a bug that caused Process Explorer to crash when viewing .NET thread stacks of 64-bit Windows XP and 64-bit…


Updates: Autoruns v11.32, Process Explorer v15.21, Process Monitor v3.02, PSKill v1.15, RAMMap v1.2

Autoruns v11.32: This update fixes a bug that prevented Autoruns from correctly elevating when the Run as Administrator option is selected. Process Explorer v15.21: This update fixes a bug related to the autostart functionality introduced in v15.2, a tooltip display bug, and a bug that prevented display of kernel stacks. Process Monitor v3.02: This release…


Updates: VMMap v3.1, RAMMap v1.11, Handle v3.46, Process Explorer v14.12 and Mark’s Blog: Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 3

? VMMap v3.1: VMMap, a process virtual and physical memory analyzer, now shows the ASLR status of images and reports “unusable” virtual memory regions. RAMMap v1.11: This update to RAMMap, a system memory usage analyzer, adds command-line options for loading files and exporting scans, creates a file association and fixes several bugs. Handle v3.46: This update…


Updates: RAMMap v1.1, ADExplorer v1.4, Autologon v3.0 | Mark’s Talks from TechEd US 2010 are now online

RAMMap v1.1: This update to RAMMap, a memory analysis utility for Windows Vista and Windows 7, adds the ability to purge working sets and memory manager paging lists. This can be useful for measuring the memory usage of applications after they’ve started or when specific features are exercised. ADExplorer v1.40: ADExplorer, an Active Directory editor,…