Update: Sysmon v3.1, LogonSessions v1.3, VMMap v3.21

Sysmon v3.1This update to Sysmon, a background service that logs security-relevant process and network activity to the Windows event log, adds information about the thread initialization function for CreateRemoteThread events, including the DLL and function name and address. It also changes the format of timestamps to allow for simple string sorting and fixes several bugs….

Update: AccessChk v6.0, Autoruns v13.4, Process Monitor v3.2, VMMap v3.2

AccessChk v6.0This update to AccessChk, a command-line utility that shows effective and actual permissions for registry keys, files, services, kernel objects, and more, can now show the permissions and security descriptors assigned to event logs, and incorporates owner-rights accesses in its permissions evaluations. Autoruns v13.4Autoruns, the most comprehensive utility available for showing what executables, DLLs,…

Updates: AccessChk v5.2; PsExec v2.11; Sigcheck v2.1; VMMap v3.12

AccessChk v5.2: This release of AccessChk, a security command-line utility that reports the effective access and permissions of files, registry keys, processes, and more, adds support for file and printer shares. In addition, it adds filtering options for viewing accesses related to specified accounts and now includes the System Access Control List (SACL) when it…


Updates: Autoruns v11.34, ProcDump v5.0, Sigcheck v1.8, VMMap v3.11

Autoruns v11.34: This release of Autoruns fixes a bug that caused it to not show some Internet Explorer extensions. ProcDump v5.0: Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and exceptions. Version 5.0 is a major upgrade that adds…


Updates: VMMap v3.1, RAMMap v1.11, Handle v3.46, Process Explorer v14.12 and Mark’s Blog: Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 3

? VMMap v3.1: VMMap, a process virtual and physical memory analyzer, now shows the ASLR status of images and reports “unusable” virtual memory regions. RAMMap v1.11: This update to RAMMap, a system memory usage analyzer, adds command-line options for loading files and exporting scans, creates a file association and fixes several bugs. Handle v3.46: This update…


Updates: Process Explorer v14.1, VMMap v3.03, ProcDump v3.03, and Zero Day is now Available!

Zero Day is Now Available! Mark’s first novel, a cyberthriller called Zero Day, is now available for order. If you like Sysinternals tools, Mark’s Case of the Unexplained blog posts, Michael Crichton and Tom Clancy, you’re sure to like Zero Day. Process Explorer v14.1: This update to Process Explorer introduces cycle-based CPU usage on Windows 7,…


Updates: VMMap v3.02, WinObj v2.22 and an Interview – Mark on Channel 9 Cloud Cover

Mark on Channel 9 Cloud Cover: Check out the most recent Cloud Cover episode, where Mark is the guest and he talks about the Windows Azure fabric controller, cyber terrorism and his novel, Zero Day. VMMap v3.02: This release fixes several bugs. WinObj v2.22: A number of bugs, including on affecting sorting, are fixed in…


Update: VMMap v3.01

VMMap v3.01: This release fixes a bug that caused tracing to fail on 32-bit Windows and a bug that prevented VMMap from running on 32-bit Windows XP.  


Update: VMMap v3.0

VMMap v3.0: This major update to VMMap, an advanced process memory-analysis utility, now shows locked virtual memory, records multiple memory snapshots, and has a timeline view that enables you to load older snapshots into the main view and compare any two snapshots from a given execution. In addition, you can now launch processes from VMMap…


Updates: Process Explorer v12, VMMap v2.62, DiskView v2.4

Process Explorer v12: This Process Explorer release includes several significant new features, including the showing the web hosted in IE8 processes in the process tooltip, display of a svchost’s service host category in its tooltip, mapping of service names to threads on the threads tab and TCP/IP tabs of the process properties dialog on Windows…