Windows Sysinternals

The Sysinternals web site was created in 1996 by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications.

Get up to speed fast!


Solution Accelerators

Microsoft Solution Accelerators are a collection of fully supported tools, scripts, models, and best practices to proactively plan, integrate, and operate IT systems.

Sysinternals Live

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/<toolname> or \\live.sysinternals.com\tools\<toolname>.

You can view the entire Sysinternals Live tools directory in a browser at http://live.sysinternals.com.

What's New What's New

What's New (May 18, 2011)

  • VMMap v3.1
    VMMap, a process virtual and physical memory analyzer, now shows the ASLR status of images and reports “unusable” virtual memory regions.
  • RAMMap v1.11
    This update to RAMMap, a system memory usage analyzer, adds command-line options for loading files and exporting scans, creates a file association and fixes several bugs
  • Mark’s Blog: Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 3
    Mark wraps up his three-part series that shows how Process Monitor, Process Explorer, Autoruns and VMMap provide a comprehensive overview of the infection steps and operation of the infamous Stuxnet virus.

What's New (May 3, 2011)

  • ZoomIt v4.2
    This update to ZoomIt, a screen magnification and annotation utility, now adjusts the drawing pen size when you enter drawing mode from live zoom to match the static zoom pen size.
  • Process Explorer v14.11
    Process Explorer v14.11 includes the ability to configure network and disk activity icons in the tray.
  • Mark Live: Zero Day Malware Cleaning with the Sysinternals Tools
    Join Mark on Saturday, July 23 live or via webcast for a deep dive into key Sysinternals tools, including Process Explorer, Process Monitor and Autoruns, that focuses on their features and functionality useful for malware analysis and cleaning.

What's New (April 19, 2011)

  • Mark’s Tech·Ed North America Session Schedule Posted
    Mark is delivering four sessions at Tech·Ed North America in Atlanta next month, including one on Windows Azure internals, a two-part advanced session on Windows memory management internals, and a closing session that’s a new delivery of his always popular Case of the Unexplained troubleshooting talk.

What's New (April 13, 2011)

  • Process Monitor v2.95
    This update to Process Monitor reports the write-through flag on file I/O, shows DLL version information on the process page of the event properties dialog, automatically launches the correct version of Process Monitor to match the bitness (32 or 64) of a logfile, and fixes several bugs.
  • Mark’s Blog: Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1
    Mark’s latest blog post demonstrates the malware analysis capabilities of the Sysinternals tools on an infection of the infamous Stuxnet virus.
  • Mark Hosts the Windows Intune Technology Tune-up
    Tune into this recorded webcast of Mark and a panel of IT professionals and representatives of the Windows Intune team as they discuss the challenges of managing PCs and the ways that Windows Intune can help.

What's New (March 15, 2011)

  • Zero Day is Now Available!
    Mark’s first novel, a cyberthriller called Zero Day, is now available for order. If you like Sysinternals tools, Mark’s Case of the Unexplained blog posts, Michael Crichton and Tom Clancy, you’re sure to like Zero Day.
  • Process Explorer v14.1
    This update to Process Explorer introduces cycle-based CPU usage on Windows 7, shows usage for processes that consume less than 0.01% CPU, shows thread ideal processors on Windows 7, and adds the ability to remote control and connect to other logon sessions.
  • VMMap v3.03
    This release to VMMap, a process memory analysis utility, adds a count of free blocks and fixes bugs that prevented the 32-bit process fragmentation view from showing on 64-bit Windows.

Featured Sysinternal Videos Featured Sysinternal Videos

More Sysinternals Videos >