Sysinternals icon

The Sysinternals web site was created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows and Linux systems and applications.

Sysinternals Live

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as<toolname> or  \\\tools\<toolname>.

You can view the entire Sysinternals Live tools directory in a browser at

What's New RSS icon

What's New (March 9, 2023)

  • Sysmon 1.1 for Linux
    This update to Sysmon for Linux, an advanced host monitoring tool, adds support for a wider range of distributions (e.g., RHEL) by leveraging BTF enabled kernels.

What's New (December 12, 2022)

  • ProcDump 1.4 for Linux
    This update to ProcDump for Linux adds the capability to generate dumps when specified exceptions occur in a .NET process.

What's New (November 3, 2022)

  • ProcDump v11.0
    This update to ProcDump, a command-line utility for generating memory dumps from running processes, adds ModuleLoad/Unload and Thread Create/Exit triggers, removes Internet Explorer JavaScript support, and improves descriptive text messages.

  • ProcDump 1.3 for Linux
    This update to ProcDump for Linux changes the CLI interface to match ProcDump for Windows, and adds a new process group trigger (-pgid) to allow monitoring all processes running in the same process group.

What's New (October 26, 2022)

  • Process Explorer v17.0
    This update to Process Explorer, an advanced process, DLL and handle viewing utility, adds dark theme support, multipane view in the main window with a new threads pane, startup performance optimization and more.

  • Handle v5.0
    This update to Handle, a tool that displays information about open handles for any process in the system, adds CSV output with a new -v switch and has an option to print the granted access mask with -g.

What's New (October 12, 2022)

  • ZoomIt v6.1
    This update to ZoomIt, a screen magnification and annotation tool, adds right-justified text input, an option to scale the screen recordings resolution, and usability fixes.

What's New (September 29, 2022)

  • Sysmon v14.1
    This update to Sysmon, an advanced host monitoring tool, adds a new event type, FileBlockShredding that prevents wiping tools such as Sysinternals SDelete from corrupting and deleting files.

  • Coreinfo v3.6
    This update to Coreinfo, a utility that reports system CPU, memory and cache topology and information, now has an option (-d) for measuring inter-CPU latencies in nanoseconds.