Sysinternals

The Sysinternals web site was created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows and Linux systems and applications.

• Read the official guide to the Sysinternals tools, Troubleshooting with the Windows Sysinternals Tools
• Read the Sysinternals Blog for a detailed change feed of tool updates
• Watch Mark's Sysinternals Update videos on YouTube
• Watch Mark’s top-rated Case-of-the-Unexplained troubleshooting presentations and other webcasts
• Read Mark’s Blog which highlight use of the tools to solve real problems
• Check out the Sysinternals Learning Resources page
• Post your questions in the Sysinternals Forum

---

Sysinternals Live

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as live.sysinternals.com/<toolname> or  \\live.sysinternals.com\tools\<toolname>.

You can view the entire Sysinternals Live tools directory in a browser at https://live.sysinternals.com/.

What's New

What's New (March 9, 2023)

• Sysmon 1.1 for Linux
  This update to Sysmon for Linux, an advanced host monitoring tool, adds support for a wider range of distributions (e.g., RHEL) by leveraging BTF enabled kernels.

What's New (December 12, 2022)

• ProcDump 1.4 for Linux
  This update to ProcDump for Linux adds the capability to generate dumps when specified exceptions occur in a .NET process.

What's New (November 3, 2022)

• ProcDump v11.0
  This update to ProcDump, a command-line utility for generating memory dumps from running processes, adds ModuleLoad/Unload and Thread Create/Exit triggers, removes Internet Explorer JavaScript support, and improves descriptive text messages.

• ProcDump 1.3 for Linux
  This update to ProcDump for Linux changes the CLI interface to match ProcDump for Windows, and adds a new process group trigger (-pgid) to allow monitoring all processes running in the same process group.

What's New (October 26, 2022)

• Process Explorer v17.0
  This update to Process Explorer, an advanced process, DLL and handle viewing utility, adds dark theme support, multipane view in the main window with a new threads pane, startup performance optimization and more.

• Handle v5.0
  This update to Handle, a tool that displays information about open handles for any process in the system, adds CSV output with a new -v switch and has an option to print the granted access mask with -g.

What's New (October 12, 2022)

• ZoomIt v6.1
  This update to ZoomIt, a screen magnification and annotation tool, adds right-justified text input, an option to scale the screen recordings resolution, and usability fixes.

What's New (September 29, 2022)

• Sysmon v14.1
  This update to Sysmon, an advanced host monitoring tool, adds a new event type, FileBlockShredding that prevents wiping tools such as Sysinternals SDelete from corrupting and deleting files.

• Coreinfo v3.6
  This update to Coreinfo, a utility that reports system CPU, memory and cache topology and information, now has an option (-d) for measuring inter-CPU latencies in nanoseconds.