Sysinternals

The Sysinternals web site was created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows and Linux systems and applications.

• Read the official guide to the Sysinternals tools, Troubleshooting with the Windows Sysinternals Tools
• Read the Sysinternals Blog for a detailed change feed of tool updates
• Watch Mark's Sysinternals Update videos on YouTube
• Watch Mark’s top-rated Case-of-the-Unexplained troubleshooting presentations and other webcasts
• Read Mark’s Blog which highlight use of the tools to solve real problems
• Check out the Sysinternals Learning Resources page
• Post your questions in the Sysinternals Forum

---

Sysinternals Live

Sysinternals Live is a service that enables you to run Sysinternals tools directly from the Web without manually downloading them.

Enter a tool's Sysinternals Live path in Windows Explorer as live.sysinternals.com/<toolname> or \\live.sysinternals.com\tools\<toolname>. In a command prompt use \\live.sysinternals.com\tools\<toolname>.

You can view the entire Sysinternals Live tools directory in a browser or Windows Explorer at https://live.sysinternals.com/.

What's New

What's New (December 7, 2023)

• ProcDump 3.0 for Linux
  This update to ProcDump for Linux adds memory leak tracking and reporting.

What's New (November 9, 2023)

• Sysmon v15.1
  This update to Sysmon improves file hash and delete performance, adds a summary message on events dropped due to high system load, fixes a crash during uninstall, and fixes a system hang.

• ZoomIt v7.2
  This update to ZoomIt adds translucent highlighter and blur to draw mode, microphone selection for recording, and copies the recorded file to the clipboard.

What's New (October 18, 2023)

• VMMap v3.4
  This update to VMMap, a virtual and physical memory analysis utility, adds support for .NET 6 and higher, including .NET 8 preview.

What's New (September 29, 2023)

• ProcDump 2.2 for Linux
  This update to ProcDump for Linux adds support for Azure Linux and fixes a couple of memory leaks.

• Sysmon 1.3 for Linux This update to Sysmon for Linux fixes a bug with rule case matching.

What's New (July 26, 2023)

• ZoomIt v7.1
  This update to ZoomIt adds audio capture to screen recording.

• ProcDump 2.0 for Linux
  ProcDump for Linux, a flexible tool for manual and trigger-based process dump generation, receives two new .NET GC triggers (-gcm and -gcgen) and updates the existing memory trigger to allow for multiple thresholds.

What's New (June 27, 2023)

• Sysmon v15.0
  This update to Sysmon, an advanced host security monitoring tool, sets the service to run as a protected process, hardening it against tampering, adds a new event, FileExecutableDetected, for when new executable images are saved to files, and fixes a system hang occurring in certain situations due to an interaction between network and file system events.

What's New (May 24, 2023)

• ZoomIt v7.0
  This update to ZoomIt, a screen magnification and annotation tool, adds the ability to screen record cropped regions or a specific window, and lets you snip regions of the screen or zoomed views to the clipboard or to a file in a single gesture.