Sysinternals

The Sysinternals web site was created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows and Linux systems and applications.

• Read the official guide to the Sysinternals tools, Troubleshooting with the Windows Sysinternals Tools
• Read the Sysinternals Blog for a detailed change feed of tool updates
• Watch Mark's Sysinternals Update videos on YouTube
• Watch Mark’s top-rated Case-of-the-Unexplained troubleshooting presentations and other webcasts
• Read Mark’s Blog which highlight use of the tools to solve real problems
• Check out the Sysinternals Learning Resources page
• Post your questions in the Sysinternals Forum

---

Sysinternals Live

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as live.sysinternals.com/<toolname> or  \\live.sysinternals.com\tools\<toolname>.

You can view the entire Sysinternals Live tools directory in a browser at https://live.sysinternals.com/.

What's New

What's New (September 29, 2023)

• ProcDump 2.2 for Linux
  This update to ProcDump for Linux adds support for Azure Linux and fixes a couple of memory leaks.

• Sysmon 1.3 for Linux This update to Sysmon for Linux fixes a bug with rule case matching.

What's New (July 26, 2023)

• ZoomIt v7.1
  This update to ZoomIt adds audio capture to screen recording.

• ProcDump 2.0 for Linux
  ProcDump for Linux, a flexible tool for manual and trigger-based process dump generation, receives two new .NET GC triggers (-gcm and -gcgen) and updates the existing memory trigger to allow for multiple thresholds.

What's New (June 27, 2023)

• Sysmon v15.0
  This update to Sysmon, an advanced host security monitoring tool, sets the service to run as a protected process, hardening it against tampering, adds a new event, FileExecutableDetected, for when new executable images are saved to files, and fixes a system hang occurring in certain situations due to an interaction between network and file system events.

What's New (May 24, 2023)

• ZoomIt v7.0
  This update to ZoomIt, a screen magnification and annotation tool, adds the ability to screen record cropped regions or a specific window, and lets you snip regions of the screen or zoomed views to the clipboard or to a file in a single gesture.

What's New (March 9, 2023)

• Sysmon 1.1 for Linux
  This update to Sysmon for Linux, an advanced host monitoring tool, adds support for a wider range of distributions (e.g., RHEL) by leveraging BTF enabled kernels.