Windows Internals Book
The official updates and errata page for the definitive book on Windows internals, by Mark Russinovich and David Solomon.
Troubleshooting with the Windows Sysinternals Tools
The official guide to the Sysinternals utilities by Mark Russinovich and Aaron Margosis, including descriptions of all the tools, their features, how to use them for troubleshooting, and example real-world cases of their use.
- Inside the Windows Vista Kernel: Part 1
- Inside the Windows Vista Kernel: Part 2
- Inside the Windows Vista Kernel: Part 3
- Inside Windows Vista User Account Control
- Inside Windows Server 2008 Kernel Changes
Videos and Webcasts
Find all the videos from this special event:
- Fireside Chat with Mark Russinovich
- Sysinternals Overview
- Process Explorer Deep Dive
- Process Monitor Deep Dive
- Sysmon Deep Dive
- Autoruns Deep Dive
- ProcDump Deep Dive
- PsTools Deep Dive
- Sysinternals for Linux Deep Dive
Candid talk from the man behind your favorite Windows tools
Mark talks with Larry Seltzer about the history and future of Sysinternals.
Defrag Tools Shows
Episodes 1 – 12 of the Defrag Tools shows focus on Sysinternals tools. Each episode covers a specific tool used on the tech support show Defrag, covering when and why to use the tools, and providing tips on how to get the most out of them:
- Defrag Tools: #1 - Building your USB thumbdrive
- Defrag Tools: #2 - Process Explorer
- Defrag Tools: #3 - Process Monitor
- Defrag Tools: #4 - Process Monitor - Examples
- Defrag Tools: #5 - Autoruns and MSConfig
- Defrag Tools: #6 - RAMMap
- Defrag Tools: #7 - VMMap
- Defrag Tools: #8 - Mark Russinovich
- Defrag Tools: #9 - ProcDump
- Defrag Tools: #10 - ProcDump - Triggers
- Defrag Tools: #11 - ProcDump - Windows 8 & Process Monitor
- Defrag Tools: #12 - TaskMgr and ResMon
Two dozen of Mark’s top-rated presentations on Sysinternals, Windows internals, and Windows Azure are available for on-demand viewing. Get tips and techniques on using the Sysinternals tools to troubleshoot directly from their author.
TWC: Sysinternals Primer: TechEd 2014 Edition
The latest edition of the popular Sysinternals Primer series with Aaron Margosis, Mark Russinovich’s co-author of The Windows Sysinternals Administrator’s Reference. The Sysinternals utilities are vital tools for any computer professional on the Windows platform. Mark Russinovich's popular “Case Of The Unexplained” demonstrates some of their capabilities in advanced troubleshooting scenarios. This complementary tutorial series focuses primarily on the utilities themselves, deep-diving into as many features as time allows. Expect to see some advanced analysis, such as manipulating Procmon results with Windows PowerShell, and interesting/useful new features.
Sysinternals Primer: Autoruns, Disk2Vhd, ProcDump, BgInfo and AccessChk
The Sysinternals utilities are vital tools for any computer professional on the Windows platform. Mark Russinovich's popular "Case Of The Unexplained" demonstrates some of their capabilities in advanced troubleshooting scenarios. This complementary tutorial session focuses primarily on the utilities themselves, giving you tips and techniques for using their full functionality for troubleshooting and systems management. This session follows the same format as last year’s highly-rated delivery, and covers a different set of the most useful Sysinternals tools.
Unintended Consequences of Security Lockdowns (uses Sysinternals utilities a lot)
Security-conscious organizations often lock down their systems based on prescriptive guidance from Microsoft, US Federal government agencies or other security organizations. Sometimes these settings can lead to unpleasant surprises and unexpected side effects. This session describes and demonstrates some of the common issues that can arise, and whether and how those settings actually help or hurt. Is there benefit to not granting Administrators the “Debug” privilege? Does “Hide mechanisms to remove zone information” break anything? Is the “Require trusted path for credential entry” setting worth the inconvenience? Come see!
Windows Sysinternals Primer: Process Explorer, Process Monitor and More
The Sysinternals utilities are vital tools for any computer professional on the Windows platform. Mark Russinovich's popular "Case Of The Unexplained" demonstrates some of their capabilities in advanced troubleshooting scenarios. This complementary tutorial session by Aaron Margosis and Tim Reckmeyer focuses primarily on the utilities, deep-diving into as many features as time will allow. Learn tips and tricks that will make you more effective with the Sysinternals utilities.