Mark's Blog
Mark Russinovich's technical blog covering topics such as Windows troubleshooting, technologies and security.
Hunting Down and Killing Ransomware
Scareware, a type of malware that mimics antimalware software, has been around for a decade and...
Date: 01/02/2013
Windows Azure Host Updates: Why, When, and How
Windows Azure’s compute platform, which includes Web Roles, Worker Roles, and Virtual Machines, is...
Date: 08/22/2012
Announcing Trojan Horse, the Novel!
Many of you have read Zero Day, my first novel. It’s a cyberthriller that features Jeff Aiken...
Date: 05/06/2012
The Case of My Mom’s Broken Microsoft Security Essentials Installation
As a reader of this blog I suspect that you, like me, are the IT support staff for your family and...
Date: 01/03/2012
The Case of the Installer Service Error
This case unfolds with a network administrator charged with the rollout of the Microsoft Windows...
Date: 11/27/2011
Fixing Disk Signature Collisions
Disk cloning has become common as IT professionals virtualize physical servers using tools like...
Date: 11/06/2011
The Case of the Mysterious Reboots
This case opens when a Sysinternals power user, who also works as a system administrator at a large...
Date: 10/02/2011
Troubleshooting with the New Sysinternals Administrator’s Reference
Aaron Margosis and I are thrilled to announce that the long awaited, and some say long overdue,...
Date: 07/03/2011
The Zero Day Book Trailer
I just got back the finished version of the video trailer for my new cyber thriller Zero Day, which...
Date: 05/03/2011
Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 3
In the first post of this series, I used Autoruns, Process Explorer and VMMap to statically analyze...
Date: 04/17/2011
Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 2
In Part 1 I began my investigation of an example infection of the infamous Stuxnet worm with the...
Date: 04/15/2011
Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1
Though I didn’t realize what I was seeing, Stuxnet first came to my attention on July 5 last summer...
Date: 03/26/2011
Zero Day is Here!
I’m excited to announce that my first novel, a cyber thriller entitled Zero Day, is now available at...
Date: 03/13/2011
The Case of the Unusable System
This post continues in the malware hunting theme of the last couple of posts as Zero Day...
Date: 03/13/2011
The Case of the Sysinternals-Blocking Malware
Continuing the theme of focusing on malware-related cases (last week I posted The Case of the...
Date: 03/06/2011
The Case of the Malicious Autostart
Given that my novel, Zero Day, will be published in a few weeks and is based on malware’s use as a...
Date: 02/26/2011
Announcing Zero Day, the Novel!
You’ve seen the news if you’re my friend on Facebook, follow me on Twitter, or subscribe...
Date: 01/18/2011
“Blue Screens” in Designer Colors with One Click
My last blog post described how to use local kernel debugging to change the colors of the Windows...
Date: 01/09/2011
A Bluescreen By Any Other Color
Note: for an easier way to customize the blue screen’s colors, see my next blog post, “Blue Screens...
Date: 12/13/2010
The Cases of the Blue Screens: Finding Clues in a Crash Dump and on the Web
My last couple of posts have looked at the lighter side of blue screens by showing you how to...
Date: 12/12/2010
The Case of the Slow Project File Opens
If you’ve seen one of my Case of the Unexplained presentations (like the one I delivered at TechEd...
Date: 12/06/2010
LiveKd for Virtual Machine Debugging
When Dave Solomon and I were writing the 3rd edition of the Windows Internals book series Inside...
Date: 10/09/2010
The Case of the Random IE Crash
While I long for the day when I no longer experience the effects of buggy software, there’s...
Date: 06/01/2010
The Case of the Printing Failure
The most interesting cases I receive are those that demonstrate a unique troubleshooting technique...
Date: 04/12/2010
Pushing the Limits of Windows: USER and GDI Objects – Part 2
Last time, I covered the limits and how to measure usage of one of the two key window manager...
Date: 03/31/2010
Pushing the Limits of Windows: USER and GDI Objects – Part 1
So far in the Pushing the Limits of Windows series, I’ve focused on resources managed by the Windows...
Date: 02/24/2010
The Machine SID Duplication Myth (and Why Sysprep Matters)
On November 3 2009, Sysinternals retired NewSID, a utility that changes a computers machine Security...
Date: 11/03/2009
Channel 9: Inside Windows 7 Redux
Windows 7 hit general availability today, putting it in stores and on new PC’s. There are...
Date: 10/22/2009
Recent and Upcoming Speaking Engagements
I wanted to update you on my recent and upcoming speaking engagements. First, I’ve been...
Date: 10/08/2009
Pushing the Limits of Windows: Handles
This is the fifth post in my Pushing the Limits of Windows series where I explore the upper bound on...
Date: 09/29/2009
The Case of the Temporary Registry Profiles
Microsoft Customer Support Services (CSS) is one of the biggest customers of the Sysinternals tools...
Date: 08/10/2009
Windows Internals 5th Edition is Available!
I’m proud to announce that Windows Internals, 5th Edition is now available. It’s been a long road,...
Date: 07/06/2009
Pushing the Limits of Windows: Processes and Threads
This is the fourth post in my Pushing the Limits of Windows series that explores the boundaries of...
Date: 07/05/2009
The Case of the Slow Keynote Demo
A couple of weeks ago I participated for the first time in the keynote at Microsoft’s Teched US...
Date: 05/23/2009
Pushing the Limits of Windows: Paged and Nonpaged Pool
In previous Pushing the Limits posts, I described the two most basic system resources, physical...
Date: 03/10/2009
The Case of the Crashed Phone Call
David Solomon, my coauthor for the Windows Internals books, was recently in the middle of an...
Date: 12/30/2008
The Case of the Phantom Desktop Files
A few weeks ago, my wife mentioned that she sometimes saw files in her desktop folder that didn’t...
Date: 12/28/2008
Pushing the Limits of Windows: Virtual Memory
In my first Pushing the Limits of Windows post, I discussed physical memory limits, including the...
Date: 11/17/2008
The Case of the Random IE and WMP Crashes
When I experienced a crash in Internet Explorer (IE) on my home 64-bit gaming system one day, I...
Date: 06/02/2008
Guest Post: The Case of the FrontPage Error
Welcome to the first guest "Case Of" blog post! I've received numerous great troubleshooting cases...
Date: 05/13/2008
The Case of the System Process CPU Spikes
As you’ve probably surmised by my blog posts and other writings, I like knowing exactly what my...
Date: 04/07/2008
Inside Vista SP1 File Copy Improvements
Windows Vista SP1 includes a number of enhancements over the original Vista release in the areas of...
Date: 02/04/2008