Updates: Process Explorer v15.2, Testlimit v5.21, Pskill v1.14
7 Jun 2012 1:20 PM
Process Explorer v15.2:[/B] This major update to Process Explorer, a Task Manager replacement, merges Autoruns functionality by adding a new Autostart Location column and property to the process and DLL views that indicates where an image is configured to automatically start or load. It also adds .NET stack walking support to the thread stack dialog, adds a process timeline column that graphically depicts a process’s lifetime relative other processes, and uses the Windows 8 private ETW logger which enables better coexistence with other ETW-based tools.
Testlimit v5.21:[/B]This update clarifies some of the output messages.
Pskill v1.14:[/B] This release to PsKill, a command-line tool for terminating processes, includes some minor bug fixes.
Process Explorer, Syinternals, Testlimit, PsKill, procexp
Re: Process Explorer update - includes Autoruns functionality
Latest update out: Autoruns v11.32, Process Explorer v15.21, Process Monitor v3.02, PSKill v1.15, RAMMap v1.2
Autoruns v11.32: This update fixes a bug that prevented Autoruns from correctly elevating when the Run as Administrator option is selected.
Process Explorer v15.21: This update fixes a bug related to the autostart functionality introduced in v15.2, a tooltip display bug, and a bug that prevented display of kernel stacks.
Process Monitor v3.02: This release fixes an external logging issue that prevented certain registry paths from display correctly when run with App-V and fixes a bug in the save logic.
PsKill v1.15: This fixes a bug in the remote kill functionality introduced by the v1.14 update.
RAMMap v1.2: This release to RAMMap, a utility that displays a detailed map of a system’s physical memory usage, now supports systems with more than 16GB of RAM, Windows 8, and includes keyboard navigation improvements.
Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and exceptions. Version 5.0 is a major upgrade that adds the ability to configure exception filters based on managed and native exception types, extends support to Windows 8 modern applications, and integrates with Process Monitor’s debug output logging.
This update to Sigcheck, a command-line file version and digital signature verification utility, shows detailed certificate information such as certificate usage, validity dates, and thumbprints, and also shows a file’s counter-signing chain if it has one.
It’s two years post-Zero Day, and former government analyst Jeff Aiken is reaping the rewards for crippling al-Qaida’s attack on the computer infrastructure of the Western world. His cyber – security company is flourishing, and his relationship with Daryl Haugen intensifies when she becomes a part of his team.
But the West is under the East’s greatest threat yet. The Stuxnet virus that successfully subverted Iran’s nuclear defense program for years is being rapidly identified and defeated, and Stuxnet’s creators are stressed to develop a successor. As Jeff and Daryl struggle to stay together, they’re summoned to disarm the attack of a revolutionary, invisible trojan that alters data without leaving a trace. As the trojan penetrates Western intelligence, the terrifying truth about Iran is revealed, and Jeff and Daryl find themselves running a desperate race against time to reverse it – while the fate of both East and West hangs in the balance.
Like Zero Day, Trojan Horse is a thrilling suspense story, a sober warning from one of the world’s leading experts on cyber-security, Microsoft Technical Fellow Mark Russinovich. Trojan Horse exposes the already widespread use of international cyber-espionage as a powerful and dangerous weapon, and the lengths to which one man will go to stop it.
Autoruns v11.5: This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved to navigate directly to files rather than their parent directory.
Disk Usage (Du) v1.5: Du, a command-line utility for reporting the disk space consumed by directories and their files, has expanded CSV output that includes file and directory counts, as well as an option for tab-delimiting, which is a format more convenient for import into Excel than comma-delimited.
ProcDump v5.14: This release of Procdump, a command-line utility that enables the capture of process dumps based on numerous trigger types including on-demand, doesn’t report process exceptions unless the exception trigger is specified.
Process Monitor v3.04: Procmon, a power system activity monitor, now includes support for new Windows 8 file information query types and fixes a bug in the tooltip handling.
Registry Usage (RU) v1.0: Ru (Registry Usage) is a new command-line utility that reports the size, value and subkey counts of registry keys. Like its Sysinternals Du (Disk Usage) counterpart, Ru can help you find the keys that contribute to registry bloat.
Process Explorer v16.0
Thanks to collaboration with the team at VirusTotal, this Process Explorer update introduces integration with VirusTotal.com, an online antivirus analysis service. When enabled, Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal and if they have been previously scanned, reports how many antivirus engines identified them as possibly malicious. Hyperlinked results take you to VirusTotal.com report pages and you can even submit files for scanning.
This release of Autoruns, a Windows application and command-line utility for viewing autostart entries, now reports the presence of batch file and executable image entries in the WMI database, a vector used by some types of malware.
Procdump, a utility for capturing process dump files based on CPU, memory, and other triggers, has improved support for lightweight reflection dumps on Windows 7 and Windows 8, adds debug print statements as a new trigger type, has support for memory commit duration triggers, and now includes an option to unregister Procdump as the system last-chance exception debugger.
This update to AccessChk, a command-line utility that shows effective and actual permissions for registry keys, files, services, kernel objects, and more, can now show the permissions and security descriptors assigned to event logs, and incorporates owner-rights accesses in its permissions evaluations.
Autoruns, the most comprehensive utility available for showing what executables, DLLs, and drivers are configured to automatically start and load, now reports Office addins, adds several additional autostart locations, and no longer hides hosting executables like cmd.exe, powershell.exe and others when Windows and Microsoft filters are in effect. Process Monitor v3.2
Process Monitor, a real-time system monitoring utility that captures registry, file system, process and thread, CPU, DLL and network activity, adds an option to show all file system values in hexadecimal, adds additional error code and file system control strings, and fixes a bug that prevented boot capture on Windows 10. VMMap v3.2
This release of VMMap, a powerful tool for analyzing the virtual and physical memory usage of a process, fixes a bug that prevented it from working with the 2 TB reserved memory region introduced to support Control Flow Guard (CFG).
This update to Autoruns, the most comprehensive autostart viewer and manager available for Windows, now shows 32-bit Office addins and font drivers, and enables resubmission of known images to Virus Total for a new scan. Sigcheck v2.30
Sigcheck, a command-line utility for displaying detailed file version information, image signing status, catalog and certificate store contents, includes updated Windows 10 certificate OIDs, support for checking corresponding MUI (internationalization strings) files for more accurate version data, and now shows the version company name as well as signature publisher for signed files. RAMMap v1.4
This release of RAMMap, a tool that reports detailed information about physical memory usage, is compatible with Windows 10 and includes a bug fix that could cause a crash when a long file name was scrolled into view in the file summary page. BgInfo v4.21
BgInfo, a utility that displays customization text and system information on the desktop wallpaper, now correctly reports Windows 10 and Windows Server 2016, and fixes a bug that could cause incorrect desktop bitmap sizes on systems with high DPI. Sysmon v3.11
Sysmon is a system utility that logs security relevant process, network and file events to the event log. This update fixes a memory leak for DLL image load event monitoring and removes a misleading warning when processing configuration files. ADInsight v1.2
ADInsight, a real-time monitoring tool, now includes support for 64-bt Windows as well as numerous bug fixes.
Really glad to see BGInfo updated. I really like this little program and have it displaying all my hardware and network information on my second monitor. Really handy for me. But sadly, this new update does NOT correctly report Windows 10. It still says Windows 8.