Sysinternals Tools Updates

[usasma]

http://blogs.technet.com/b/sysinter...lorer-v15-2-testlimit-v5-21-pskill-v1-14.aspx

Updates: Process Explorer v15.2, Testlimit v5.21, Pskill v1.14
BethBr
7 Jun 2012 1:20 PM

0

Process Explorer v15.2:[/B] This major update to Process Explorer, a Task Manager replacement, merges Autoruns functionality by adding a new Autostart Location column and property to the process and DLL views that indicates where an image is configured to automatically start or load. It also adds .NET stack walking support to the thread stack dialog, adds a process timeline column that graphically depicts a process’s lifetime relative other processes, and uses the Windows 8 private ETW logger which enables better coexistence with other ETW-based tools.

Testlimit v5.21:[/B]This update clarifies some of the output messages.

Pskill v1.14:[/B] This release to PsKill, a command-line tool for terminating processes, includes some minor bug fixes.

Process Explorer, Syinternals, Testlimit, PsKill, procexp

 

[Vir Gnarus]

Re: Process Explorer update - includes Autoruns functionality

Thank you for bringing this to attention. I especially like the .NET stackwalking support as that previously was rather elusive given how managed code works.

 

[Temmu]

Re: Process Explorer update - includes Autoruns functionality

likewise, thanks, sysinternals is a great set of tools.

 

[usasma]

Re: Process Explorer update - includes Autoruns functionality

Latest update out: Autoruns v11.32, Process Explorer v15.21, Process Monitor v3.02, PSKill v1.15, RAMMap v1.2

Autoruns v11.32: This update fixes a bug that prevented Autoruns from correctly elevating when the Run as Administrator option is selected.

Process Explorer v15.21: This update fixes a bug related to the autostart functionality introduced in v15.2, a tooltip display bug, and a bug that prevented display of kernel stacks.

Process Monitor v3.02: This release fixes an external logging issue that prevented certain registry paths from display correctly when run with App-V and fixes a bug in the save logic.

PsKill v1.15: This fixes a bug in the remote kill functionality introduced by the v1.14 update.

RAMMap v1.2: This release to RAMMap, a utility that displays a detailed map of a system’s physical memory usage, now supports systems with more than 16GB of RAM, Windows 8, and includes keyboard navigation improvements.

 

[usasma]

Latest updates out: Handle v3.5, Process Explorer v15.22, Process Monitor v3.03, RAMMap v1.21, ZoomIt v4.3

Handle v3.5: This update to Handle, a command-line utility that lists open handles, uses the most recent Process Explorer driver so that it now resolves system process handles and types.

Process Explorer v15.22: This release addresses a bug that caused Process Explorer to crash when viewing .NET thread stacks of 64-bit Windows XP and 64-bit Windows Server 2003.

Process Monitor v3.03: A bug that caused some symbols to not resolve in stack traces is fixed in this release.

RAMMap v1.21: This fixes a bug that causes RAMMap to sometimes report an error on 32-bit versions of Windows.

ZoomIt v4.3: This update to ZoomIt, a screen magnification and annotation utility, adds an option that enables you to configure it to automatically start when you login.

 

[Corrine]

From http://technet.microsoft.com/en-US/sysinternals

What's New (September 10, 2012)

• Mark Publishes New Technothriller: Trojan Horse
  Mark’s sequel to his popular debut technothriller Zero Day is now available in ebook and hard cover. Watch the video trailer and read the reviews on Mark’s website.
• ProcDump v5.0
  Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and exceptions. Version 5.0 is a major upgrade that adds the ability to configure exception filters based on managed and native exception types, extends support to Windows 8 modern applications, and integrates with Process Monitor’s debug output logging.
• Sigcheck v1.8
  This update to Sigcheck, a command-line file version and digital signature verification utility, shows detailed certificate information such as certificate usage, validity dates, and thumbprints, and also shows a file’s counter-signing chain if it has one.

BTW, I was notified yesterday that I won a copy of Mark's new book, "Trojan Horse". :dance: I enjoyed "Zero Day" and look forward to reading "Trojan Horse".

 

[jcgriff2]

Awesome, Corrine!

 

[Wrench97]

Congrats Corine, the titles sound like something my son would read but I'll bet that Zero Day had nothing to with a WW II attack and Trojan Horse isn't about Odysseus and the Greeks :thumbsup2:

 

[Corrine]

Right you are.

Trojan Horse: A Novel by author Mark Russinovich

It’s two years post-Zero Day, and former government analyst Jeff Aiken is reaping the rewards for crippling al-Qaida’s attack on the computer infrastructure of the Western world. His cyber – security company is flourishing, and his relationship with Daryl Haugen intensifies when she becomes a part of his team.

But the West is under the East’s greatest threat yet. The Stuxnet virus that successfully subverted Iran’s nuclear defense program for years is being rapidly identified and defeated, and Stuxnet’s creators are stressed to develop a successor. As Jeff and Daryl struggle to stay together, they’re summoned to disarm the attack of a revolutionary, invisible trojan that alters data without leaving a trace. As the trojan penetrates Western intelligence, the terrifying truth about Iran is revealed, and Jeff and Daryl find themselves running a desperate race against time to reverse it – while the fate of both East and West hangs in the balance.

Like Zero Day, Trojan Horse is a thrilling suspense story, a sober warning from one of the world’s leading experts on cyber-security, Microsoft Technical Fellow Mark Russinovich. Trojan Horse exposes the already widespread use of international cyber-espionage as a powerful and dangerous weapon, and the lengths to which one man will go to stop it.

 

[usasma]

Latest update: Updates: Autoruns v11.5, Du (Disk Usage) v1.5, Procdump v5.14, Procmon v3.04, Ru (Registry Usage) v1.0 - Sysinternals Site Discussion - Site Home - TechNet Blogs

Updates: Autoruns v11.5, Du (Disk Usage) v1.5, Procdump v5.14, Procmon v3.04, Ru (Registry Usage) v1.0
safarr_msft1
27 Mar 2013 4:23 PM

0

Autoruns v11.5: This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved to navigate directly to files rather than their parent directory.

Disk Usage (Du) v1.5: Du, a command-line utility for reporting the disk space consumed by directories and their files, has expanded CSV output that includes file and directory counts, as well as an option for tab-delimiting, which is a format more convenient for import into Excel than comma-delimited.

ProcDump v5.14: This release of Procdump, a command-line utility that enables the capture of process dumps based on numerous trigger types including on-demand, doesn’t report process exceptions unless the exception trigger is specified.

Process Monitor v3.04: Procmon, a power system activity monitor, now includes support for new Windows 8 file information query types and fixes a bug in the tooltip handling.

Registry Usage (RU) v1.0: Ru (Registry Usage) is a new command-line utility that reports the size, value and subkey counts of registry keys. Like its Sysinternals Du (Disk Usage) counterpart, Ru can help you find the keys that contribute to registry bloat.

 

[Corrine]

Process Explorer was updated and is now integrated with VirusTotal APIs. From http://technet.microsoft.com/en-us/sysinternals/default.aspx:

What's New (January 29, 2014)

Process Explorer v16.0
Thanks to collaboration with the team at VirusTotal, this Process Explorer update introduces integration with VirusTotal.com, an online antivirus analysis service. When enabled, Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal and if they have been previously scanned, reports how many antivirus engines identified them as possibly malicious. Hyperlinked results take you to VirusTotal.com report pages and you can even submit files for scanning.

Download: Process Explorer v16.0

 

[ganjeii]

Aweommmmeeeeeee!!! :bored2:

 

[Corrine]

Re: SysInternals Suite

Via Twitter, https://twitter.com/markrussinovich/status/466324363965632513

Just posted Sysinternals updates: Autoruns w/WMI support and Procdump with a slew of enhancements: Windows Sysinternals: Documentation, downloads and additional resources

What's New (May 13, 2014)

• Autoruns v12.0
  This release of Autoruns, a Windows application and command-line utility for viewing autostart entries, now reports the presence of batch file and executable image entries in the WMI database, a vector used by some types of malware.
• ProcDump v7.0
  Procdump, a utility for capturing process dump files based on CPU, memory, and other triggers, has improved support for lightweight reflection dumps on Windows 7 and Windows 8, adds debug print statements as a new trigger type, has support for memory commit duration triggers, and now includes an option to unregister Procdump as the system last-chance exception debugger.

 

[Digerati]

Re: SysInternals Suite

Thanks Corrine!

 

[Corrine]

From Update: AccessChk v6.0, Autoruns v13.4, Process Monitor v3.2, VMMap v3.2 :

AccessChk v6.0
This update to AccessChk, a command-line utility that shows effective and actual permissions for registry keys, files, services, kernel objects, and more, can now show the permissions and security descriptors assigned to event logs, and incorporates owner-rights accesses in its permissions evaluations.

Autoruns v13.4
Autoruns, the most comprehensive utility available for showing what executables, DLLs, and drivers are configured to automatically start and load, now reports Office addins, adds several additional autostart locations, and no longer hides hosting executables like cmd.exe, powershell.exe and others when Windows and Microsoft filters are in effect.
Process Monitor v3.2
Process Monitor, a real-time system monitoring utility that captures registry, file system, process and thread, CPU, DLL and network activity, adds an option to show all file system values in hexadecimal, adds additional error code and file system control strings, and fixes a bug that prevented boot capture on Windows 10.
VMMap v3.2
This release of VMMap, a powerful tool for analyzing the virtual and physical memory usage of a process, fixes a bug that prevented it from working with the 2 TB reserved memory region introduced to support Control Flow Guard (CFG).

 

[usasma]

Thanks Corrine!
Autoruns and Process Monitor updates are particularly significant.

 

[Digerati]

Thanks Corrine! And yeah, Autoruns and Process Monitor are two of my favorite utilities too.

 

[jcgriff2]

Same here.

 

[Corrine]

From Update: Autoruns v13.5, Sigcheck v2.3, RAMMap v1.4, BgInfo v4.21, Sysmon v3.11, ADInsight v1.2 - Sysinternals Site Discussion:

Autoruns v13.5
This update to Autoruns, the most comprehensive autostart viewer and manager available for Windows, now shows 32-bit Office addins and font drivers, and enables resubmission of known images to Virus Total for a new scan.
Sigcheck v2.30
Sigcheck, a command-line utility for displaying detailed file version information, image signing status, catalog and certificate store contents, includes updated Windows 10 certificate OIDs, support for checking corresponding MUI (internationalization strings) files for more accurate version data, and now shows the version company name as well as signature publisher for signed files.
RAMMap v1.4
This release of RAMMap, a tool that reports detailed information about physical memory usage, is compatible with Windows 10 and includes a bug fix that could cause a crash when a long file name was scrolled into view in the file summary page.
BgInfo v4.21
BgInfo, a utility that displays customization text and system information on the desktop wallpaper, now correctly reports Windows 10 and Windows Server 2016, and fixes a bug that could cause incorrect desktop bitmap sizes on systems with high DPI.
Sysmon v3.11
Sysmon is a system utility that logs security relevant process, network and file events to the event log. This update fixes a memory leak for DLL image load event monitoring and removes a misleading warning when processing configuration files.
ADInsight v1.2
ADInsight, a real-time monitoring tool, now includes support for 64-bt Windows as well as numerous bug fixes.

 

[Digerati]

Really glad to see BGInfo updated. I really like this little program and have it displaying all my hardware and network information on my second monitor. Really handy for me. But sadly, this new update does NOT correctly report Windows 10. It still says Windows 8.