Category Archives: ProcDump

Updates: Accesschk v5.11, Procdump v6.0, RAMMap v1.22, Strings v2.51

AccessChk v5.11: AccessChk, a command line utility for
dumping the effective permissions and security descriptors for files, registry
keys, processes, tokens, object manager objects, now prefixes Windows 8
application container SIDs with the word “Package”, and includes several minor
bug fixes.

Procdump v6.0: Procdump is an advanced utility for
capturing process memory dumps based on a variety of triggers including CPU
usage, memory usage, performance counter values, and exceptions. Version 6.0 is
a major upgrade that adds the ability to specify multiple filters, attach to a
process by service name, and display/filter on the message text of a CLR or
JScript exception.

RAMMap v1.22: RAMMap is a graphic utility that shows
the breakdown of physical memory usage across different dimensions. This
release fixes a bug that could cause a crash when accessing the cached files
page when a cached file’s name exceeded a certain length.

Strings v2.51: This update to Strings, a command-line
utility that prints a file’s embedded Unicode and ASCII strings, fixes a signed
file offset printing bug.

Updates: Autoruns v11.5, Du (Disk Usage) v1.5, Procdump v5.14, Procmon v3.04, Ru (Registry Usage) v1.0

Autoruns v11.5: This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved to navigate directly to files rather than their parent directory.

Disk Usage (Du) v1.5: Du, a command-line utility for reporting the disk space consumed by directories and their files, has expanded CSV output that includes file and directory counts, as well as an option for tab-delimiting, which is a format more convenient for import into Excel than comma-delimited.

ProcDump v5.14: This release of Procdump, a command-line utility that enables the capture of process dumps based on numerous trigger types including on-demand, doesn’t report process exceptions unless the exception trigger is specified.

Process Monitor v3.04: Procmon, a power system activity monitor, now includes support for new Windows 8 file information query types and fixes a bug in the tooltip handling.

Registry Usage (RU) v1.0: Ru (Registry Usage) is a new command-line utility that reports the size, value and subkey counts of registry keys. Like its Sysinternals Du (Disk Usage) counterpart, Ru can help you find the keys that contribute to registry bloat.

Updates: Autoruns v11.41, Handle v3.51, Movefile v1.01, Procdump v5.13, Sigcheck v1.9

Autoruns v11.41: This Autoruns update reports the hosting image target of link shortcut references.

Handle v3.51: This minor update to Handle, a command-line utility that dumps process handle tables, fixes a bug in its file share drive letter formatting.

Movefile v1.01: Movefile, a utility for scheduling file delete and rename operations for when the system reboots, now correctly handles 64-bit system paths.

Procdump v5.13: This update to Procdump, a command-line utility that generates on-demand and trigger-based process crash dump files, now supports triggers for when process CPU usage, memory consumption or arbitrary performance counters fall below a specified value.

Sigcheck v1.9: Sigcheck, a command-line file-version and signature verification tool, now reports certificate publisher names, capitalizes hash values, and fixes a certificate chain validation bug.

Updates: Autoruns v11.4, ProcDump v5.12, SDelete v1.61

Autoruns v11.4: Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug.

Procdump v5.12: This Procdump update fixes a bug introduced in v5.11 where it doesn’t save information required by the !runaway debugger command.

SDelete v1.61: SDelete v1.61 fixes drive letter syntax consistency in its parsing of command line arguments.

Updates: DebugView v4.81, ProcDump v5.11, ZoomIt v4.4

DebugView v4.81: Version 4.81 of DebugView, a utility that logs user and kernel-mode
debug output messages,  fixes a bug that could cause it on some executions
to fail to capture debug output and enter a CPU-bound loop.

ProcDump v5.11: This release of ProcDump fixes a bug introduced in version 5.1 that
prevented it from working on 32-bit Windows XP.

ZoomIt v4.4: This update to ZoomIt, a screen magnification and annotation utility, includes
smoother zooming behavior, adds the ability to specify the initial zoom level,
and maintains the window focus when initiating live zooming.

Updates: AdExplorer v1.44, Contig v1.7, Coreinfo v3.2, Procdump v5.1

AdExplorer v1.44: This release fixes a bug that caused AdExplorer to crash when it encountered corrupted extended rights schemas.

Contig v1.7: Contig is a command-line file defragmentation and fragmentation analysis utility. v1.7 has more detailed fragmentation analysis reporting, fixes a bug that enables creation of contiguous files larger than 8GB, and adds support for setting the valid data length on files to avoid zero-fill overhead.

Coreinfo v3.2: Coreinfo, a command-line utility that dumps processor topology and feature support, now reports the presence of many additional features, including SMAP, RDSEED, BMI1, ADX, HLE, RTM, and INVPCID.

Procdump v5.1: This major update to Procdump, a command-line utility for creating process crash dump files based on triggers or on-demand, adds support for Silverlight applications and the ability to register Procdump as the just-in-time (JIT) debugger for more advanced scenarios.

Updates: Autoruns v11.34, ProcDump v5.0, Sigcheck v1.8, VMMap v3.11

Autoruns v11.34: This release of Autoruns fixes a bug that caused it to not show some Internet Explorer extensions.

ProcDump v5.0: Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and exceptions. Version 5.0 is a major upgrade that adds the ability to configure exception filters based on managed and native exception types, extends support to Windows 8 modern applications, and integrates with Process Monitor’s debug output logging.

Sigcheck v1.8: This update to Sigcheck, a command-line file version and digital signature verification utility, shows detailed certificate information such as certificate usage, validity dates, and thumbprints, and also shows a file’s counter-signing chain if it has one.

VMMap v3.11: VMMap, a utility that shows detailed information about a process’ virtual and physical memory usage, now reports commit usage instead of working set in its timeline view and fixes a bug that enables export of captures of 32-bit processes.