Category Archives: Process Explorer

Autoruns v11.70, Bginfo v4.20, Disk2vhd v1.64, Process Explorer v15.40

Autoruns v11.70: This release of Autoruns, a powerful utility for scanning and disabling autostart code, adds a new option to have it show only per-user locations, something that is useful when analyzing the autostarts of different accounts than the one that
Autoruns is running under.

Bginfo v4.20: BgInfo, a utility that creates custom desktop backgrounds that display system information, now correctly reports version information for Windows 8.1 and Windows Server 2012 R2.

Disk2vhd v1.64: This update to Disk2Vhd, a tool for converting physical system disks to VHDs for use by virtual machines, now supports disk sizes of up to 2 TB.

Process Explorer v15.40: Process Explorer, a Task Manager replacement, now shows WMI providers hosted in Wmiprvse processes (thanks to Mohamed Elghetany for contributions); includes an option that configures it to automatically run when you logon; and introduces a
process view column that shows process DPI awareness support on Windows 8.1 systems.


Updates: Autoruns v11.6, Procexp v15.31, Procmon v3.05, Sigcheck v1.92

Autoruns v11.6: Autoruns is a utility for enumerating and disabling executables and DLLs configured to activate in dozens of autostart registration points.  This update fixes some minor bugs and adds Authenticode SHA1 and SHA256 hash reporting to Autorunsc output.

Sigcheck v1.92: Sigcheck is a command-line utility for reporting image version and signature information.  With this update, it now includes support for Authenticode SHA256 hashes, which is the same hash type used to identify images by AppLocker.

Process Explorer v15.31: Process Explorer is a powerful process management utility. This update fixes a bug with copying text from the process properties dialog and adds an option to disable the heatmap display in the process view.

Process Monitor v3.05: Process Monitor is a powerful file, registry, process, thread and network monitoring tool.  This update adds a context-menu entry that opens the filter edit dialog with contents prepopulated with the specified row and column value.

Updates: Pendmoves v1.2, Process Explorer v15.3, Sigcheck v1.91, Zoomit v4.42

Pendmoves v1.2: This update to Pendmoves adds support for 64-bit directories.

Process Explorer v15.3: This major Process Explorer release includes heat-map display for process CPU, private bytes, working set and GPU columns, sortable security groups in the process properties security page, and tooltip reporting of tasks executing in Windows 8 Taskhostex processes. It also creates dump files that match the bitness of the target process and works around a bug introduced in Windows 8 disk counter reporting.

Sigcheck v1.91: This update to Sigcheck prints the link time for executable files instead of the file last-modified time, and fixes a bug introduced in 1.9 where the –q switch didn’t suppress the print out of the banner.

Zoomit v4.42: Zoomit now includes an option to suppress zoom-in and zoom-out animation to better support remote RDP sessions and fixes a bug that caused static zoom to snap to the top and left side of the screen in some cases.

New: PsPing v1.0; Updates: DebugView v4.8, Process Explorer v15.23, Sigcheck v1.81

PsPing v1.0: PsPing is a new Sysinternals PsTools command-line utility for measuring network performance. In addition to standard ICMP ping functionality, it can report the latency of connecting to TCP ports, the latency of TCP round-trip communication between systems, and the TCP bandwidth available to a connection between systems. Besides obtaining min, max, and average values in 0.01ms resolution, you can also use PsPing to generate histograms of the results that are easy to import into spreadsheets.

DebugView v4.8: This release of DebugView, a debug output monitoring utility, addresses a bug that could cause DebugView to blue screen on “checked build” (debug) versions of Windows.

Process Explorer v15.23: This update to Process Explorer adds the ability to view the process token of protected processes, fixes a bug that causes a crash when viewing thread stacks on Windows XP, and fixes a bug that causes a crash when running on Windows PE.

Sigcheck v1.81: This update to Sigcheck, a command-line utility for analyzing the digital signatures of executable images, fixes a bug that could cause it to crash when reporting the signing status of images that have invalid signatures.

Updates: Handle v3.5, Process Explorer v15.22, Process Monitor v3.03, RAMMap v1.21, ZoomIt v4.3

Handle v3.5: This update to Handle, a command-line utility that lists open handles, uses the most recent Process Explorer driver so that it now resolves system process handles and types.

Process Explorer v15.22: This release addresses a bug that caused Process Explorer to crash when viewing .NET thread stacks of 64-bit Windows XP and 64-bit Windows Server 2003.

Process Monitor v3.03: A bug that caused some symbols to not resolve in stack traces is fixed in this release.

RAMMap v1.21: This fixes a bug that causes RAMMap to sometimes report an error on 32-bit versions of Windows.

ZoomIt v4.3: This update to ZoomIt, a screen magnification and annotation utility, adds an option that enables you to configure it to automatically start when you login.

Updates: Autoruns v11.32, Process Explorer v15.21, Process Monitor v3.02, PSKill v1.15, RAMMap v1.2

Autoruns v11.32: This update fixes a bug that prevented Autoruns from correctly elevating when the Run as Administrator option is selected.

Process Explorer v15.21: This update fixes a bug related to the autostart functionality introduced in v15.2, a tooltip display bug, and a bug that prevented display of kernel stacks.

Process Monitor v3.02: This release fixes an external logging issue that prevented certain registry paths from display correctly when run with App-V and fixes a bug in the save logic.

PsKill v1.15: This fixes a bug in the remote kill functionality introduced  by the v1.14 update.

RAMMap v1.2: This release to RAMMap, a utility that displays a detailed map of a system’s physical memory usage, now supports systems with more than 16GB of RAM, Windows 8, and includes keyboard navigation improvements.