Sysinternals
Encyclopedia
Windows Sysinternals is a part of the Microsoft TechNet
website
which offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows
environment. Originally, the Sysinternals website (formerly known as ntinternals) was created in 1996 and was operated by the company Winternals Software LP, which was located in Austin
, Texas. It was started by software developer
s Bryce Cogswell and Mark Russinovich
. Microsoft
acquired Winternals and its assets on July 18, 2006.
The website featured several freeware
tools to administer and monitor computers running Microsoft Windows. The software can now be found at Microsoft. The company also sold data recovery
utilities and professional editions of their freeware tools.
in an October 2005 posting to the Sysinternals blog.
On July 18, 2006, Microsoft Corporation acquired the company and its assets. Russinovich explained that Sysinternals will remain active until Microsoft agrees on a method of distributing the tools provided there. However, NT Locksmith, a Windows password recovery utility, was immediately removed. Currently, the Sysinternals website is moved to the Windows Sysinternals website and is a part of Microsoft TechNet.
In late 2010, Bryce Cogswell retired from Sysinternals.
, C++
, or assembly language
. The code was compatible with Visual C++ v. 6.0 and could be compiled with little effort by a Windows developer. Some of the more interesting utilities did not come with source code, or a lesser version would be available with the source. In later releases, there were 64-bit versions of the utilities and even Linux versions as well.
However since the Microsoft acquisition, none of the utilities currently available is accompanied with source code, and the Linux versions are no longer maintained or available.
Some of the coding tricks used were based on the Windows Native API (NTAPI)
, which was (and still is) mostly undocumented by Microsoft. Using these coding examples - with source - would enable developers to create extraordinary programs that performed operations that would otherwise have been impossible using a standard API. Examples include hiding Registry information, intercepting or hooking APIs to monitor file operations by the OS, as well as Registry operations.
, an advanced version of Windows Task Manager, Autoruns, allegedly the most advanced manager of startup applications, RootkitRevealer
, a rootkit
detection utility, Contig
, PageDefrag
and a total of 65 other utilities. NTFSDOS
, which allowed NTFS volumes to be read by Microsoft's MS-DOS
operating system, is now discontinued and is no longer available for download.
Previously available for download was the Winternals Administrator Pack which contained ERD Commander 2005, Remote Recover 3.0, NTFSDOS Professional 5.0, Crash Analyzer Wizard, FileRestore 1.0, Filemon Enterprise Edition 2.0, Regmon Enterprise Edition 2.0, AD Explorer Insight for Active Directory 2.0, and TCP Tools.
On May 18, 2010 Sysinternals released its first new utility since its acquisition by Microsoft. Named RAMMap, it is a diagnostic utility similar to the memory tab of Windows Resource monitor; but more advanced. RAMMap runs only on Windows Vista and later.
, a tech support company working in cooperation with Best Buy
, was accused of using unlicensed versions of the ERD Commander software. Winternals supplied Best Buy with copies of its software so that Best Buy could evaluate the software while conducting contract negotiations for using it on a permanent basis. When contract talks broke down Best Buy did not notify its Geek Squad Agents to stop using the software and discard all copies. A judge granted a restraining order on April 12, requiring that use of all unlicensed software be stopped, and forcing Best Buy to turn over all copies of Winternals software within 20 days. After settlement, a version of the Winternals software was released to be used by Geek Squad.
Microsoft TechNet
Microsoft TechNet is a Microsoft program and resource for technical information, news, and events for IT professionals. Along with a website, they also produce a monthly subscription magazine titled "TechNet Magazine"....
website
Website
A website, also written as Web site, web site, or simply site, is a collection of related web pages containing images, videos or other digital assets. A website is hosted on at least one web server, accessible via a network such as the Internet or a private local area network through an Internet...
which offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
environment. Originally, the Sysinternals website (formerly known as ntinternals) was created in 1996 and was operated by the company Winternals Software LP, which was located in Austin
Austin, Texas
Austin is the capital city of the U.S. state of :Texas and the seat of Travis County. Located in Central Texas on the eastern edge of the American Southwest, it is the fourth-largest city in Texas and the 14th most populous city in the United States. It was the third-fastest-growing large city in...
, Texas. It was started by software developer
Software developer
A software developer is a person concerned with facets of the software development process. Their work includes researching, designing, developing, and testing software. A software developer may take part in design, computer programming, or software project management...
s Bryce Cogswell and Mark Russinovich
Mark Russinovich
Mark E. Russinovich is a Technical Fellow in the Platform and Services Division at Microsoft. He was a cofounder of software producers Winternals before it was acquired by Microsoft in 2006.-Early life and education:...
. Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
acquired Winternals and its assets on July 18, 2006.
The website featured several freeware
Freeware
Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the...
tools to administer and monitor computers running Microsoft Windows. The software can now be found at Microsoft. The company also sold data recovery
Data recovery
Data recovery is the process of salvaging data from damaged, failed, corrupted, or inaccessible secondary storage media when it cannot be accessed normally. Often the data are being salvaged from storage media such as internal or external hard disk drives, solid-state drives , USB flash drive,...
utilities and professional editions of their freeware tools.
Winternals Software LP
Winternals Software LP was founded by Bryce Cogswell and Mark Russinovich, who sparked the 2005 Sony BMG CD copy protection scandal2005 Sony BMG CD copy protection scandal
The Sony BMG CD copy protection rootkit scandal concerns the copy protection measures included by Sony BMG on Compact Discs in 2005. Sony BMG included the Extended Copy Protection and MediaMax CD-3 software on music CDs. XCP was put on 52 titles and MediaMax was put on 50 titles...
in an October 2005 posting to the Sysinternals blog.
On July 18, 2006, Microsoft Corporation acquired the company and its assets. Russinovich explained that Sysinternals will remain active until Microsoft agrees on a method of distributing the tools provided there. However, NT Locksmith, a Windows password recovery utility, was immediately removed. Currently, the Sysinternals website is moved to the Windows Sysinternals website and is a part of Microsoft TechNet.
In late 2010, Bryce Cogswell retired from Sysinternals.
Source code and technology
Most of the utilities that were developed were usually accompanied with the source code written in CC (programming language)
C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
, C++
C++
C++ is a statically typed, free-form, multi-paradigm, compiled, general-purpose programming language. It is regarded as an intermediate-level language, as it comprises a combination of both high-level and low-level language features. It was developed by Bjarne Stroustrup starting in 1979 at Bell...
, or assembly language
Assembly language
An assembly language is a low-level programming language for computers, microprocessors, microcontrollers, and other programmable devices. It implements a symbolic representation of the machine codes and other constants needed to program a given CPU architecture...
. The code was compatible with Visual C++ v. 6.0 and could be compiled with little effort by a Windows developer. Some of the more interesting utilities did not come with source code, or a lesser version would be available with the source. In later releases, there were 64-bit versions of the utilities and even Linux versions as well.
However since the Microsoft acquisition, none of the utilities currently available is accompanied with source code, and the Linux versions are no longer maintained or available.
Some of the coding tricks used were based on the Windows Native API (NTAPI)
Native API
The Native API is the publicly- and incompletely-documented application programming interface used internally by the Windows NT family of operating systems produced by Microsoft.. It is predominately used during system boot, when other components of Windows are unavailable. The Program Entry point...
, which was (and still is) mostly undocumented by Microsoft. Using these coding examples - with source - would enable developers to create extraordinary programs that performed operations that would otherwise have been impossible using a standard API. Examples include hiding Registry information, intercepting or hooking APIs to monitor file operations by the OS, as well as Registry operations.
Products
Windows Sysinternals supplies users with numerous free utilities, most of which are being actively developed by Mark Russinovich and Bryce Cogswell, such as Process ExplorerProcess Explorer
Process Explorer is a freeware computer program for Microsoft Windows created by Sysinternals, which has been acquired by Microsoft Corporation....
, an advanced version of Windows Task Manager, Autoruns, allegedly the most advanced manager of startup applications, RootkitRevealer
RootkitRevealer
RootkitRevealer is a proprietary freeware tool for rootkit detection on Microsoft Windows by Bryce Cogswell and Mark Russinovich. It runs on Windows XP and Windows Server 2003. Its output lists Windows Registry and file system API discrepancies that may indicate the presence of a rootkit...
, a rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...
detection utility, Contig
Contig (defragmentation utility)
Contig is a command line defragmentation utility for Windows currently owned by Microsoft subsidiary SysInternals.- Operation :Contig is designed to defragment individual files, or specified groups of files, and does not attempt to move files to the beginning of the partition...
, PageDefrag
PageDefrag
PageDefrag is a program, developed by Sysinternals , for Microsoft Windows that runs at start-up to defragment the virtual memory page file, the registry files and the Event Viewer's logs .Defragmenting these files may improve performance...
and a total of 65 other utilities. NTFSDOS
NTFSDOS
The company Winternals used to provide three kinds of programs for DOS that could handle NTFS formatted drives.- NTFSDOS :...
, which allowed NTFS volumes to be read by Microsoft's MS-DOS
MS-DOS
MS-DOS is an operating system for x86-based personal computers. It was the most commonly used member of the DOS family of operating systems, and was the main operating system for IBM PC compatible personal computers during the 1980s to the mid 1990s, until it was gradually superseded by operating...
operating system, is now discontinued and is no longer available for download.
Previously available for download was the Winternals Administrator Pack which contained ERD Commander 2005, Remote Recover 3.0, NTFSDOS Professional 5.0, Crash Analyzer Wizard, FileRestore 1.0, Filemon Enterprise Edition 2.0, Regmon Enterprise Edition 2.0, AD Explorer Insight for Active Directory 2.0, and TCP Tools.
On May 18, 2010 Sysinternals released its first new utility since its acquisition by Microsoft. Named RAMMap, it is a diagnostic utility similar to the memory tab of Windows Resource monitor; but more advanced. RAMMap runs only on Windows Vista and later.
Licensing issue with Best Buy
In April 2006, Geek SquadGeek Squad
The Geek Squad is a subsidiary of the Best Buy Company and is based in Richfield, Minnesota. It was originally founded on June 16, 1994 by Robert Stephens. The company offers various computer-related services and accessories for residential and commercial clients...
, a tech support company working in cooperation with Best Buy
Best Buy
Best Buy Co., Inc. is an American specialty retailer of consumer electronics in the United States, accounting for 19% of the market. It also operates in Mexico, Canada & China. The company's subsidiaries include Geek Squad, CinemaNow, Magnolia Audio Video, Pacific Sales, and, in Canada operates...
, was accused of using unlicensed versions of the ERD Commander software. Winternals supplied Best Buy with copies of its software so that Best Buy could evaluate the software while conducting contract negotiations for using it on a permanent basis. When contract talks broke down Best Buy did not notify its Geek Squad Agents to stop using the software and discard all copies. A judge granted a restraining order on April 12, requiring that use of all unlicensed software be stopped, and forcing Best Buy to turn over all copies of Winternals software within 20 days. After settlement, a version of the Winternals software was released to be used by Geek Squad.
External links
- Sysinternals page on Microsoft TechNet
- Sysinternals Live tools directory – Directly accessible repository of utilities
- Winternals homepage – Redirected to Microsoft Winternals announcement page