Sysinternals

Initially, Sysinternals (formerly known as “ntinternals”) was created in 1996 and was owned by Winternals Software LP, which was located in Austin , Texas , USA .

The site began operating under the guidance of two developers , Mark Russinovich and Bryce Cogswell.

On July 18, 2006, Microsoft fully acquired Winternals with all of their products.

The website offers many free tools for administering and monitoring computers running 32-bit and 64-bit Microsoft Windows operating systems . All software can now be found on the Microsoft website. The company also sold data recovery utilities , as well as professional editions of its free software .

In January 2011, Microsoft removed the source codes for utilities created by Mark Russinovich and Bruce Cogswell from Microsoft Technet. Microsoft explained its actions by the fact that access to these sources can cause problems with the support of other components of the Windows operating system ^[1] .

Winternals Software LP was founded by Mark Russinovich and Bryce Cogswell, the first of whom was famous for having discovered a rootkit used on Sony BMG disks, which caused a scandal and a public outcry, after posting a corresponding post in his blog, on October 31, 2005 ^[2] .

In April 2006, Geek Squad, whose technical support worked in collaboration with Best Buy , was accused of using unlicensed versions of Winternals software . The lawsuit was as follows: Winternals accused the latter of having illegally appropriated copyright and trademarks , and also concluded contracts for its use on an ongoing basis, and distributed them at a more favorable price, as negotiations on a commercial license agreement were interrupted . In a lawsuit, it was said that Best Buy interrupted the negotiations in February, since it was no longer interested in a commercial license. Each copy of the software cost $ 1,200, so the losses went to millions, said Winternals lawyer David Weaver. Winternals planned to recover an unspecified amount of damage and sue the losses. The hearing was scheduled for May 12, 2006 in Austin . And on April 12 of the same year, the judge satisfied the desire of Winternals, demanding that the entire supply of unlicensed software be discontinued within the next 20 days ^[3] .

On July 18, 2006, Microsoft acquired the company and all of its products. Mark Russinovich explained that Sysinternals products will remain active and will continue to evolve until Microsoft agrees to the method of distributing funds ( freeware ) provided internally. However, the password recovery utility "NT Locksmith" was immediately removed. Currently, the Sysinternals website has moved to the Microsoft web portal and has become part of Microsoft Technet .

Source Code and Technology

Most of the utilities that were developed were accompanied with source code written in C , C ++ or ASM . The source code was written under Microsoft Visual C ++ v.6.0 and could be compiled with minimal effort by any Microsoft Windows software developer . Some of the most interesting programs were distributed without source code , but earlier versions of the same utilities were available with it. Some software has received support for 64-bit Microsoft Windows operating systems, as well as for Linux .

Although it is worth noting that after the takeover by Microsoft, none of the available utilities are currently distributed open-source , nor are they supported or available for downloading software versions for Linux .

Some of the techniques used to encode information were based on the Windows Native API (NTAPI); they are still poorly documented by Microsoft . Using examples of these encodings, developers can create extremely flexible programs that can perform such operations that they cannot perform with standard APIs . Examples demonstrate features such as hiding information in the registry , intercepting and connecting APIs to monitor the file system of the operating system, and many others.

Sysinternals provides users with a huge number of free utilities , most of which are actively developed by Mark Russinovich and Bryce Cogswell, such as Process Explorer , AutoRuns , RootkitRevealer , Contig, PageDefrag , and many others that are in common complexity of 65 pieces ^[4] . The NTFSDOS utility for processing NTFS file system volumes in the Microsoft MS-DOS operating system is not currently being developed, and is also not available for download.

Also popular were products such as Administrator Pack with ERD Commander 2005, Remote Recover 3.0, NTFSDOS Professional 5.0, Crash Analyzer Wizard, FileRestore 1.0, Filemon Enterprise Edition 2.0, Regmon Enterprise Edition 2.0, AD Explorer Insight for Active Directory 2.0, TCP Tools .

On May 19, 2010, Sysinternals released its first and completely new utility , since it was acquired by Microsoft , called RAMmap , for analyzing and diagnosing the use of physical computer memory, a utility similar to the Microsoft Windows utility Performance and Stability Monitor, but is more advanced. RAMmap only works on Windows Vista and above.

List

• Sysinternals suite
• Accesschk
• AccessEnum
• Adexplorer
• Adinsight
• Adrestore
• Autologon
• Autoruns
• Bginfo
• Bluescreen

• Cacheset
• ClockRes
• Contig
• Coreinfo
• Ctrl2cap
• Debugview
• Desktops
• Disk2vhd
• DiskExt
• Diskmon

• Diskview
• Disk Usage (DU)
• EFSDump
• Filemon
• Handle
• Hex2dec
• Junction
• LDMDump
• ListDLLs
• Livekd

• LoadOrder
• LogonSessions
• MoveFile
• NT Locksmith
• NTFSInfo
• PageDefrag
• Pendmoves
• Pipelist
• Portmon
• Procdump

• Process explorer
• Process Monitor
• Procfeatures
• PsExec
• Psfile
• PsGetSid
• Psinfo
• Pskill
• Pslist
• PsLoggedOn

• Pspasswd
• Psservice
• Psshutdown
• PsSuspend
• Pstools
• Rammap
• RegDelNull
• Regjump
• Regmon
• RootkitRevealer

• PsLogList
• Sdelete
• ShareEnum
• Shellrunas
• Sigcheck
• Streams
• Strings
• Sync
• TCPView
• VMMap

• VolumeId
• Whois
• Winobj
• Zoomoom

• Sysinternals on Microsoft TechNet
• Sysinternals live
• Sergey and Marina Bondarenko. Microsoft buys Winternals and Sysinternals (Unc.) . 3DNews (July 19, 2007). The appeal date is September 2, 2010.
• Microsoft has closed access to the source code utilities Sysinternals
• Download Sysinternals Suite