Monthly Archives: February 2007

SysInternals Suite

Good news! All the free utilities from are now available as a single convenient download here:

    Download SysInternals Suite [7.2 MB]

As you may or may not know, SysInternals was a website run by Mark Russinovich and Bryce Cogswell. Founded in 1996, it was the place to go for useful Windows utilities that did “hard” things – registry snooping, file monitoring, Rootkit detecters, etc.

For most IT professionals, utilities like Process Explorer, RegMon and FileMon have long been indispensable parts of their computer toolkit. (I have particular interest in the latter, since it performs a similar function to my own SnoopDos utility from 1989).

A few months ago, SysInternals was bought by Microsoft; Mark and Bryce are now working for Bill. One of the immediate changes was that all the utilities are now hosted on Microsoft’s website. A less visible change is that tools no longer come with source code. This is a huge blow to those of us who use the SysInternals tools as reference examples for a wide variety of programming techniques – for example, how to create virtual device drivers that can be installed without a reboot (greatly simplifying the installation process). Luckily, you can still find copies of the original source archives if you know where to look, though I expect that won’t last long.

The SysInternals tools are also exemplars of efficient coding, with executables sizes typically in the 100-500K range. In a world of ever-more-bloated programs, it’s nice to know that there are still people out there who care about such things.

It remains to be seen whether the ethos behind the SysInternals tools will change significantly as a result of the Microsoft takeover. I hope not, but the first worrying signs are already apparent. The removal of Linux versions of some tools is also a shame (though not a surprise).

In the meantime though, I salute Mark and Bryce for 10 years of supreme contribution to the Windows community. If you haven’t already downloaded the SysInternals Suite, do it now!