Merge pull request #773 from MicrosoftDocs/main

Deploy February 2024 tools update

sysinternals/downloads/autoruns.md

@@ -5,14 +5,14 @@ description: See what programs are configured to startup automatically when your
 no-loc: [Mark Russinovich, David Solomon, Aaron Margosis]
 ms:assetid: 'b13af0f4-f0a1-4cc5-b940-20be546c1179'
 ms:mtpsurl: 'https://technet.microsoft.com/Bb963902(v=MSDN.10)'
-ms.date: 02/16/2022
+ms.date: 02/06/2024
 ---
 
-# Autoruns for Windows v14.1
+# Autoruns for Windows v14.11
 
 **By Mark Russinovich**
 
-Published: June 27, 2023
+Published: February 6, 2024
 
 [![Download](media/shared/Download_sm.png)](https://download.sysinternals.com/files/Autoruns.zip) [**Download Autoruns and Autorunsc**](https://download.sysinternals.com/files/Autoruns.zip) **(2.8 MB)**  
 **Run now** from [Sysinternals Live](https://live.sysinternals.com/autoruns.exe).

sysinternals/downloads/cacheset.md

@@ -56,7 +56,7 @@ You may notice that the Cache's size changes immediately and then
 proceeds to shrink or grow quickly. This is because the system
 automatically trims working sets once a second. The Cache pages that are
 released are still in memory, but can be relinquished quickly for use by
-other programs that need more memory. Similarly, the Cache can eaily
+other programs that need more memory. Similarly, the Cache can easily
 regain pages as applications access file system data.
 
 **Resetting Previous Values**

sysinternals/downloads/index.md

@@ -4,7 +4,7 @@ title: Sysinternals Utilities
 description: Evaluate and find out how to install, deploy, and maintain Windows with Sysinternals utilities.
 ms:assetid: 'aefdbd0d-e21b-45ad-8e2b-b69cb8e04d5f'
 ms:mtpsurl: 'https://technet.microsoft.com/Bb545027(v=MSDN.10)'
-ms.date: 01/09/2024
+ms.date: 02/06/2024
 ---
 
 # Sysinternals Utilities Index
@@ -51,7 +51,7 @@ Undelete Server 2003 Active Directory objects.
 Bypass password screen during logon.
 
 [Autoruns](autoruns.md)  
-*v14.1 (June 27, 2023)*  
+*v14.11 (February 6, 2024)*  
 See what programs are configured to startup automatically when your
 system boots and you login. Autoruns also shows you the full list of
 Registry and file locations where applications can configure auto-start
@@ -370,5 +370,5 @@ See who owns an Internet address.
 The ultimate Object Manager namespace viewer is here.
 
 [ZoomIt](zoomit.md)  
-*v7.2 (November 9, 2023)*  
+*v8.0 (February 6, 2024)*  
 Presentation utility for zooming and drawing on the screen.  

sysinternals/downloads/microsoft-store.md

@@ -2,15 +2,15 @@
 TOCTitle: Microsoft Store
 title: Microsoft Store
 description: Sysinternals Suite is available as an MSIX package from the Microsoft Store.
-ms.date: 01/09/2024
+ms.date: 02/06/2024
 ---
 
 # Microsoft Store
 
 ## Sysinternals Suite
 
-Version 2024.1  
-January 9, 2024
+Version 2024.2  
+February 6, 2024
 
 Sysinternals Suite is installed as an [MSIX bundle](/windows/msix/package/bundling-overview) from the Microsoft Store.
 

sysinternals/downloads/pendmoves.md

@@ -37,7 +37,7 @@ Target: DELETE
 
 ## MoveFile usage
 
-The included MoveFile utililty allows you to schedule move and  delete commands for the next reboot:
+The included MoveFile utility allows you to schedule move and  delete commands for the next reboot:
 **usage: movefile [source] [dest]**  
 Specifying an empty destination  ("") deletes the source at boot. An example that deletes test.exe is: 
 

sysinternals/downloads/psfile.md

@@ -44,7 +44,7 @@ system that are open by remote systems. Typing a command followed by "-
 |  **-p** |    Specifies password for user name. If this is omitted, you will be prompted to enter the password without it being echoed to the screen.|
 |  **Id** |    Identifier (as assigned by PsFile) of the file for which to display information or to close.|
 |  **Path** |  Full or partial path of files to match for information display or close.|
-|  **-c**  |   Closes the files identifed by ID or path.|
+|  **-c**  |   Closes the files identified by ID or path.|
 
 ## How it Works
 

sysinternals/downloads/psinfo.md

@@ -21,7 +21,7 @@ Published: March 30, 2023
 local or remote Windows NT/2000 system, including the type of
 installation, kernel build, registered organization and owner, number of
 processors and their type, amount of physical memory, the install date
-of the system, and if its a trial version, the expiration date.  
+of the system, and if it's a trial version, the expiration date.  
 
 ## Installation
 

sysinternals/downloads/rootkit-revealer.md

@@ -116,7 +116,7 @@ control any aspect of a system's behavior so information returned by any
 API, including the raw reads of Registry hive and file system data
 performed by RootkitRevealer, can be compromised. While comparing an
 on-line scan of a system and an off-line scan from a secure environment
-such as a boot into an CD-based operating system installation is more
+such as a boot into a CD-based operating system installation is more
 reliable, rootkits can target such tools to evade detection by even
 them.
 
@@ -288,7 +288,7 @@ This discrepancy will occur if a Registry value is updated while the
 Registry scan is in progress. Values that change frequently include
 timestamps such as the Microsoft SQL Server uptime value, shown below,
 and virus scanner "last scan" values. You should investigate any
-reported value to ensure that its a valid application or system Registry
+reported value to ensure that it's a valid application or system Registry
 value.
 
 HKLM\\SOFTWARE\\Microsoft\\Microsoft SQL

sysinternals/downloads/sysinternals-suite.md

@@ -5,17 +5,17 @@ description: The Windows Sysinternals troubleshooting Utilities have been rolled
 no-loc: [Mark Russinovich]
 ms:assetid: '0e18b180-9b7a-4c49-8120-c47c5a693683' 
 ms:mtpsurl: 'https://technet.microsoft.com/Bb842062(v=MSDN.10)' 
-ms.date: 01/09/2024
+ms.date: 02/06/2024
 ---
 
 # Sysinternals Suite
 
 **By Mark Russinovich**  
-Updated: January 9, 2024
+Updated: February 6, 2024
 
-[**Download Sysinternals Suite**](https://download.sysinternals.com/files/SysinternalsSuite.zip) (50.6 MB)  
+[**Download Sysinternals Suite**](https://download.sysinternals.com/files/SysinternalsSuite.zip) (50.8 MB)  
 [**Download Sysinternals Suite for Nano Server**](https://download.sysinternals.com/files/SysinternalsSuite-Nano.zip) (9.5 MB)  
-[**Download Sysinternals Suite for ARM64**](https://download.sysinternals.com/files/SysinternalsSuite-ARM64.zip) (15 MB)  
+[**Download Sysinternals Suite for ARM64**](https://download.sysinternals.com/files/SysinternalsSuite-ARM64.zip) (15.1 MB)  
 [**Install Sysinternals Suite from the Microsoft Store**](https://www.microsoft.com/store/apps/9p7knl5rwt25)  
 
 ## Introduction

sysinternals/downloads/tcpview.md

@@ -21,9 +21,8 @@ Published: April 11, 2023
 
 TCPView is a Windows program that will show you detailed listings of all
 TCP and UDP endpoints on your system, including the local and remote
-addresses and state of TCP connections. On Windows Server 2008, Vista,
-and XP, TCPView also reports the name of the process that owns the
-endpoint. TCPView provides a more informative and conveniently presented
+addresses and state of TCP connections. TCPView also reports the name of the process
+that owns the endpoint. TCPView provides a more informative and conveniently presented
 subset of the Netstat program that ships with Windows. The TCPView
 download includes Tcpvcon, a command-line version with the same
 functionality.

sysinternals/downloads/zoomit.md

@@ -5,16 +5,16 @@ description: Presentation utility for zooming and drawing on the screen.
 no-loc: [Mark Russinovich]
 ms:assetid: '0b6c4abc-9482-4759-a9cd-bf77cb961dd4'
 ms:mtpsurl: 'https://technet.microsoft.com/Bb897434(v=MSDN.10)'
-ms.date: 11/09/2023
+ms.date: 02/06/2024
 ---
 
-# ZoomIt v7.2
+# ZoomIt v8.0
 
 **By Mark Russinovich**
 
-Published: November 9, 2023
+Published: February 6, 2024
 
-[![Download](media/shared/Download_sm.png)](https://download.sysinternals.com/files/ZoomIt.zip) [**Download ZoomIt**](https://download.sysinternals.com/files/ZoomIt.zip) **(1.2 MB)**
+[![Download](media/shared/Download_sm.png)](https://download.sysinternals.com/files/ZoomIt.zip) [**Download ZoomIt**](https://download.sysinternals.com/files/ZoomIt.zip) **(1.4 MB)**
 **Run now** from [Sysinternals Live](https://live.sysinternals.com/ZoomIt.exe).
 <br><br>
 > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE55yQm?autoplay=true&loop=true&controls=false]
@@ -95,7 +95,10 @@ ZoomIt offers a number of shortcuts which can extend its usage greatly.
 |  Minimize Timer (Without Pausing It)                                                                                          |  Alt + Tab                                  |
 |  Show Timer When Minimized                                                                                                    |  Left-Click On The ZoomIt Icon              |
 |  Live Zoom Mode                                                                                                               |  Ctrl + 4                                   |
+|  Start DemoType                                                                                                               |  Ctrl + 7                                   |
+|  Move back to the previous snippet (DemoType)                                                                                 |  Ctrl + Shift + 7                           |
+|  Advance to the next snippet (DemoType User-driven Mode)                                                                      |  Space Bar                                  |
 |  Exit                                                                                                                         |  Esc or Right-Click                         |
 
-[![Download](media/shared/Download_sm.png)](https://download.sysinternals.com/files/ZoomIt.zip) [**Download ZoomIt**](https://download.sysinternals.com/files/ZoomIt.zip) **(1.2 MB)**
+[![Download](media/shared/Download_sm.png)](https://download.sysinternals.com/files/ZoomIt.zip) [**Download ZoomIt**](https://download.sysinternals.com/files/ZoomIt.zip) **(1.4 MB)**
 **Run now** from [Sysinternals Live](https://live.sysinternals.com/ZoomIt.exe).

sysinternals/index.md

@@ -5,7 +5,7 @@ description: Library, learning resources, downloads, support, and community. Eva
 no-loc: [Mark Russinovich]
 ms:assetid: '2b0d74e3-5962-455a-b35a-248979737b61'
 ms:mtpsurl: 'https://technet.microsoft.com/Bb545021(v=MSDN.10)'
-ms.date: 01/23/2024
+ms.date: 02/06/2024
 ---
 
 # ![Sysinternals icon](media/index/Sysinternals.png)<br>Sysinternals
@@ -30,6 +30,14 @@ You can view the entire Sysinternals Live tools directory in a browser or Window
 
 ## What's New [![RSS icon](media/index/rss.gif)](https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?board=Sysinternals-Blog)
 
+### What's New (February 6, 2024)
+
+- [ProcDump 3.2 for Linux](https://github.com/Sysinternals/ProcDump-for-Linux/releases/tag/3.2.0)  
+This update tracks mmap and munmap syscalls as part of resource leak tracking.
+
+- [ZoomIt v8.0](~/downloads/zoomit.md)  
+This update to ZoomIt adds a new feature called DemoType that automates typing.
+
 ### What's New (January 23, 2024)
 
 - [ProcDump 3.1 for Linux](https://github.com/Sysinternals/ProcDump-for-Linux/releases/tag/3.1.0)  
@@ -60,16 +68,3 @@ This update to ProcDump for Linux adds support for Azure Linux and fixes a coupl
 
 - [Sysmon 1.3 for Linux](https://github.com/Sysinternals/SysmonForLinux/releases/tag/1.3.0.0)
 This update to Sysmon for Linux fixes a bug with rule case matching.
-
-### What's New (July 26, 2023)
-
-- [ZoomIt v7.1](~/downloads/zoomit.md)  
-This update to ZoomIt adds audio capture to screen recording.
-
-- [ProcDump 2.0 for Linux](https://github.com/Sysinternals/ProcDump-for-Linux)  
-ProcDump for Linux, a flexible tool for manual and trigger-based process dump generation, receives two new .NET GC triggers (-gcm and -gcgen) and updates the existing memory trigger to allow for multiple thresholds.
-
-### What's New (June 27, 2023)
-
-- [Sysmon v15.0](~/downloads/sysmon.md)  
-This update to Sysmon, an advanced host security monitoring tool, sets the service to run as a protected process, hardening it against tampering, adds a new event, `FileExecutableDetected`, for when new executable images are saved to files, and fixes a system hang occurring in certain situations due to an interaction between network and file system events.

sysinternals/resources/archive/v01n02.md

@@ -151,7 +151,7 @@ Windows 2000 uses a new type of spinlock called a "queued spinlock" for its glob
 - `CcMasterSpinLock`: the Cache Manager's global spinlock
 - `CcVacbSpinLock`: the Cache Manager's mapping-array lock
 
-On a uniprocessor queued spinlocks work exactly like normal spinlocks. On the multiprocessor build of NT, however, queued spinlocks are significantly different. Like standard spinlocks, queued spinlocks are implemented in the HAL. Tthe kernel calls the HAL function `KeAcquireQueuedSpinlock` to acquire a queued spinlock, and it invokes `KeReleaseQueuedSpinlock` to release a queued spinlock. `KeAcquireSpinlock` and `KeReleaseSpinlock`, the HAL functions the kernel uses to acquire and release standard spinlocks, require the address of the specified spinlock as a parameter. By contrast, the queued spinlock functions take the index number of a global spinlock. The kernel initializes the global spinlocks in an array, where each spinlock has a predefined index number that the kernel uses to identify them to the HAL. Thus, queued spinlocks cannot be defined and used by device drivers, since there is no way of augmenting the global queued spinlock array.
+On a uniprocessor queued spinlocks work exactly like normal spinlocks. On the multiprocessor build of NT, however, queued spinlocks are significantly different. Like standard spinlocks, queued spinlocks are implemented in the HAL. The kernel calls the HAL function `KeAcquireQueuedSpinlock` to acquire a queued spinlock, and it invokes `KeReleaseQueuedSpinlock` to release a queued spinlock. `KeAcquireSpinlock` and `KeReleaseSpinlock`, the HAL functions the kernel uses to acquire and release standard spinlocks, require the address of the specified spinlock as a parameter. By contrast, the queued spinlock functions take the index number of a global spinlock. The kernel initializes the global spinlocks in an array, where each spinlock has a predefined index number that the kernel uses to identify them to the HAL. Thus, queued spinlocks cannot be defined and used by device drivers, since there is no way of augmenting the global queued spinlock array.
 
 In Windows 2000, each processor control region (PCR) in an SMP (there is one PCR for each processor) has an array with as many entries in it as there are queued spinlocks. Each array entry contains two fields: a pointer to the queued spinlock it corresponds to (the "spinlock" field), and "queue" field. In the following description, when I refer to the spinlock and queue fields, I'm talking about the fields associated with the array entry for the spinlock that is being acquired or released.
 

sysinternals/resources/archive/v01n05.md

@@ -140,7 +140,7 @@ As of the beginning of August, on-line versions of Windows NT Magazine articles
 
 WinObj is a powerful tool for exploring the Windows NT/2K Object namespace. The Object namespace is one of three namespaces in NT/2K: the Object namespace, the Registry namespace, and the filesystem namespace. You get to the Registry and filesystem namespaces via objects in the Object namespace. For example, when a Win32 program opens the Registry key `HKEY_LOCAL_MACHINE\Software\Microsoft` the ADVAPI32.DLL library transforms the name to `\Registry\Machine\Software\Microsoft` before calling the kernel service `NtCreateKey`. If you look at the root of the Object namespace in WinObj you'll see an object of type "key" named Registry. The Registry name matches the first component of the key name and so the NT/2K Object Manager passes the rest of the name, `\Machine\Software\Microsoft`, to the subsystem that defines the key object. The Configuration Manager kernel subsystem maintains the Registry and key objects, so it parses the rest of the name to locate the desired key.
 
-You can explore the Object namespace and view or set object security properties using WinObj. Download Winobj at http<nolink>://www.sysinternals.com/winobj.htm. I discuss the Object Manager namespace and WinObj in my October 1997 NT Internals column, "Inside the Object Manager". Follow a link to the on-line version of the colum at http<nolink>://www.sysinternals.com/publ.htm.
+You can explore the Object namespace and view or set object security properties using WinObj. Download Winobj at http<nolink>://www.sysinternals.com/winobj.htm. I discuss the Object Manager namespace and WinObj in my October 1997 NT Internals column, "Inside the Object Manager". Follow a link to the on-line version of the column at http<nolink>://www.sysinternals.com/publ.htm.
 
 ## INTERNALS NEWS
 

sysinternals/resources/archive/v02n01.md

@@ -136,7 +136,7 @@ Filemon passed all the stress tests without incident  except one. Since Filemon
 
 Fortunately, Filemon's crash occurred in the last session of the plugfest so I had minimal embarrassment, and since the testing found at least one serious bug or interoperability issue in every product present I was not alone. Filemon v4.26 is the version that corrects the bug discovered at the plugfest.
 
-Even before I attended the plugfest I found a bug in Filemon that might of interest to NT device and file system driver developers. I recently modified Filemon to use the poorly documented Executive Resource (E-Resource) synchronization mechanism. Microsoft's file system drivers use E-Resources extensively so I thought that it would be educational to include their use in Filemon's source code. E-Resources must be acquired by threads that have APCs (Asynchronous Procedure Calls) disabled. You just have to "know" this because the DDK docs don't tell you. Unfortunately, in the haste of implementation I omitted required calls to functions that disable and re-enable APCs around Filemon's E-Resource acquisitions. This bug only causes problems in very rare circumstances so I didn't detect it until Win2K's Driver Verifier caught it for me. To fix the problem I added a call to KeEnterCriticalSection before acquiring an E-Resource and KeLeaveCriticalSection after releasing an E-Resource.
+Even before I attended the plugfest, I found a bug in Filemon that might be of interest to NT device and file system driver developers. I recently modified Filemon to use the poorly documented Executive Resource (E-Resource) synchronization mechanism. Microsoft's file system drivers use E-Resources extensively so I thought that it would be educational to include their use in Filemon's source code. E-Resources must be acquired by threads that have APCs (Asynchronous Procedure Calls) disabled. You just have to "know" this because the DDK docs don't tell you. Unfortunately, in the haste of implementation I omitted required calls to functions that disable and re-enable APCs around Filemon's E-Resource acquisitions. This bug only causes problems in very rare circumstances so I didn't detect it until Win2K's Driver Verifier caught it for me. To fix the problem I added a call to KeEnterCriticalSection before acquiring an E-Resource and KeLeaveCriticalSection after releasing an E-Resource.
 
 Download Filemon v4.26 at http<nolink>://www.sysinternals.com/filemon.htm.