Merge pull request MicrosoftDocs#339 from MicrosoftDocs/master

Jan 11 deployment; merge 'master' to 'live'
jdrch · Jan 11, 2021 · 5e46536 · 5e46536
2 parents 6858c7b + cdf9667
commit 5e46536
Show file tree

Hide file tree

Showing 10 changed files with 86 additions and 67 deletions.
diff --git a/sysinternals/downloads/index.md b/sysinternals/downloads/index.md
@@ -4,7 +4,7 @@ title: Sysinternals Utilities
 description: Evaluate and find out how to install, deploy, and maintain Windows with Sysinternals utilities.
 ms:assetid: 'aefdbd0d-e21b-45ad-8e2b-b69cb8e04d5f'
 ms:mtpsurl: 'https://technet.microsoft.com/Bb545027(v=MSDN.10)'
-ms.date: 11/25/2020
+ms.date: 01/11/2021
 ---
 
 # Sysinternals Utilities Index
@@ -226,12 +226,12 @@ open, which DLLs they have loaded, and more. This uniquely powerful
 utility will even show you who owns each process.
 
 [Process Monitor](procmon.md)  
-*v3.60 (September 17, 2020)*  
+*v3.61 (January 11, 2021)*  
 Monitor file system, Registry, process, thread and DLL activity in
 real-time.
 
 [PsExec](psexec.md)  
-*v2.2 (June 29, 2016)*  
+*v2.21 (January 11, 2021)*  
 Execute processes on remote systems.
 
 [PsFile](psfile.md)  
@@ -283,7 +283,7 @@ Shuts down and optionally reboots a computer.
 Suspend and resume processes.
 
 [PsTools](pstools.md)  
-*v2.45 (July 4, 2016)*  
+*v2.46 (January 11, 2021)*  
 The PsTools suite includes command-line utilities for listing the
 processes running on local or remote computers, running processes
 remotely, rebooting computers, dumping event logs, and more.
@@ -339,7 +339,7 @@ Search for ANSI and UNICODE strings in binary images.
 Flush cached data to disk.
 
 [Sysmon](sysmon.md)  
-*v12.03 (November 25, 2020)*  
+*v13.00 (January 11, 2021)*  
 Monitors and reports key system activity via the Windows event log.
 
 [TCPView](tcpview.md)  

diff --git a/sysinternals/downloads/process-explorer.md b/sysinternals/downloads/process-explorer.md
@@ -71,7 +71,8 @@ Simply run *Process Explorer* (procexp.exe).
 The help file describes *Process Explorer* operation and usage. If you
 have problems or questions please visit the [Process Explorer forum on Technet](https://social.technet.microsoft.com/Forums/home?forum=procexplorer).  
 
-
+## Note on use of symbols:
+When you configure the path to DBGHELP.DLL and the symbol path uses the symbol server, the location of DBGHELP.DLL also has to contain the SYMSRV.DLL supporting the server paths used. See [SymSrv documentation](https://docs.microsoft.com/windows-hardware/drivers/debugger/symsrv) or more information on how to use symbol servers.
 
 ## Learn More
 

diff --git a/sysinternals/downloads/procmon.md b/sysinternals/downloads/procmon.md
@@ -4,15 +4,15 @@ title: Process Monitor
 description: Monitor file system, Registry, process, thread and DLL activity in real-time.
 ms:assetid: '37225635-4ad0-4b08-aa5e-4bba665b1d89'
 ms:mtpsurl: 'https://technet.microsoft.com/Bb896645(v=MSDN.10)'
-ms.date: 09/17/2020
+ms.date: 01/11/2021
 ---
 
-Process Monitor v3.60
+Process Monitor v3.61
 =====================
 
 **By Mark Russinovich**
 
-Published: September 17, 2020
+Published: January 11, 2021
 
 [![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/ProcessMonitor.zip) [**Download Process Monitor**](https://download.sysinternals.com/files/ProcessMonitor.zip) **(2 MB)**  
 **Run now** from [Sysinternals Live](https://live.sysinternals.com/Procmon.exe).

diff --git a/sysinternals/downloads/psexec.md b/sysinternals/downloads/psexec.md
@@ -4,17 +4,17 @@ title: PsExec
 description: Execute processes on remote systems.
 ms:assetid: '936a8b8b-a7ce-4b63-bcc2-ca334cd4c276'
 ms:mtpsurl: 'https://technet.microsoft.com/Bb897553(v=MSDN.10)'
-ms.date: 06/29/2016
+ms.date: 01/11/2021
 ---
 
-PsExec v2.2
+PsExec v2.21
 ============
 
 **By Mark Russinovich**
 
-Published: June 29, 2016
+Published: January 11, 2021
 
-[![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/PSTools.zip) [**Download PsTools**](https://download.sysinternals.com/files/PSTools.zip) **(2.7 MB)**
+[![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/PSTools.zip) [**Download PsTools**](https://download.sysinternals.com/files/PSTools.zip) **(3.5 MB)**
 
 
 ## Introduction
@@ -46,12 +46,12 @@ See the July 2004 issue of *Windows IT Pro Magazine* for [Mark's
 article](https://www.itprotoday.com/compute-engines/psexec) that covers
 advanced usage of PsExec.
 
-<strong>Usage: psexec \[\\\\computer\[,computer2\[,...\] | @file\]\]\[-u user
-\[-p psswd\]\[-n s\]\[-r servicename\]\[-h\]\[-l\]\[-s|-e\]\[-x\]\[-i
-\[session\]\]\[-c executable \[-f|-v\]\]\[-w
-directory\]\[-d\]\[-&lt;priority&gt;\]\[-a n,n,...\] cmd \[arguments\]</strong>
+**Usage:**
+
+```cmd
+psexec [\\computer[,computer2[,...] | @file]][-u user [-p psswd][-n s][-r servicename][-h][-l][-s|-e][-x][-i [session]][-c executable [-f|-v]][-w directory][-d][-<priority>][-a n,n,...] cmd [arguments]
+```
 
-
 |       Parameter        |                                                                                                                                 Description                                                                                                                                 |
 |------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 |         **-a**         |                                                Separate processors on which the application can run with commas where 1 is the lowest numbered CPU. For example, to run the application on CPU 2 and CPU 4, enter: "-a 2,4"                                                 |
@@ -141,7 +141,7 @@ command:
 
 **psexec -l -d "c:\\program files\\internet explorer\\iexplore.exe"**
 
-[![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/PSTools.zip) [**Download PsTools**](https://download.sysinternals.com/files/PSTools.zip) **(2.7 MB)**
+[![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/PSTools.zip) [**Download PsTools**](https://download.sysinternals.com/files/PSTools.zip) **(3.5 MB)**
 
 **PSTools**
 

diff --git a/sysinternals/downloads/pstools.md b/sysinternals/downloads/pstools.md
@@ -4,17 +4,17 @@ title: PsTools
 description: Command-line utilities for listing the processes running on local or remote computers, running processes, rebooting computers, and more.
 ms:assetid: '559ea946-3d7d-47bb-821c-b47fd078dfb7'
 ms:mtpsurl: 'https://technet.microsoft.com/Bb896649(v=MSDN.10)'
-ms.date: 07/04/2016
+ms.date: 01/11/2021
 ---
 
 PsTools
 =======
 
 **By Mark Russinovich**
 
-Published: July 4, 2016
+Published: January 11, 2021
 
-[![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/PSTools.zip) [**Download PsTools Suite**](https://download.sysinternals.com/files/PSTools.zip) **(2.7 MB)**
+[![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/PSTools.zip) [**Download PsTools Suite**](https://download.sysinternals.com/files/PSTools.zip) **(3.5 MB)**
 
 
 ## Introduction
@@ -70,7 +70,7 @@ package, are:
 The *PsTools* download package includes an HTML help file with complete
 usage information for all the tools.
 
-[![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/PSTools.zip) [**Download PsTools Suite**](https://download.sysinternals.com/files/PSTools.zip) **(2.7 MB)**
+[![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/PSTools.zip) [**Download PsTools Suite**](https://download.sysinternals.com/files/PSTools.zip) **(3.5 MB)**
 
 **Runs on:**  
   - Client: Windows Vista and higher

diff --git a/sysinternals/downloads/sysinternals-suite.md b/sysinternals/downloads/sysinternals-suite.md
@@ -4,18 +4,18 @@ title: Sysinternals Suite
 description: The Windows Sysinternals troubleshooting Utilities have been rolled up into a single suite of tools.
 ms:assetid: '0e18b180-9b7a-4c49-8120-c47c5a693683' 
 ms:mtpsurl: 'https://technet.microsoft.com/Bb842062(v=MSDN.10)' 
-ms.date: 11/04/2020
+ms.date: 01/11/2021
 ---
 
 Sysinternals Suite
 ==================
 
 **By Mark Russinovich**  
-Updated: November 04, 2020
+Updated: January 11, 2021
 
-[**Download Sysinternals Suite**](https://download.sysinternals.com/files/SysinternalsSuite.zip) (38 MB)  
-[**Download Sysinternals Suite for Nano Server**](https://download.sysinternals.com/files/SysinternalsSuite-Nano.zip) (7.8 MB)  
-[**Download Sysinternals Suite for ARM64**](https://download.sysinternals.com/files/SysinternalsSuite-ARM64.zip) (9.6 MB)  
+[**Download Sysinternals Suite**](https://download.sysinternals.com/files/SysinternalsSuite.zip) (38.1 MB)  
+[**Download Sysinternals Suite for Nano Server**](https://download.sysinternals.com/files/SysinternalsSuite-Nano.zip) (7.9 MB)  
+[**Download Sysinternals Suite for ARM64**](https://download.sysinternals.com/files/SysinternalsSuite-ARM64.zip) (9.8 MB)  
 
 ## Introduction
 

diff --git a/sysinternals/downloads/sysmon.md b/sysinternals/downloads/sysmon.md
@@ -4,15 +4,15 @@ title: Sysmon
 description: Monitors and reports key system activity via the Windows event log.
 ms:assetid: 'f49b1cb3-c689-469e-ade0-6fa98d72f9d6'
 ms:mtpsurl: 'https://technet.microsoft.com/Dn798348(v=MSDN.10)'
-ms.date: 11/25/2020
+ms.date: 01/11/2021
 ---
 
-Sysmon v12.03
+Sysmon v13.00
 ===========
 
 **By Mark Russinovich and Thomas Garnier**
 
-Published: November 25, 2020
+Published: January 11, 2021
 
 [![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/Sysmon.zip) [**Download Sysmon**](https://download.sysinternals.com/files/Sysmon.zip) **(1.8 MB)**
 
@@ -295,22 +295,29 @@ execute, this event logs the WMI namespace, filter name and filter expression.
 
 ### Event ID 20: WmiEvent (WmiEventConsumer activity detected)
 
-This event logs the registration of WMI consumers, recording the consumer name, 
+This event logs the registration of WMI consumers, recording the consumer name,
 log, and destination.
 
 ### Event ID 21: WmiEvent (WmiEventConsumerToFilter activity detected)
 
-When a consumer binds to a filter, this event logs the consumer name and filter path. 
+When a consumer binds to a filter, this event logs the consumer name and filter path.
 
 ### Event ID 22: DNSEvent (DNS query)
 
-This event generates when a process executes a DNS query, whether the result is successful or fails, cached or not.
+This event is generated when a process executes a DNS query, whether the result is successful or fails, cached or not.
 The telemetry for this event was added for Windows 8.1 so it is not available on Windows 7 and earlier.
 
 ### Event ID 23: FileDelete (A file delete was detected)
 
-A file was deleted
+A file was deleted.
 
+### Event ID 24: ClipboardChange (New content in the clipboard)
+
+This event is generated when the system clipboard contents change.
+
+### Event ID 25: ProcessTampering (Process image change)
+
+This event is generated when a process image is changed from an external source, such as a different process.
 ### Event ID 255: Error
 
 This event is generated when an error occurred within Sysmon. They can

diff --git a/sysinternals/downloads/system-information.md b/sysinternals/downloads/system-information.md
@@ -73,4 +73,3 @@ information in different ways on its several different tabs.
 
 [WinObj](winobj.md)  
 The ultimate Object Manager namespace viewer is here.
-s
diff --git a/sysinternals/downloads/zoomit.md b/sysinternals/downloads/zoomit.md
@@ -47,19 +47,37 @@ ZoomIt offers a number of shortcuts which can extend its usage greatly.
 
 |  Function | Shortcut  |
 |---|---|
-|  Begin Zoom In Mode |  Ctrl+1  |
-| Zoom In | Up Key |
-| Zoom Out | Down Key |
-|  Begin Drawing (While zoomed) | Left-Click  |
-|  Begin Drawing (While not zoomed) | Ctrl+2  |
-| Increase line and pointer size (Drawing mode) | Ctrl + Up |
-| Decrease line and pointer size (Drawing mode) | Ctrl + Down |
-| Red Pen Color | R |
-| Blue Pen Color | B | 
-| Yellow Pen Color | Y |
-| Green Pen Color | G | 
-| Show Meeting Timer | Ctrl + 3 |
+| Zoom Mode | Ctrl + 1 |
+| Zoom In | Mouse Scroll Up or Up Arrow |
+| Zoom Out | Mouse Scroll Down or Down Arrow |
+| Start Drawing (While In Zoom Mode) | Left-Click  |
+| Start Drawing (While Not In Zoom Mode) | Ctrl + 2  |
+| Increase/Decrease Line And Cursor Size (Drawing Mode) | Ctrl + Mouse Scroll Up/Down or Arrow Keys |
+| Center The Cursor (Drawing Mode) | Space Bar |
+| Whiteboard (Drawing Mode) | W |
+| Blackboard (Drawing Mode) | K |
+| Type in Text | T |
+| Increase/Decrease Font Size (Typing Mode) | Ctrl + Mouse Scroll Up/Down or Arrow Keys |
+| Red Pen | R |
+| Green Pen | G |
+| Blue Pen | B | 
+| Yellow Pen | Y |
+| Orange Pen | O | 
+| Pink Pen | P |
+| Draw a Straight Line | Hold Shift |
+| Draw a Rectangle | Hold Ctrl |
+| Draw an Ellipse | Hold Tab |
+| Draw an Arrow | Hold Ctrl + Shift |
+| Erase Last Drawing | Ctrl + Z |
+| Erase All Drawings | E |
+| Copy Screenshot to Clipboard | Ctrl + C |
+| Save Screenshot as PNG | Ctrl + S |
+| Show Countdown Timer | Ctrl + 3 |
+| Increase/Decrease Time | Ctrl + Mouse Scroll Up/Down or Arrow Keys |
+| Minimize Timer (Without Pausing It) | Alt + Tab |
+| Show Timer When Minimized | Left-Click On The ZoomIt Icon |
 | Live Zoom Mode | Ctrl + 4 |
+| Exit | Esc or Right-Click |
 
 
 ![ZoomIt](/media/landing/sysinternals/20130618_Zoomit_v4.5.jpg)  

diff --git a/sysinternals/index.md b/sysinternals/index.md
@@ -4,7 +4,7 @@ title:  Windows Sysinternals | Microsoft Docs
 description: Library, learning resources, downloads, support, and community. Evaluate and find out how to install, deploy, and maintain Windows with Sysinternals utilities.
 ms:assetid: '2b0d74e3-5962-455a-b35a-248979737b61'
 ms:mtpsurl: 'https://technet.microsoft.com/Bb545021(v=MSDN.10)'
-ms.date: 11/25/2020
+ms.date: 01/11/2021
 ---
 
 # ![Windows icon](/media/landing/sysinternals/Windows_logo_46x50px.png) Windows Sysinternals
@@ -25,20 +25,28 @@ You can view the entire Sysinternals Live tools directory in a browser at [https
 
 ## What's New [![RSS icon](/media/landing/sysinternals/rss.gif)](https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?board=Sysinternals-Blog) ##
 
+### What's New (January 11, 2021)
+
+- [Sysmon v13.00](~/downloads/sysmon.md)  
+This update to Sysmon adds a process image tampering event that reports when the mapped image of a process doesn’t match the on-disk image file, or the image file is locked for exclusive access. These indicators are triggered by process hollowing and process herpaderping. This release also includes several bug fixes, including fixes for minor memory leaks.
+
+- [Process Monitor v3.61](~/downloads/procmon.md)  
+This update to Process Monitor adds monitoring for RegSaveKey, RegLoadKey and RegRestoreKey APIs, as well as fixes a bug in the details output for some types of directory queries.
+
 ### What's New (November 04, 2020)
 
-- [AdExplorer v1.50](~/downloads/adexplorer.md)
+- [AdExplorer v1.50](~/downloads/adexplorer.md)  
 This release of AdExplorer, an Active Directory (AD) viewer and editor, adds support for exporting data from the "Compare" dialog and is now available for x64 and ARM64.
 
-- [Disk Usage (DU) v1.62](~/downloads/du.md)
+- [Disk Usage (DU) v1.62](~/downloads/du.md)  
 This release of Disk Usage (DU), a tool for viewing disk usage information, now also accounts for the MFT (Master File Table), removes the MAX_PATH limitation and is now available for ARM64.
 
 ### What's New (October 15, 2020)
 
-- [VMMap v3.30](~/downloads/vmmap.md)
+- [VMMap v3.30](~/downloads/vmmap.md)  
 This update to VMMap, a utility that reports the virtual memory layout of a process, identifies .NET Core 3.0 managed heaps.
 
-- [RAMMap v1.60](~/downloads/rammap.md)
+- [RAMMap v1.60](~/downloads/rammap.md)  
 This release to RAMMap, a utility that analyzes and displays physical memory usage, adds customizable map colors and a new command line option, -e, to empty the different types of system working sets.
 
 ### What's New (September 17, 2020)
@@ -71,17 +79,3 @@ This major update to Sysmon includes file delete monitoring and archive to help
 
   - [Sysinternals April 27 Update Video](https://www.youtube.com/watch?v=_MUP4tgdM7s)  
     Mark Russinovich covers what’s new in this update, with a demo of Sysmon’s new file delete monitoring and capture capability.
-
-### What's New (December 20, 2019) ###
-- [Scheduled livesite maintenance](~/Announce/SiteUpgradeDec2019.md) 
-
-### What's New (December 11, 2019) ###
-  - [Sysmon v10.42](~/downloads/sysmon.md)  
-  This update to Sysmon addresses a number of memory leaks, introduces the "Excludes Any" and "Excludes All" filtering conditions and resolves a number of bugs.
-
-  - [Zoomit v4.52](~/downloads/zoomit.md)  
-  This update to Zoomit resolves a number of dual-monitor related issues.
-
-  - [Whois v1.21](~/downloads/whois.md)  
-  This refresh of Whois contains various bug fixes.
-
Original file line number	Diff line number	Diff line change
Expand Up		@@ -73,4 +73,3 @@ information in different ways on its several different tabs.

		[WinObj](winobj.md)
		The ultimate Object Manager namespace viewer is here.
		s