The Case of the App Install Recorder

Adapted from the forthcoming book, Troubleshooting with the Windows® Sysinternals Tools, by Mark E. Russinovich and Aaron Margosis. A customer had nearly a dozen software packages that wouldn’t install on Windows 7 x64. Every installation program failed immediately with an error message like the one shown in the screenshot below. However, they all installed successfully…


Sysinternals at TechEd US 2014: LIVE

Sorry for the late notice, but I just saw this: Sysinternals Primer: TechEd 2014 Edition will be airing live on Channel 9 starting at 5pm Central Daylight Time today.  (That’s in just over 4 hours from now as I write this.) Not sure about the link – try either or [Update 5 September 2014: …


Sysinternals at TechEd US 2014

I’ll be presenting “TWC: Sysinternals Primer: TechEd 2014 Edition” in Houston, Tuesday, May 13, 2014, 5:00pm-6:15pm US Central Time.  Lots of cool stuff, including the “App Install Recorder” (I will post the scripts on this blog); great new features that Mark Russinovich has added to AccessChk, SigCheck, Process Explorer, and how you can use them proactively to…


I’ll be on Defrag Tools (Channel 9)

Earlier today I finally got the chance to go into the studio to appear on the “Defrag Tools” show on Channel 9.  We talked about the upcoming Sysinternals book I’m writing with Mark Russinovich, and demonstrated a very cool “App Install Recorder” built with Process Monitor and some PowerShell scripts. The episode will go live next Monday,…


Speaking at Washington DC IT Pro Camp, Sat. Feb. 22, 2014

Microsoft is pleased to announce the first Washington DC IT Pro Camp on Saturday, February 22 2014 from 8:00 am to 5:00 pm at Microsoft Training Center 5404 Wisconsin Ave, Suite 700 Chevy Chase, Maryland 20815 Parking and admittance to this event is free. Lunch will  provided. Please Register soon and let friends and colleagues know about this…


Redefining what "Never doing that again" means… Troubleshooting with the Windows Sysinternals Tools, Second Edition

When people asked me what it was like writing a book, I’d invariably answer, “It was a once in a lifetime experience.  I hope.”  When they asked, “Are you going to write another one?” my answer was always, “No.”  (Actually, my answer was more emphatic than that, but this professional blog site’s policies don’t permit me…


VirtMemTest: a utility to exercise memory and other operations

I wrote the first versions of VirtMemTest while working on the Windows Sysinternals Administrator’s Reference.  The utility made it easy for me to perform a variety of memory operations and to observe how different Sysinternals utilities reacted to them.  I eventually added CPU-stress capabilities, hung UI simulation, and crash-on-exit, particularly for exercising ProcDump.  I have…


Sysinternals – and Pass the Hash – at TechEd next week.

There are five talks highlighting the Sysinternals utilities at TechEd North America next week in New Orleans.  They all happen to be on Thursday, June 6.  Click the session titles for more information.  The videos should be on Channel 9 within 24 hours of the talks. Hardcore Debugging Andrew RichardsJune 6, 2013 from 10:15AM to…


Using NTFS Junctions to Fix Application Compatibility Issues on 64-bit Editions of Windows

Executive Summary This paper describes a simple way to mitigate some types of application compatibility problems with legacy applications installed on 64-bit editions of Windows Vista and newer, including Windows 7 and Windows 8. The technique relies on creating an NTFS junction or symbolic link, effectively “joining” two otherwise separate directory structures. The paper provides…


The Sysinternals book is available in Russian!

The Windows Sysinternals Administrator’s Reference that I co-authored with Mark Russinovich is now available in Russian!