Microsoft withdraws Sysinternals source code

9 November 2006 Microsoft

Anyone involved in support or development on Windows platforms has almost certainly come across the excellent tools from Mark Russinovich and Bryce Cogswell, collectively known as SysInternals (free tools) and Winternals (pay tools).

These tools are well written, small, powerful and provide insightful information and control. The gems include Process Explorer – a powerful replacement for Task Manager that can show you which files are locked by which processes etc. the excellent RegMon and FileMon for keeping an eye on what files and registry entries applications are utilizing and many other invaluable utilities for dealing with the trickiest situation.

SysInternals has been around since 1996, gradually improving their tools whilst they also demonstrated how to delve into the guts of Windows itself. Indeed these techniques formed the basis of Mark’s books Inside Windows 2000 and Microsoft Windows Internals which utilize a number of undocumented, and therefore unsupported, internal API calls to achieve these seemingly magical feats.

When Microsoft purchased SysInternals and Winternals as you can imagine a number of people were worried.

Techies feared loosing access to some great tools whilst developers about loosing the ongoing source and details of such powerful APIs that didn’t officially exist with SysInternal’s tools, source and books providing the best source of information.

There was no need to worry however the press announcement stated:

Customers will be able to continue building on SysInternals’ advanced utilities, technical information and source code for utilities related to Windows.

Good news there then. At least if it were true.

The replacement for SysInternal’s site came on-line a few days ago and included in the bunch of small updates and new Process Monitor application (replacement for RegMon and FileMon) was the following snippet hidden away in the Sysinternals Site Migration page.

Source Code: The number of source code downloads didn’t justify the migration, support, and possible integration problems it might cause with other Windows components down the road.

There has been some discussion that these internal APIs were being used for malware. I don’t see how denying the source now the malware authors know-how or the source and Windows Internals books are in free circulation.

Just as I thought Microsoft were opening up their own code (WTL, Wix etc.) and their staff they go and pull such a cheap stupid damaging trick.

I’ve posted a news article to Slashdot about it so my apologies if you’re already had my much shorter summary. They like em that way and I didn’t want them linking back here for fear of turning my Shuttle server into a melted heap with all the traffic.

Updates

Slashdot rejected it and went with Justin Long no longer being the Mac – a story that wasn’t even true.

Microsoft have usefully packed the whole Sysinternals suite up into a single download.

[)amien

5 responses

  1. Avatar for Steve

    I think the reasons are similar to the reasons for not allowing non-managed code on XNA - technically it could be done and there should be no barrier to doing it securely, but they'd rather not take the risk. A shame.

    I love sysinternals tools and couldn't live without them, although I never bothered to access the source code (therefore I'm part of the problem I guess).

    Steve 10 November 2006
  2. Avatar for Goldsacs

    Well.. that wasn't a shock that MS would do that.

    Goldsacs 11 November 2006
  3. Avatar for Jp

    You can actually get the source code (still, while you can!) for some utilities by going to the MS site, and adding "Source" after the utility name but before the ".zip" extension.

    Example:
    ShareEnum executable download location
    http://download.sysinternals.com/Files/ShareEnum.zip

    ShareEnum SOURCE download location:
    http://download.sysinternals.com/Files/ShareEnumSource.zip

    The programs for which source is available is listed at:
    http://www.sysinternals.com/SourceCode.html

    HTH :)

    Jp 15 November 2006
  4. Avatar for 62mkv

    http://www.sysinternals.com/SourceCode.html - "The page you requested has not been found" :(

    http://download.sysinternals.com/Files/ShareEnum.zip - opens XML

    OutOfRangeInput One of the request inputs is out of range. RequestId:06a0d2bc-e01e-0081-800b-2ed5bb000000 Time:2018-08-07T05:01:50.4243519Z

    any ways to have PsShutdown source code ?

    62mkv 7 August 2018
  5. Avatar for HTCG

    You're about 12 years late, but someone mirrored the source code of the Sysinternals utilities from before it was taken down at https://github.com/xcud/sysinternals-source. The source code for PsShutdown can be downloaded from here: https://github.com/xcud/sysinternals-source/blob/master/download.sysinternals.com/Files/PsShutdown.zip?raw=true.

    Just a few weeks ago, Microsoft announced that they were porting the Sysinternals utilities to Linux. Looks like they've released the source code for the Linux version of ProcDump at https://github.com/Microsoft/ProcDump-for-Linux, available under an MIT license. Anyways, I think there is hope that Microsoft may once again open-source the rest of the Sysinternals utilities.

    HTCG 28 November 2018