Microsoft withdraws Sysinternals source code

Anyone involved in support or development on Windows platforms has almost certainly come across the excellent tools from Mark Russinovich and Bryce Cogswell, collectively known as SysInternals (free tools) and Winternals (pay tools).

These tools are well written, small, powerful and provide insightful information and control. The gems include Process Explorer – a powerful replacement for Task Manager that can show you which files are locked by which processes etc. the excellent RegMon and FileMon for keeping an eye on what files and registry entries applications are utilizing and many other invaluable utilities for dealing with the trickiest situation.

SysInternals has been around since 1996, gradually improving their tools whilst they also demonstrated how to delve into the guts of Windows itself. Indeed these techniques formed the basis of Mark’s books Inside Windows 2000 and Microsoft Windows Internals which utilize a number of undocumented, and therefore unsupported, internal API calls to achieve these seemingly magical feats.

When Microsoft purchased SysInternals and Winternals as you can imagine a number of people were worried.

Techies feared loosing access to some great tools whilst developers about loosing the ongoing source and details of such powerful API’s that didn’t officially exist with SysInternal’s tools, source and books providing the best source of information.

There was no need to worry however the press announcement stated:

Customers will be able to continue building on SysInternals’ advanced utilities, technical information and source code for utilities related to Windows.

Good news there then. At least if it were true.

The replacement for SysInternal’s site came on-line a few days ago and included in the bunch of small updates and new Process Monitor application (replacement for RegMon and FileMon) was the following snippet hidden away in the Sysinternals Site Migration page.

Source Code: The number of source code downloads didn’t justify the migration, support, and possible integration problems it might cause with other Windows components down the road.

There has been some discussion that these internal APIs were being used for malware. I don’t see how denying the source now the malware authors know-how or the source and Windows Internals books are in free circulation.

Just as I thought Microsoft were opening up their own code (WTL, Wix etc.) and their staff they go and pull such a cheap stupid damaging trick.

I’ve posted a news article to Slashdot about it so my apologies if you’re already had my much shorter summary. They like em that way and I didn’t want them linking back here for fear of turning my Shuttle server into a melted heap with all the traffic.

Updates

Slashdot rejected it and went with Justin Long no longer being the Mac – a story that wasn’t even true.

Microsoft have usefully packed the whole Sysinternals suite up into a single download.

[)amien

4 responses

  1. Gravatar for Steve

    I think the reasons are similar to the reasons for not allowing non-managed code on XNA - technically it could be done and there should be no barrier to doing it securely, but they’d rather not take the risk. A shame. I love sysinternals tools and couldn’t live without them, although I never bothered to access the source code (therefore I’m part of the problem I guess).

    Steve November 10th, 2006
  2. Gravatar for Goldsacs

    Well.. that wasn’t a shock that MS would do that.

    Goldsacs November 11th, 2006
  3. Gravatar for Jp

    You can actually get the source code (still, while you can!) for some utilities by going to the MS site, and adding “Source” after the utility name but before the “.zip” extension. Example:
    ShareEnum executable download location
    http://download.sysinternals.com/Files/ShareEnum.zip ShareEnum SOURCE download location:
    http://download.sysinternals.com/Files/ShareEnumSource.zip The programs for which source is available is listed at:
    http://www.sysinternals.com/SourceCode.html HTH :)

    Jp – November 15th, 2006
  4. Gravatar for ValidFacade

    Thank god for the internet. Keeping in mind that nothing that enters into the bond of holy interwebs is ever truly freed, someone decided to rip the full sysinternals site before the acquisition. A torrent download (plus rapidshare and megaupload) can be found here. Enjoy.

    ValidFacade – March 25th, 2011

Respond to this