sysinternals-mcp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@sysinternals-mcplist all processes with more than 100 threads"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Sysinternals MCP
FastMCP 3.4 wrapper for 12 Sysinternals CLI tools (+ DIY RAMMap equivalent via WMI) -- autorunsc, handle64, pslist, listdlls, tcpvcon, sigcheck, accesschk, psloggedon, psfile, coreinfo, du, psinfo, rammap.
Stack: Python 3.12+ -- FastMCP 3.4.2 -- uv -- ruff
All 12 tools are confirmed CLI-native. No GUI automation, no fake backends.
First-run auto-downloads each binary from https://live.sysinternals.com/,
verifies the Authenticode signature, and caches it.
Tools
Tool | Function | What it does |
|
| Startup/persistence scan -- CSV output via |
|
| Open handles/file locks -- verbose via |
|
| Process list with CPU, thread, handle counts |
|
| Loaded DLLs per process with version info |
|
| TCP/UDP connections + owning process |
|
| Authenticode verification, version, VT lookup |
|
| Effective permissions on files/registry/services |
|
| Logged-on users, local + network |
|
| Remotely opened files on this machine |
|
| CPU topology, NUMA, cache, feature flags |
|
| Directory size breakdown (recursive) |
|
| Physical memory breakdown via WMI (DIY RAMMap, no binary) |
|
| System info: OS, uptime, hotfixes, services |
Related MCP server: PortMaster MCP
Quick start
git clone https://github.com/sandraschi/sysinternals-mcp.git
cd sysinternals-mcp
uv sync --group dev
uv run sysinternals-mcp # stdio MCP for IDEFirst run auto-downloads binaries and stores them in %LOCALAPPDATA%\sysinternals-mcp\bin\.
Transport
Mode | Command |
stdio |
|
HTTP |
|
Binary handling
No EXEs committed to git. Binaries downloaded on first use from live.sysinternals.com.
Authenticode verification: rejects anything not signed by Microsoft / Sysinternals.
EULA: accepted once per machine (marker file in cache dir).
Excluded tools (GUI-only, no scriptable export)
RAMMap -- no CLI export flag exists.
Process Explorer -- GUI-only, no scriptable CLI output.
License
MIT
This server cannot be installed
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/sandraschi/sysinternals-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server