Process Hacker features: http://processhacker.sourceforge.net/features.php

Version 1.3.6.5 Update: Apr 09, 2009.

Downloads / Versions: http://sourceforge.net/project/showfiles.php?group_id=242527&package_id=295377

PROMISING Process Hacker!

Yours comments, please ...

NEW version of Process Hacker v1.3.7.1.30 built on 24.04.2009 (Today!) by wj32.

Here: http://processhacker.sourceforge.net/

# Setup with optimizing performance.
# Better hidden processes scanner ( similar to Blacklight's and IceSword's) which can now detect both Hacker Defender and FU.
# Basic support for Windows 7.
# Many changes: New/Improved/Fixed.

Tools: # Instantaneous scan for hidden Processes! # Verify files signature!

# Colors of the GUI are very cool & fun!

... and I have NO Error window! Look to Post #253 on Your NEW BEST Free Softwares Anti-Malware - here: http://www.wilderssecurity.com/showthread.php?t=217453&page=11

I'm glad you like the software. Do you have a "+" in Process Hacker's title bar (next to your username)?

You are Welcome, wj32!


I am very glad thaty you answered.
'Process Hacker' GUI is very relaxing and soothing with its pastel colors.
Yes, thank you also for the little + to the right of my nom - it's very nice for you, I am charmed by this.;D

Jokes aside, I recognize the professionalism of your work, frequent new versions.:thumb:

The latest version v1.3.7.1.30 works well. I have no error window, which I described in Post #253 in the thread 'Your NEW BEST Free Softwares Anti-Malware and Windows cleaners ...' here: http://www.wilderssecurity.com/showthread.php?t=217453&page=11
This is the problem of my Windows - without triggering a IE instance, I have nothing in the 'Network' tab.
But if I make IE start Page after start of 'Process Hacker', 'Network' tab shows well my TCP/UDP connections.
I repeat - this is the problem of my Windows XP SP2 and I do not know the solution for now ...

Once I had a window 'Process Hacker' - latest version - (when I clicked on the Properties of a process):
'The Microsoft Symbol Server is not supported by your version of dbghelp.dll or could not be loaded. To ensure you have the latest version of dbghelp.dll, download Debugging Tools for Windows and configure Process Hacker to use its version of dbghelp.dll. If you have the latest version of dbghelp.dll, ensure that symsrv.dll resides in the same directory as dbghelp.dll.'
But when I clicked OK, I had the Properties window of the process.
My dbghelp.dll is on C:\WINDOWS\system32. But I have NO symsrv.dll!

On my all processes, on Properties/Token, I have SeBackupPrivilege and SeRestorePrivilege on Disabled, rose color.

On Properties/Services - I have nothing, except 8 points Password. (?)

My DEP is in ON for all programs, except my Dimio's DTaskManager - but in Properties/General, DEP is marked Disabled (!!?) on my all processes.

I'm not a developer, but I would still understand a little more ...:argh:

The possibility of 'Reduce Working Set' of the process - is marvellous! Perhaps - also make this for all processes in one time?

And Toolbar (View/Toolbar) is very good - perhaps would be nice to put it forever?

Lastly, I would like to have in 'Processes' tab more informations (like Dimio's DTaskManager): CPU Time, Mem Usage, VM, Handles, Threads - for each process, if possible ...:argh:


Hope to read you, PROROOTECT

Seems functionally similar to Sysinternals' Process Explorer (http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx). Does this bring anything new/better to the table? :-\

-{ Quote: "Seems functionally similar to Sysinternals' Process Explorer (http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx). Does this bring anything new/better to the table? :-\" }-

That's the whole point :) - I based PH on PE. Here are some more interesting features, though:

* It's free/open source. Well, this isn't really a feature, but it's one of the main reasons I decided to make PH.
* The ability to find hidden processes.
* The ability to terminate any process (yes, even ones protected by rootkits, or IceSword).
* The ability to inject and unload DLLs.
* Memory searching (even with regular expressions) and memory editing.

-{ Quote: "I am very glad thaty you answered.
'Process Hacker' GUI is very relaxing and soothing with its pastel colors.
Yes, thank you also for the little + to the right of my nom - it's very nice for you, I am charmed by this.;D" }-

What it actually means is that the kernel-mode driver is loaded. I've been having some problems with it recently... >:(

-{ Quote: "Once I had a window 'Process Hacker' - latest version - (when I clicked on the Properties of a process):
'The Microsoft Symbol Server is not supported by your version of dbghelp.dll or could not be loaded. To ensure you have the latest version of dbghelp.dll, download Debugging Tools for Windows and configure Process Hacker to use its version of dbghelp.dll. If you have the latest version of dbghelp.dll, ensure that symsrv.dll resides in the same directory as dbghelp.dll.'
But when I clicked OK, I had the Properties window of the process.
My dbghelp.dll is on C:\WINDOWS\system32. But I have NO symsrv.dll!" }-

Process Explorer gives exactly the same warning. You need to install Debugging Tools for Windows, open Options in PH and configure it.

-{ Quote: "On my all processes, on Properties/Token, I have SeBackupPrivilege and SeRestorePrivilege on Disabled, rose color." }-

Does Process Explorer show the same thing?

-{ Quote: "On Properties/Services - I have nothing, except 8 points Password. (?)" }-

Yes, it's like that if the process isn't hosting any services. It is a bit confusing, I admit.

-{ Quote: "My DEP is in ON for all programs, except my Dimio's DTaskManager - but in Properties/General, DEP is marked Disabled (!!?) on my all processes." }-

Are you using XP?

-{ Quote: "The possibility of 'Reduce Working Set' of the process - is marvellous! Perhaps - also make this for all processes in one time?" }-

Ctrl+A, right-click, Reduce Working Set.

-{ Quote: "And Toolbar (View/Toolbar) is very good - perhaps would be nice to put it forever?" }-

I've always hated the toolbar; I didn't get the point. I only added it because a fellow project member asked me to. Anyway, Process Hacker does keep the toolbar visible across sessions...

-{ Quote: "Lastly, I would like to have in 'Processes' tab more informations (like Dimio's DTaskManager): CPU Time, Mem Usage, VM, Handles, Threads - for each process, if possible ...:argh: " }-

Those are in the Statistics tab. It doesn't have a thread count, though.

-{ Quote: "I'm glad you like the software." }-
The first wish I would like to put in your list, if you asked me, is to have a version that does not request the dotNET FrameUp!

Other than that you seem to have a potentialy good program ;)

-{ Quote: "The first wish I would like to put in your list, if you asked me, is to have a version that does not request the dotNET FrameUp!

Other than that you seem to have a potentialy good program ;)" }-

Without the dotNET FrameUp (:)) Process Hacker would have taken me several years to make instead of 6 months. I guess you guys are worried about performance and memory usage of .NET apps. I assure you that unless your computer is 10 years old, it will not slow to a crawl when a .NET app is running. Sure, .NET apps are slower and require more memory, but that's just a tradeoff between development time and performance.

Another issue is that there are simply no good OO programming languages with (RAD) Windows GUI support that do not use .NET. C is not OO, C++ is a pile of crap, and Java is slow (yes, even slower than .NET).

-{ Quote: "Without the dotNET FrameUp (:)) Process Hacker would have taken me several years to make instead of 6 months. I guess you guys are worried about performance and memory usage of .NET apps. I assure you that unless your computer is 10 years old, it will not slow to a crawl when a .NET app is running. Sure, .NET apps are slower and require more memory, but that's just a tradeoff between development time and performance." }-
Well, I understand your coder point of view on this but, for me, it is not that much "about performance and memory usage of .NET apps", it is for the user starting point to have to install that pile of loom in my XP registry to begin with...

Hello all,

# wj32: Thank you for your professional and detailed response.

* I have Windows XP SP2. On Process Explorer/process/Properties/Image: DEP Status: DEP.

* Yes, in Process Explorer/process/Properties/Security: Group SID: n/a, I have also on Disabled: SeBackupPrivilege and SeRestorePrivilege.
This problem may be occurred due to the use of 'Partition Magic' from Symantec. It seems that this is the incompatibility between 'Partition Magic' and my PC built by Packard Bell.
After using 'Partition Magic' my Backup E Drive is not hidden, and after restoring of my Windows I have NOT Backup E Drive, it is gone.
Do you think that I could set Enabled both SeBackupPrivilege and SeRestorePrivilege? ( it's possible only in Process Hacker, with options: Enable, Disable, Remove - bravo wj32!).
In this way perhaps I could bring back my Backup partition?

* My 'Network' tab problem - was caused by me. Yes, because I did check in 'Seconfg XP': 'Disable RPC over TCP/IP'.
This option closed Port 135 ( Local ...) = to not have troubles aside worms, hacker attacks and listening of our Steve;D Microsoft Corporation.
Well, now I unchecks this - and I do not problems with 'Network' tab!
But I have curious Steve M$ again epmap Port Local 135, which begins listening! What to choose? Could you advise me?
The worms and hackers are requested to refrain here!:shifty: *puppy*

* Only once I had the window 'The Microsoft Symbol Server ... dbghelp.dll ... '. Do you think that I should always install the 'Debugging Tools'?

* 'Select All' possibility ( or CTRL + A) - 'Reduce Working Set' becomes grayed ( as almost all possibilities ) ...

* I do not the Statistics tab.

* If I click on Help/Free Memory - it does not tick and nothing happens.

* PH has much more possibilities than PE, and is extremely easy to use.
Given its ability to find hidden processes and to kill, could you consider doing work in Real Time?
And in case of new unfriendly process or service - to block it and see the warning with the options?

* I click on Processes/right click on Name of Columns/Choose Columns: everything is there!
Now I have: Name+PID+PvtMemory+Working Set+CPU+Virtual Size+Handles+Threads & Company!
Then I click Options/Advanced: here I notch: 'Replace Task Manager with Process Hacker'! Enchanté! Welcome to the world of adults Task Managers!

The BEST.


PROROOTECT:thumb:

Is this similar to Process Lasso.....and if so, is it a better software?

-{ Quote: "Is this similar to Process Lasso.....and if so, is it a better software?" }-

Process Hacker is not similar to Process Lasso at all. Process Lasso is designed to monitor and control the priorities of various processes to increase system stability, while Process Hacker is like Process Explorer but with more control over processes.

-{ Quote: "After using 'Partition Magic' my Backup E Drive is not hidden, and after restoring of my Windows I have NOT Backup E Drive, it is gone.
Do you think that I could set Enabled both SeBackupPrivilege and SeRestorePrivilege? ( it's possible only in Process Hacker, with options: Enable, Disable, Remove - bravo wj32!).
In this way perhaps I could bring back my Backup partition?" }-

Do process viewers (PE, PH and other tools) show you details for system processes? I find it very strange that your account only has two privileges. Does explorer.exe have SeShutdownPrivilege? Surely you would want to be able to shut down your computer!

-{ Quote: "My 'Network' tab problem - was caused by me. Yes, because I did check in 'Seconfg XP': 'Disable RPC over TCP/IP'.
This option closed Port 135 ( Local ...) = to not have troubles aside worms, hacker attacks and listening of our Steve;D Microsoft Corporation.
Well, now I unchecks this - and I do not problems with 'Network' tab!
But I have curious Steve M$ again epmap Port Local 135, which begins listening! What to choose? Could you advise me?
The worms and hackers are requested to refrain here!:shifty: *puppy* " }-

I try not to mess around with system settings. The best thing to do is to install a good firewall + HIPS software (e.g. COMODO D+ which is free). Note that HIPS software may give you a lot of prompts at first...

-{ Quote: "Only once I had the window 'The Microsoft Symbol Server ... dbghelp.dll ... '. Do you think that I should always install the 'Debugging Tools'?" }-

Process Explorer showed you that warning as well. You don't have to install Debugging Tools for Windows, but it would give you correct symbols for threads. You probably don't need this, so don't worry about it.

-{ Quote: "'Select All' possibility ( or CTRL + A) - 'Reduce Working Set' becomes grayed ( as almost all possibilities ) ..." }-

Yes, I just realized that I had disabled it for multiple processes! Thanks for telling me - I've enabled it for the next release.

-{ Quote: "I do not the Statistics tab." }-

You must have the Statistics tab in process properties...

-{ Quote: "If I click on Help/Free Memory - it does not tick and nothing happens." }-

If you select Free Memory it will perform garbage collection on Process Hacker.

-{ Quote: "Given its ability to find hidden processes and to kill, could you consider doing work in Real Time?" }-

It would be too slow - it brute-forces PIDs from 4 to 8192 (I've changed it now to 4-65536!).

-{ Quote: "And in case of new unfriendly process or service - to block it and see the warning with the options?" }-

PH is not security software and does not attempt to distinguish between good and harmful programs/services. Think of it as a HijackThis process manager.

-{ Quote: "Process Hacker is like Process Explorer but with more control over processes." }-
To fellow with this, could you dare to tell me how Process Hacker would stand beside AnVir Task Manager Pro (http://www.anvir.com/programs-overview-task-manager.htm) (regularly offered as free giveaway)?

Hi ruinebabine,

I think AnVir Task Manager Pro - too many things, one can easily get lost in this catch-all application. For this it is useless for me because I have a too impatient character (you ask the Police!). And double-speak - add more to that mess ...
... more and more ... and life passes.::)

PROROOTECT

Hello wj32,

* Yes NOW I have Statistics tab! You had added this in my sleep at night, you play with me! (OK, I joke :argh: ).

* Me - I have positive thoughts ... I want to encourage you to forward for the good of all. I wish you the advantage of brute-force PIDs!:argh::thumb:
I believe in your ability - from version to version PH improves the corner! I subscribed to all future versions, if you would.

*Could you try to reduce benefits of already small CPU (0,78-1.56 %) of ProcessHacker.exe, please?

* I think that would be a way very attractive and desirable to make the step towards the development of security features ... but do not put some words in Cyrillic, please.
Maybe you want a dog for your software?... *puppy* (Yes, I joke.)

* Here I want finally to be comprehensible on my explanations in my English from outskirts: I am very privileged! I have all the privileges Enabled in all processes - except these two privileges in Disabled, in all processes.
For example, in Token/Privileges for explorer.exe, are Enabled: SeChangeNotifyPrivilege, SeCreateGlobalPrivilege, SeCreatePagefilePrivilege, SeDebugPrivilege etc, 18 Enabled and 2 Disabled.
In each process, I have many privileges Enabled and this two Disabled.

* If Process Hacker started: Root Repeal found 3 stealth objects:
Hidden Module: Name: system.Resources.dll
Hidden Module: Name: System.Windows.Forms.Resources.dll
Hidden Module: Name: mscorlib.Resources.dll
Why - hidden?
Could you make these modules 'not hidden', please?:argh:


Yours hidden PROROOTECT:thumb:

-{ Quote: "To fellow with this, could you dare to tell me how Process Hacker would stand beside AnVir Task Manager Pro (http://www.anvir.com/programs-overview-task-manager.htm) (regularly offered as free giveaway)?" }-

(You seem very skeptical, but that's a good thing.) IMHO AnVir Task Manager is very, very bloated. I try to focus on one thing only, and that is process management. For example, why include a system tweaker in a task manager?

-{ Quote: "Could you try to reduce benefits of already small CPU (0,78-1.56 %) of ProcessHacker.exe, please?" }-

The next release will have decreased CPU and memory usage. It's one of the main things I focused on.

-{ Quote: "I think that would be a way very attractive and desirable to make the step towards the development of security features ... but do not put some words in Cyrillic, please.
Maybe you want a dog for your software?... *puppy* (Yes, I joke.)" }-

Again, instead of putting security features into Process Hacker I would rather create a separate product.

-{ Quote: "If Process Hacker started: Root Repeal found 3 stealth objects:
Hidden Module: Name: system.Resources.dll
Hidden Module: Name: System.Windows.Forms.Resources.dll
Hidden Module: Name: mscorlib.Resources.dll
Why - hidden?
Could you make these modules 'not hidden', please?:argh:" }-

They aren't hidden. It may be related to the fact that I merge various DLLs and the main EXE into one ProcessHacker.exe file, but I don't see anything wrong with doing that. Just because Root Repeal says they are hidden does not mean anything. Have you tried running other .NET software? Does Root Repeal report hidden modules in those?

-{ Quote: "(You seem very skeptical, but that's a good thing.) IMHO AnVir Task Manager is very, very bloated. I try to focus on one thing only, and that is process management. For example, why include a system tweaker in a task manager?" }-The almost only thing that I am skeptical here is to try to convince myself of the obligation to first have to bloade my xp registry with that microsoft .NET stink just to have a chance to experiment with what seems to be otherwise a very neat program ;(.

And you are right about the ATM's O/S tweaking module, as I don't have any need to use this part of it. But all the rest makes of AnVir a very unique magnific tool when you give it a real fair try of more than 10 minutes :) I got very used to it after some days and by reading their manual.

Do you have a portable version of your software, I mean like the one offered there (http://www.anvir.com/taskmanagerfree)?

-{ Quote: "The almost only thing that I am skeptical here is to try to convince myself of the obligation to first have to bloade my xp registry with that microsoft .NET stink just to have a chance to experiment with what seems to be otherwise a very neat program ;(.

And you are right about the ATM's O/S tweaking module, as I don't have any need to use this part of it. But all the rest makes of AnVir a very unique magnific tool when you give it a real fair try of more than 10 minutes :) I got very used to it after some days and by reading their manual.

Do you have a portable version of your software, I mean like the one offered there (http://www.anvir.com/taskmanagerfree)?" }-

.NET is NOT bloated - it is only ever loaded when a program using the .NET Framework is started. And even then, it is only loaded as part of the program (for the JIT compiler and support libraries), not as a separate process.

I have tried AnVir Task Manager, and while it is very powerful, I intensely dislike colourful user interfaces - not highlighting or anything like in PE or PH, but non-standard menus (especially office-style ones) and gradients.

I don't know how you define portable, because .NET programs can't really be portable (unless on Vista, where the .NET Framework is installed by default). But if you mean a .zip, then sure. It's on the website, below the main download link. Process Hacker was originally distributed as a .zip, until a person came up with a setup program for it and I started including it with every release. Now it's the default download. People seem to like setup programs for some reason.

-{ Quote: ".NET is NOT bloated - it is only ever loaded when a program using the .NET Framework is started. And even then, it is only loaded as part of the program (for the JIT compiler and support libraries), not as a separate process." }-Might be (but not sure, I'm no coder, I am user only), it'd depend how you define "bloated", but by any ways it would be bloading my xp registry of a big pile of non-necessairy loom, that's for sure!
-{ Quote: "I don't know how you define portable, because .NET programs can't really be portable" }-You precisely made my point here! ;D

Hi wj32,

* It is true that my nick ProRootEct is antinomy with the name of RootRepeal - but it means nothing either. I love this software from A_D_13, and I think, that it is ESSENTIAL for everyone. Yes, I understand now thanks to your explanation, why RootRepeal rail against your ProcessHacker.exe, in which there are some very close connections between various DLLs. NOW this is understandable and not reprehensible, then all is well! Links are not dangerous, approved by our coder wj32! Now they are not hidden - it suits me perfectly, your explanation. 'Anything wrong with doing that'.

* I'm pleased that the charges in CPU and Memory will be reduced, I do not dare make another point. It's perfect: your main thought is mine! :argh:
For now, my Windows is like this:

ProcessHacker.exe: Pvt. Memory 25.9 MB; CPU 0.78/1.56 %; Working Set 25.9 MB; Virtual Size 141.8 MB; Handles 291; Threads 12; Company wj32 already good!; GDI Handles 140/146; USER handles 59.

* Surely you know the little Great Software called softly 'Bear' (See GDI/User Object usage for all processes) here: http://www.geocities.com/the_real_sz/misc/bear_.htm
The number of SUM for ProcessHacker.exe: around 641/649.

* In PE: I have few innocent softwares, appearing as Packed Images (eg HiJackThis, SysProt AntiRootkit, IATHooksAnalyzer, WISE Registry Cleaner and some other Great Software) - but in PH, it does NOT appear Packed ... Why?

*PH is much more reactive than PE, it reacts extremely fast: bravo wj32!:argh:

* I found the general lack (for me) in PH: in very nice 'System Information' there is NO figure of Physical Memory Available! It's indispensable for me, please!

* There are sometimes differences between the values of PE and PH.
For example Kernel Memory/Nonpaged in PE: 9192 KB; Kernel Pools/Non-Paged Usage in PH: 8.98 MB - in this same time.

* USEC Radix/IAT: on RED: ProcessHacker.exe; but why? Radix FP?
IATHooksAnalyzer/ProcessHacker.exe: 0 Hooked Functions. OK.
RootRepeal/Hidden Services: Found 0 hidden services. Is OK.
Kernel Detective: nothing wrong,OK.
KX-Ray: nothing wrong, cool.
GMER: nothing, cool. On GMER/Modules: NO processes from PH, but I see PROCEXP113.SYS from Process Explorer ... .NET- is better, my ruinebabine!:argh: :thumb:


ProRootEct

-{ Quote: "Might be (but not sure, I'm no coder, I am user only), it'd depend how you define "bloated", but by any ways it would be bloading my xp registry of a big pile of non-necessairy loom, that's for sure!
You precisely made my point here! ;D" }-

A "trend" I see with computer enthusiasts (or whatever Wilders Security Forums people call themselves) is cleaning/maintaining the registry. The registry is a very robust configuration manager (in the kernel it is called the configuration manager). It can be filled up with bloated software, but the thing is, just don't install lots of software (which ironically is what people like to do along with cleaning the registry). The .NET Framework stores most of its configuration in HKLM\Software\Microsoft\.NETFramework. I don't know the math, but I'm guessing the size of the .NET key is less than 0.1% of the registry.

-{ Quote: "ProcessHacker.exe: Pvt. Memory 25.9 MB; CPU 0.78/1.56 %; Working Set 25.9 MB; Virtual Size 141.8 MB; Handles 291; Threads 12; Company wj32 already good!; GDI Handles 140/146; USER handles 59." }-

Focus on the software's functionality, not what resources it consumes.

-{ Quote: "In PE: I have few innocent softwares, appearing as Packed Images (eg HiJackThis, SysProt AntiRootkit, IATHooksAnalyzer, WISE Registry Cleaner and some other Great Software) - but in PH, it does NOT appear Packed ... Why?" }-

Options > Advanced > Verify signatures and perform additional checks. It's off by default because some idiots were complaining about how their favorite software was highlighted in pink (which is the most attention-grabbing color I could use).

-{ Quote: "I found the general lack (for me) in PH: in very nice 'System Information' there is NO figure of Physical Memory Available! It's indispensable for me, please!" }-

I display the the Current and Total physical memory, not the available memory. The main reason for this is consistency; I display current commit charge, not available commit charge (as if there were such a thing).

-{ Quote: "There are sometimes differences between the values of PE and PH.
For example Kernel Memory/Nonpaged in PE: 9192 KB; Kernel Pools/Non-Paged Usage in PH: 8.98 MB - in this same time." }-

9,192 kiB = 8.98 MiB (with some rounding errors of course). Remember that 1 MiB = 1,024 kiB, not 1,000 kiB.

Many thanks, wj32!

I have a new REAL-TIME (and color) defense.

I take is that the colors of all processes in Process Hacker - are until its left edge of window. I need to put the PH window of left side of my monitor, and reduce somewhat the IE browser window.
I need to see a small part of PH window, to see at every moment the situation when I surf on the Internet.

Not forget: Options/Advanced/Verify signatures ...

Many possibilities in PH ... many!

... and one PROROOTECT

Process Hacker NEW version v1.3.7.5. Updated May 02, 2009.
2.43 Mb (C:\Program Files\Process Hacker).

CHANGELOG.txt:

NEW/IMPROVED:
* Decreased CPU usage
* Significantly less memory usage, especially when opening process properties
* Hides Process Hacker network connections by default
* Can close TCP connections
* 'Terminate Process Tree'
* Base Priority, Start Time, and CPU Time columns
... and many more NEW/IMPROVED and FIXED!


Look on Project Page: HELP WANTED!

Project Help Wanted:
Experienced C# developer(s) needed - for Process Hacker!
'We need *experienced* C# developers to manage Process Hacker.
You will be required to maintain Process Hacker for the next few monts, adding features and fixing bugs.
You must have experience with Windows internals, and possibly C programming and kernel-mode programming.
Do not apply if you are a beginner or wish to learn about programming.
Do not apply if you will be too busy to work on Process Hacker.
...
Designated contact: wj32.'


PROROOTECT:thumb:

Hello wj32,

*** Yesterday, Process Hacker v1.3.7.5, after 5 hours:

* Error: An unhandled exception has occured in Process Hacker: ... I look on DIAGNOSTIC INFORMATION:

... KProcessHacker: PsTerminateProcess, PspTerminateThreadByPointer

PROCESS HACKER THREAD POOL:
Worked thread limit: 3
Busy worker threads: 1
Total busy worker threads: 1
Queued work items: 1
...
PRIMARY SHARED THREAD PROVIDER:
Count: 3
ProcessHacker.ProcessSystemProvider (Enabled: True, Busy: False, CreateThread: False
ProcessHacker.ServiceProvider

... and Process Hacker is disappear.
After this - I start again my Process Hacker - and it appear now, except all yellow entries (explorer.exe and my defenses and ProcessHacker.exe)

... And I start it again - all entries are OK.

*** Today:

* After some time, I see that the positions in yellow! Only these in yellow!
After closing and opening of the session, Tiny Watcher told me:
Registry entry HKLM\System\CurrentControlSet\Services\KProcessHacker\ImagePath (created)
I click on 'Confirm'.
I see Process Hacker window at the left corner (and at top) of the screen; or on the plain page.

I enlarged the small window, of course.:argh:

NOW - all OK ...

NEW version of Process Hacker v1.3.8.0.33 built on 22.05.2009.

* Many NEW/IMPROVED (like 'Experimental process protection feature') and FIXED features!

* Options/Advanced: I notched: 'Enable experimental features'; Apply, OK.

... Yes, in Advanced: all cases are notched.

* CPU load is reduced: now 0.76% (before: 0.78%).


P:thumb:

I absolutely love Process Hacker, I've been a loyal user of Process Explorer which died on the vine. PH works well and lighter for me than PE. Matter of fact I've had to reconfigure PE every time I install it to show the colums that PH shows by default and in the order I like. Great Job!

* apathy: WE UNDERSTAND YOUR FEELINGS!:argh: :-*

* wj32: Would it be possible to put all results in KB, instead of MB, please?

... and: Would it be possible to have the figure of Free Memory, in KB, in the bottom of the GUI, please?


Thank you for your reply,


P:thumb:

-{ Quote: "I absolutely love Process Hacker, I've been a loyal user of Process Explorer which died on the vine. PH works well and lighter for me than PE. Matter of fact I've had to reconfigure PE every time I install it to show the colums that PH shows by default and in the order I like. Great Job!" }-

Great to see that you like it, but it's absolutely not true that PH is lighter than PE (I like to be honest :)). You can see that it takes around 2 times more memory than PE. But, if you think it's lighter, then that's your subjective experience...

-{ Quote: "* apathy: WE UNDERSTAND YOUR FEELINGS!:argh: :-*

* wj32: Would it be possible to put all results in KB, instead of MB, please?

... and: Would it be possible to have the figure of Free Memory, in KB, in the bottom of the GUI, please?


Thank you for your reply,


P:thumb:" }-

This is a bit of an issue because if you go to Options > Max. Size Unit and change it to kB all sizes will appear in kB, even total memory and things like that. Not good... I'll try to have a better system for the next version.

Free Memory: I'll try to add a system where you can choose what stats will be displayed in the statusbar.

wj32, I appreciate very much your honest and detailled answers.

* What fun to have the data in KB!
It would be nice to default - only in Kb (save only letter K, and only in columns head-line as eg 'Working Set(K)' to lower this Working Set ...).

* I believe in you, you will reduce the Working Set value in the coming versions.

* Your default colors are perfect - I put this same colors in PE, then PE is now significantly better than before.

* In the status bar I like to have the Free Memory (in K) and Non-Paged Usage (in K). And of course Processes, Threads and Handles.

* Process Hacker - File size 1514 K.
Process Explorer - File size 3466 K.
:argh:


P:thumb:

Process Hacker is very strong and certainly rivals Process Explorer, have not had a process that I cannot suspend or terminate with PH (unlike PE) - nice work in PH wj32.

-{ Quote: "Process Hacker is very strong and certainly rivals Process Explorer, have not had a process that I cannot suspend or terminate with PH (unlike PE) - nice work in PH wj32." }-

Thanks, I appreciate the feedback!

Just tried 1.4 on a healthy XP Pro SP3 box. Got a huge BSOD. Always ran fine before... :(

**EDIT**
Just reloaded 1.39 and it's fine.

Here is my BSOD

Hi,

Maybe your CPU has many Farenheit degrees. Hot thread here.

Maybe clean your Temporary Internet Files and other junk files ... and services & processes.

It's nothing,OK.?

P.

-{ Quote: "Just tried 1.4 on a healthy XP Pro SP3 box. Got a huge BSOD. Always ran fine before... :(

**EDIT**
Just reloaded 1.39 and it's fine.

Here is my BSOD" }-

Could you please send me the crash dump?

EDIT: Never mind, just discovered the bug and fixed it...

Can you please try out the latest version at Ohloh? http://www.ohloh.net/p/processhacker/download?package=Process+Hacker

I confirm that start of 'Process Hacker' is a little harder each time (all versions ...). First is the frame of GUI, then the interior; each times (also after restart of Windows).
All Options I have with original values (General tab: ticked 'Float child windows' - but in Advanced tab I ticked all).

ProcessHacker.exe:

Pvt Memory 39.84 MB
CPU 0.76
Working Set 42.8 MB
Virtual Size 176.21 MB
Handles 424
Threads 17
I/O R+O 136 B/s - displayed continuously
I/O Total 136 B/s - displayed continuously
GDI H. 162 - 172
User H. 72

Yes, I/O Delta Other Bytes are displayed continuously ...

... and after time, Network tab does nothing. But after restart of Process Hacker, I have Network OK.


P.

-{ Quote: "Can you please try out the latest version at Ohloh? " }-

As I type this, I'm running version 1.5 Release 1732 and it's doing great! Thanks for getting it going again so quickly! :D

Hey, NO problem with Network tab - after deleted the clt Test!


Process Hacker (Rock!) v1.5.0.0 modified Today 22/08/2009 ; now you have a good link on my Signature (for Ohloh page).

I downloaded PORTABLE version - bin.zip.

New/Improved:

Improved kernel modules list
Detects custom kernels
KTM resource manager information

Fixed:

WindowsXP BSODs
Linked token display on x64

""""""""""""""""""""""""

The GNU General Public Licence is a free, copyleft licence for software and other kinds of works.
When we speak of free software, we are referring to freedom, not price. ... (read in GNU General Public Licence).
...

Process Hacker has certain functionnality only available on 32-bit systems:
Bypassing rootkits and security software when accessing processes, threads, and other objects,
Viewing hidden processes ... (read in Readme.txt).


P.

Helo wj32,

I'd like this: viewing (& hightlighting) hidden processes in Processes tab, please.


P.

... aaaaa ... NEW Process Hacker!

created 4/09/2009, 19:44 - already 8 minutes ago ...

NEW/IMPROVED:

Add Port and IP Address columns to Network tab!
Displays IPv6 network connections!
Two new TERMINATOR TESTS!
... and many improved and fixed.

On my Process Hacker: I/O R+O: 192 B/s .


PROROOTECT always living

Hello wj32,

Process Hacker v1.6-r1842:

Network: nothing intercepted (empty space). Tabs: Process, Local Address, Local Port, Remote Address, Remote Port, Protocol, State.

I/O R+O (Other Bytes): 204 B/s continuous, without interruptions.

Shared WS: 0 B.

(Process Explorer- Shared WS: 5524 KB, I/O R+O: nothing).


P.

OK., latest version STABLE: look on Sourceforge link: http://processhacker.sourceforge.net/

On ohloh link: you have ALSO unstable releases.

I modified my link on my Signature for Sourceforge stable versions.

P.

Process Hacker get new Set!

Smaller, simpler, faster!

Now, without toolbar, ProcessHacker.exe:

Pvt Memory: 40.25 MB
Working Set: 40.17 MB
Shared WS: 0 Mb
Handles: 272
Threads: 12
I/O R+O: 192 B/s
GDI H.: 194 - 204
USER H.: 79 .

(Process Explorer procexp.exe:

Shared WS: 5.16 MB
Handles:381
Threads: 10 ).

You are on the way to victory!:argh:


P.

Just so you know, PROROOTECT, I am reading all of your feedback. I just haven't posted anything yet :). What I want to say is this: the resource usage of programs is not important. Use programs, don't just monitor their resource consumption.

I found ProcessHacker.ni.exe , with these tools:

* GMER/Files tab: C\Windows\assembly\NativeImages_v2.0.50727_32\processhacker\0c62fada ... : processhacker.ni.exe

* ESET SysInspector/File Details: C\Windows\assembly\nativeimages ... : processhacker.ni.exe
Status: Unknown (6; on Red)
Company: wj32
Internal Name: ProcessHacker.exe, linked to processhacker.ni.exe

* Kernel Detective: Libraries tab: C\Windows\assembly\ ... : processhacker.ni.exe

* SpyDllRemover: (on yellow: Need Analysis):
Name: ProcessHacker.ni.exe
Company: wj32
File size: 7304 KB
File Date: 05-09-2009
File Path: C\Windows\assembly\ ... : processhacker.ni.exe

""""""""""""""""""

Yes I see, Assembly folder - is the folder of .NET Assemblies.
But wj32 is warmly invited to give more explanations - in a language for us laymen ...


PROROOTECT

ProcessHacker.ni.exe is the native image of ProcessHacker.exe. .NET assemblies are not yet compiled to native code, but to give a speed boost assemblies can be pre-compiled.

Just though i'd chime in, v1.5 Portable has been faultless on XP since installing.

Many thanks wj32 great app, really appreciate the portable option also. Since reformatting, i've tried to stick with portables where possible to keep the OS, Registry etc as clean as possible.

I actually like this better than Process Explorer.

I'm starting to really like this program. I have it installed already and considering the portable version for my 'usb swiss army knife'.
My question is, how portable is it. Where does it save its settings?
Portable Freeware site has a "stealth" definition which states
-{ Quote: "What makes an application "stealth"?

For the purpose for this website, "stealth" means when an application is launched, used and terminated properly, it does not leave behind any entries in the registry or filesystem. Certain exceptions are permitted. For example, registry entries that are created/updated by Windows for the application (eg. MRU entries for dialog boxes, DirectX entries for DirectX-based apps), or temp files created in the official "Temp" folders are not taken into consideration. Note: "Stealth" does not mean non-traceability! In fact, it is quite unlikely you can hide your activities on a Windows machine from a capable system administrator. " }-
Does PH leave anything, and if it does, is it settings?

Ok i just tried it and it seems to save its settings in
Application Data\wj32\ProcessHacker.exe_Url_<some random number>\1.5.0.0\user.config
Any way we could change it so i can use PH on different computers with the same settings?

TIA for any input.

-{ Quote: "Ok i just tried it and it seems to save its settings in
Application Data\wj32\ProcessHacker.exe_Url_<some random number>\1.5.0.0\user.config
Any way we could change it so i can use PH on different computers with the same settings?" }-

Unfortunately, no. Since this has been requested by a few people already, we'll make it a high priority target for the next release.

-{ Quote: "keep the OS, Registry etc as clean as possible." }-

PH doesn't (intentionally) write to the registry. PE keeps its settings in the registry, so you could say it's as portable as PH (not very).

wj32, thank you for your reply and decision. It will make PH even more useful!

I see 1.7 may bring what i hoped for ;D
BTW, dang AVG is detecting 1.6 as PSW.Banker5.ZOY.
pita@work

Maybe you could write an email to them about that? If that doesn't work, I'll sue them for spreading false information about PH ;).

I used the context menu in the quarantine. The problem seems fixed, although it could be a simple whitelist entry of sorts (leaving the door open for 1.7). Not sure.

Can you confirm that 1.7 will be "stealth", saving the settings to a file in PH's folder?

-{ Quote: "Can you confirm that 1.7 will be "stealth", saving the settings to a file in PH's folder?" }-

Of course not. That's the main reason why so many programs fail on Vista - they write to their program folder. PH, like normal programs, writes its settings to AppData\Roaming(\Process Hacker). You can change this behaviour by using "ProcessHacker.exe -settings filename".

I believe Pedro is asking if a user/tech placed a folder containing PH on the desktop, could it run self contained and not write anything to the PC other than an MRU? Programs can do this on Vista or any other Windows version that they are coded for. AFAIK, Vista's behavior is limited to only the Program Files folder??


**EDIT**

-{ Quote: "You can change this behaviour by using "ProcessHacker.exe -settings filename"." }- If this allows PH to run from the installation folder only, what is the recommended "settings filename"?

Yes, i was referring to the portable version - so i can carry it on a usb drive and use the same settings, leaving nothing behind.

-{ Quote: "AFAIK, Vista's behavior is limited to only the Program Files folder??" }-

That's not the point. Do you want me to change PH's behaviour just for when the executable is located in a place where PH can write to? That would be both stupid and inconsistent.

-{ Quote: "If this allows PH to run from the installation folder only, what is the recommended "settings filename"?" }-

The path is relative to PH's executable directory. So use "ProcessHacker.exe -settings settings.xml" if you want to save it where PH is located.

-{ Quote: "Yes, i was referring to the portable version - so i can carry it on a usb drive and use the same settings, leaving nothing behind." }-

There is no "portable version". There are two pre-compiled downloads - the installer version and the zipped version. There is no difference between them, except for the fact that installer can automate some tasks for you.

I don't know what you people are complaining about - PE saves its settings to the registry, and no one complains about that.

I'm sorry. I'm not complaining. Really! :) I truly appreciate all your efforts! I'm just curious if PH can run solely from a single folder.

If I understand, based on your response, it apparently can if we follow a specific command line format when we run PH. From my own perspective, if it leaves a few registry traces (MRUs and such), I don't care. The part that interests me is if it stores no part of the program or settings anywhere except the one, single folder.

As to PE, while it holds it's own charms, it's clear that Russinovich and Cogswell don't care to make it portable and that will never change. Which makes your program all that more attractive if it can. (It's not life or death if it can't. I'm just curious if it can.)

For me (and I believe a growing number of fellow like minded users), portability is a very positive attribute. But please don't take my queries as a criticism. They're just queries... :)

No, criticism is good and I like hearing criticism about PH. I just get frustrated with a certain group of computer users - so-called power users (no I am not talking about you or anyone else specifically). These users seem to spend a lot of time worrying about security, portableness, registry cleaning, etc. My response to these people is always this: you could get so much more done if you actually used your computer instead of tweaking it.

PH is not a general purpose tool - it is mainly a researching tool. Users of PH need to understand that PH is just like a debugger - you obviously don't care if they use more than 20MB of memory or save their settings on the local computer, do you? That's why saving settings to a file relative to PH's directory is a feature - people won't be using it that much.

wj32, like HAN said, i'm merely asking if it will be possible. Just information.
Thank you for the reply.