Task Explorer - a new powerfull task manager

In case there is someone interested in a new powerful task manager, here is one: https://github.com/DavidXanatos/TaskExplorer/releases it uses the ProcessHacker kernel driver and the phlib as back-end.
The UI layout is inspired by the old tool TaskInfo which unfortunately seams abandoned since 2012 and it being closed source means its dead.




For me personally the UX of TaskInfo always was the best of the best, although growing up with something makes you think this way about many things ant it may not be true, its just the result of getting used to it.

But I think I can make a good case why the particular UX style is objectively good. The UI focuses on expedience and getting real time data of what the system is doing at any given moment. Quick access to information one is interested in is emphasized interesting data are provided in easy to access (as less clicks as possible) panels, with no need to open windows or windows of sub windows. No pressing refresh most data are refreshed continuously. The toolbar provides decently sized graphs providing not just CPU usage but also usage of Objects, handles, network and IO/disk access.
The task info panels show all open handles (including file handles), the current file position is one of the columns what is quite useful to see what is a program actually working on right now disk wise. An other panel shows all open connections/sockets providing also data rate information. The thread panel contains a stack trace for the selected thread giving even more insight in wat the selected application is doing right now.

In my use case I have the task manager (now my own before that TaskInfo) always open on a small monitor on the side and can always keep an eye on whats going on on my system.



Now some things are not yet done, but being a pre release and a work in progress that is imho Ok. The tool uses the original signed ProcessHacker driver so no need to enable test signing, etc....


The GUI is by far not as light weight as Process Hackers as it is using the Qt framework but its CPU usage is comparable with task info, at least as long as one does not enable way toooo many columns in the process tree.
Being written in Qt makes the UI part platform independent and I took care of implementing everything with abstract classes such that one if one would have the time to do so could easily swap the process hacker library back-end for something that would work on Linux or even Mac.
Although that would be a project for an other time....

Please tell me what you think about this new tool.

Cheers

 

Does it have relative start time?

 

Yes, bit I called it "up time"

 

It don't want to work on Vista (32-)

 

Appreciate the work and detail gone into this @DavidXanatos

Works very certain on my 8.1 units x64 and gives plenty of Real Time data .

 

seems x64 only. dropped.

 

yes its a 64 bit build, although i could compile it for 32 bit if there is demand.

 

Wow David !
In the past I was using for many years TaskInfo (and I had also AbpMon) from Igor. I made update postings for it here on the board.
Originally it was payware. The last version was 10.0.0.336 released on 01-May-2012 and around that time it was made free for not-commercial use.
BTW Igor's site is still up: http://www.iarsn.com

OK, you said it is a GUI for the process hacker library.
Now I must admit that I don't have experience with PH.
I suppose that I first need to install PH. Any links? Thanks.

 

No you don't, the library is statically linked into the task explorer binary and the KProcessHacker.sys driver is distributed along the binary. So you can download the zip unpack it and run it as simple as that.

You can find out more about process hacker on its github page: https://github.com/processhacker/processhacker
It is a very light weight yet powerful tool, but its UI is in my opinion very cumbersome to use.

About TaskInfo, I have sent an email to Igor before I started this project asking if he would be willing to make TaskInfo open source since he obviously is not maintaining it anymore, but I never got an answer.

Since process hacker exists since 2008 being always free and quite comparable in capabilities and often exceeding the once of TaskInfo, although all that is very well hidden in sub windows of sub windows in the UI, I presume that it may be the reason why TaskInfo became abandoned. I guess Igor did not want to compete against a free product, the move to make the last version free for personal use also indicates that it was abandoned purposefully.
Or he foresaw the awful abomination windows started to become culminating in Win 10 and just lost any passion for windows all together LOL.

Cheers
David X.

 

Thanks David.
A few questions/remarks if you would allow me:

1.
Could you please give checksum(s) for TaskExplorer.v0.0.8.zip so we can check that nothing went wrong during downloading cq. saving on disk.
Up to you which one you choose (MD5 , SHA-xxx ).

2.
Does it have an installer or is it simply running the .exe after unpacking the .zip file?
If the latter, does it matter from where you run it?
(yes, as I said, I'm a newbee to PH)

3.
ESET gave a PUA warning on the PH driver kprocesshacker.sys :
a variant of Win64/ProcessHacker. A potentially unsafe application
Probably detection like this is already known and to be expected.
I'll have to decide whether I want to make exception(s) ...

4.
I too can only guess why Igor stopped with TaskInfo. (well, at the moment I don't remember me whether he gave some more info about it seven years ago). Most definitely I do wish him all the best!

Thanks!
Cheers

 

| |

Spoiler: Threat Detected kprocesshacker.sys

Filename: kprocesshacker.sys
Threat name: Hacktool.ProcHackFull Path: C:\Users\bjm\Desktop\TaskExplorer.v0.0.8\TaskExplorer\kprocesshacker.sys

____________________________

____________________________


On computers as of
6/18/2019 at 1:06:40 PM

Last Used
6/18/2019 at 1:06:39 PM

Startup Item
No

Launched
No

Threat type: Security Risk. Programs that pose a security or privacy risk and are not already classified as malicious.


____________________________


kprocesshacker.sys Threat name: Hacktool.ProcHack
Locate


Many Users
Thousands of users in the Norton Community have used this file.

Mature
This file was released 3 years 2 months ago.

Low
This file risk is low.


____________________________


https://github-production-release-a...id=0&response-content-disposition=attachment; filename=TaskExplorer.v0.0.8.zip&response-content-type=application/octet-stream
Downloaded File from amazonaws.com
Source: External Media

kprocesshacker.sys

____________________________

File Actions

Infected file: C:\Users\bjm\Desktop\TaskExplorer.v0.0.8\TaskExplorer\ kprocesshacker.sys No fix attempted
____________________________


File Thumbprint - SHA:
220a2dcf4d597f9208c0e7fd7057a91e88e118d420f20aac8e75ae3e39a7ac22
File Thumbprint - MD5:
963f148316e193b2ae68c6cbf5f7b09a
==============================================
Filename: kprocesshacker.sys
Full Path: C:\Users\bjm\Desktop\Task Explorer\TaskExplorer.v0.0.8\TaskExplorer\kprocesshacker.sys

____________________________

____________________________


Developers
Wen Jia Liu

Version
Not Available

Identified
6/18/2019 at 1:06:13 PM

Last Used
Not Available

Startup Item
No


____________________________


Many Users
Thousands of users in the Norton Community have used this file.

Mature
This file was released 3 years 2 months ago.

Bad
There are many indications that this file is untrustworthy.


____________________________


https://github-production-release-a...id=0&response-content-disposition=attachment; filename=TaskExplorer.v0.0.8.zip&response-content-type=application/octet-stream
Downloaded File kprocesshacker.sys from amazonaws.com

kprocesshacker.sys

____________________________


File Thumbprint - SHA:
220a2dcf4d597f9208c0e7fd7057a91e88e118d420f20aac8e75ae3e39a7ac22
File Thumbprint - MD5:
963f148316e193b2ae68c6cbf5f7b09a

Edit:
|

Spoiler: Good TaskExplorer

Filename: TaskExplorer.exe
Full Path: C:\Users\bjm\Desktop\TaskExplorer.v0.0.8\TaskExplorer\TaskExplorer.exe

____________________________

____________________________


Developers
Not Available

Version
Not Available

Identified
6/18/2019 at 1:06:13 PM

Last Used
Not Available

Startup Item
No


____________________________


Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week ago.

Good
Norton has given this file a favorable rating.


____________________________


https://github-production-release-a...id=0&response-content-disposition=attachment; filename=TaskExplorer.v0.0.8.zip&response-content-type=application/octet-stream
Downloaded File TaskExplorer.exe from amazonaws.com

TaskExplorer.exe

____________________________


File Thumbprint - SHA:
78a2ae476c7e915cbc3b48ae1b053401d7652ffa0faa85b616a598beee38e55a
File Thumbprint - MD5:
11902b9afbca440cf26eed1e557976a4

 

When I first started this new Task Explorer I got the same toast notice (not any warning just confirmation box) that the sys service was created which is the same I get from Process Hacker. Totally safe driver IMHO and never had any issues. After all it's the driver that is the backbone that digs up the details for easy display of many of the features that PH affords the user of it.

This Task Explorer really is a big help in spreading the many activities in a much wider view that I for one appreciate.

 

Yea I could do that, but what would be the point?
Zip has a CRC checksum to check if something went wrong during the download.
And if you are worried about someone modifying the zip purposefully on the fly or hacking github to modify it there, they can modify the shown check sum as well.

So whats your threat model?

No installer just run it from where ever you want, I may add an installer later.

ProcessHacker is often flagged by antivirus software for no legit reason.
So yes its to be expected.


Cheers
David X.

 

New Release:

[0.0.9] - 2019-06-24
Added

• general system tab
• process and system stats
• job tab
• add process pid picker dialog
• add ras/vpn graph
• process and threads are listed for 5 sec after termination
• grid to all lists
• service column to process tree
• list colloring
• context menu to services view
• tools menu
• scm permissions
• processor affinity dialog
• organized columns menu for the process tree in sub menus
• added option to restart elevated
• added graphs to process tree, CPU, Memory, IO/DiskIO, Network
• linux style cpu usage i.e. 1 core = 100% so > 1 core -> > 100%
• create service dialog
• taskexplorer can now be started as service and listen for commands
• option to start programs as TrustedInstaller without using a service
• run as dialog

Changed

• graphs can now be resized with a splitter
• improved process tree sorting behavioure to be more like in process hacker
• samba stats now using NetStatisticsGet instead of speculating on ETW events
• improved global network traffic logging now using GetIfTable2 instead of ETW events
• improved MMapIO display now it works as expected and disk IO got its own graph
• all files list now works for non enevated users
• driver tab now uses NtQuerySystemInformation(SystemModuleInformation to enumerate drivers

Fixed

• memory leak when running without unelevated and vieving all files list

check summs:

• md5: 334f871c6ab83f027c2a7e89cbb8c5c5
  
• sha1: fd19d01b83e58c17846c30a811df04060ac226a9
  
• sha256: cb08fbd000cf91e650588055f09bb8f86da388ba0b4347ac4dc40b2988d18e4f

Known issues:

• run as feature does not work

Download: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v0.0.9

 

Version 0.1 is ready: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v0.1

A productive release is finally here, there are still many features to go, but the tool as is, can be considered ready for every day use.

ChangeLog:
[0.1.0] - 2019-06-30

Added

• service property window, including all pages form the extended services plugin
• cpu and memory usage in tray icon
• option to start elevanted without an UAC prompt
• auto run using windows registry
• build x86 binaries
• add option to create a process dump
• afility to run a program with the tocken of an other program (run as this user)
• services tab showing services hosted by the selcted process
• add go to service key
• type filter to handles
• added missing handle actions
• add window properties details area

Changed

• paged memory usage is now extracted form pagefile informtions
• monitoring of ETW events can be disabled and re enabled in tool menu
• handle property detail are no a tree widget

Fixed

• crash when querying samba datarate and getting null
• run as feature forks now
• fixed issue with CoInitialize

 

Here is a new release https://github.com/DavidXanatos/TaskExplorer/releases/tag/v0.2
I fixed some issues and added a very nice memory editor feature.


[0.2] - 2019-07-05
Added

• memory tab, with options to dump the memory, free it or change access permissions
• advanced memory editor window
  -- forked qhexedit2 https://github.com/DavidXanatos/qhexedit to ad missing functionality, edit, lock mode, etc...
  -- added a QHexEditor class to qhexedit implementing a generic hex editor dialog with options and search capability

Changed

• I/O stats does not longer show ETW values when the is not monitoring ETW events

Fixed

• fixed Uptime column not being refreshed

 

Here is a new release https://github.com/DavidXanatos/TaskExplorer/releases/tag/v0.3
I fixed some issues improved the handle tab and added a tab that shows information about the user token.

For the next build I'm going to add a GPU usage display, and finally add a settings dialog, such that one does not longer need to change stuff in the ini and restart and I will add the ability to customize the Graph.

And please consider supporting my work on patreon: https://www.patreon.com/DavidXanatos

Here is the full change-log:

[0.3] - 2019-07-09
Added

• tokens tab with advanced infos
• improved handle window
  
  • -- show job info window
    
  • -- show token info window
    
  • -- show task info window
    
  • -- open file lokation
    
  • -- open registry key
    
  • -- read/write section memory
    
  • -- type filter now enumerates all types
• added size info to section type handle

Changed

• reworked sid to username resolution now using a worker thread to improve performance
• CWinProcess does not longer handle sid_user/token information all is done by CWinToken instead

Fixed

• fixed issue with the first graph text not being displayed
• fixed an issue causing the client to wait for 10 sec on shutdown

 

New release featuring many new usability improvements: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v0.4


[0.4] - 2019-07-15
Added

• gpu usage statistics
• option to reset graph
• pause refresh + refresh now
• add option to fully refresh all services
• added option to inject a dll into any running process
• use profile directory to save settings
• option to customize graph bars from the graph bar context menu
• graph now have tool tips with detailed informations
• settings dialog with options and the ability to customize list colors

Changed

• now distributing as an installer usinf https://github.com/DavidXanatos/uSetup, with the option to extract for portable mode.
• made most dialogs resizable
• select reasonable default columns

Fixed

• a 32 bit version can not longer be started on a 64-bit system as it would not work correctly, however it tries to start a 64 bit version if avilable.
• fixed process service tab not working

 

The build 0.5 features variolous search and filter functions making the UI much more usable, and it improves on the memory editor.
The source code can now be compiled on Linux without errors, although due to the lack of a back end it does nto do much yet.

The release can be downloaded here: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v0.5

[0.5] - 2019-07-22
Added

• added search filter to all panels by pressinf Ctrl+F
• find open file/handles/dll's
• find strings in program memory
• extended QHexEditor with the ability to search for unicode (UTF-16) strings
• added context menu to qhexeditor
• terminate tasks and close handles/sockets/windows using the del key
• added status bar infos
• add system info window in case one closed the system info panel
• disable system info tab settings when panel is collapsed

Changed

• reworked tree graph's for better performance

Fixed

• fixed an issue where reused handles woule be colored as to be removed permanently
• fixed column order getting messed up in process tree when adding/removing columns
• QHexEditor does not longer allow to replace a string with a different length string when its not in insert moe
• fixed crash bug in CWinToken::InitStaticData
• fixed a many of small bugs preventing compilation of the UI on Linux

 

New release: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v0.6

This release focuses on .NET support and improvements to services.

[0.6] - 2019-07-31
Added

• .NET stack tracking support
• .NET Tab with assemblies and performance infos
• panel search can now instead of only filtering also just highlight the results
• when encountering an access denided we now try to start an elevated worker and retry
• added option to edit service dependencies
• forked QTabBar and QTabWidget to provide a windows like multiRow operation mode

Changed

• taskexplorer can now be started as elevated worker or 32 bit worker not just as a service
• improved stack trace display handling
• improved service info window

Fixed

• memory view being unnececerly refreshed
• fixed dpi scling issue

 

Task Explorer v0.7 Released (August 9, 2019)

Download

Spoiler: Changes v0.7

Added

• added a custom drivers as some AV software does not like kprocesshacker.sys, just unpack one of the following and it will be used instead
  -- self-signed xprocesshacker.sys driver in xprocesshacker_test-sign.zip
  -- signed with a leaked cert in xprocesshacker_hack-sign.zip PW: leaked
• added GDI objects tab
• added CPU Info tab
• added Memory/RAM Info tab including page file info
• added Disk/IO Info tab
• added Network Info tab also containing RAS infos
• added GPU Info tab
• added open path option to process tree
• added free memory commands to tools menu
• added crash dump creation

Changed

• improved disk usag graph to show percentage of disk utilization instead of just data rate
• double click on thray now toggles show/hife of the window
• moved "Show Kernel Services" from view menu to services sub menu
• reworked system info tab

Fixed

• fixed column issue in process picker and job tab
• fixed total/kernel/user cpu columns showing the wrong values
• fixed potential rais condition when initialising LibPH
• fixed issue with settings dialog
• fixed race condition when deleting theAPI
• fixed crash issue on 32 bit platforms
• fixed issue causing the elevation status not being resolved

 

The new build: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v0.7 focuses on many new system info/performance features and usability improvements.
It adds new System Info tabs showing CPU usage, GPU usage, Memory usage, individual Disk usage, and network usage.

This build also adds crash dump creation so if there is a problem and the tool crashes on you please post the *.dmp file to the issue section on github: https://github.com/DavidXanatos/TaskExplorer/issues

Last but not least as some AntiVirus-tools are blocking the kprocesshacker.sys I have added a custom xprocesshacker.sys which should not trigger AV self-defence mechanisms. Howe ever as I don't have an expensive code signing certificate I provide the driver in two variants: one self-signed that runs only on windows booted in test-mode; and the second signed with a leaked certificate which may cause a AV-tool to complain, but than just add an exception for the file and it will work. The password for the ZIP with the second variant is "leaked".

[0.7] - 2019-08-09
Added

• added a custom drivers as some AV software does not like kprocesshacker.sys, just unpack one of the following and it will be used instead
  -- self-signed xprocesshacker.sys driver in xprocesshacker_test-sign.zip
  -- signed with a leaked cert in xprocesshacker_hack-sign.zip PW: leaked
• added GDI objects tab
• added CPU Info tab
• added Memory/RAM Info tab including page file info
• added Disk/IO Info tab
• added Network Info tab also containing RAS infos
• added GPU Info tab
• added open path option to process tree
• added free memory commands to tools menu
• added crash dump creation

Changed

• improved disk usag graph to show percentage of disk utilization instead of just data rate
• double click on thray now toggles show/hife of the window
• moved "Show Kernel Services" from view menu to services sub menu
• reworked system info tab

Fixed

• fixed column issue in process picker and job tab
• fixed total/kernel/user cpu columns showing the wrong values
• fixed potential rais condition when initialising LibPH
• fixed issue with settings dialog
• fixed race condition when deleting theAPI
• fixed crash issue on 32 bit platforms
• fixed issue causing the elevation status not being resolved

 

This build focuses on bug fixing and usability improvements, lots of small improvements.
The new build can be downloaded here: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v0.7.5

[0.7.5] - 2019-08-19
Added

• tooltips to process tree
• added tool-bar
• bring to front on tray single click
• added bring in front command to the process tree
• disks which don't support performance queries now will get an own read/write rates graph called "unsupported" in the disk plot using ETW data
• added option to simulate UDP pseudo connections using ETW data.
• added hard fault count and delta
• added process uptime informations
• added peak handles and threads columns
• added computer menu (lock, shutdown, reboot, etc...)
• added users menu (enum users, status, log off, etc...)
• added some menu icons

Changed

• ETW is now disabled by default, its really only needed for socket data rates
• when minimized or hiden no more ui updates to save cpu
• better number formating, long numbers are now split in groups of 3
• now using SYSTEM_PROCESS_INFORMATION_EXTENSION for process disk rates when possible, this is much more reliable than ETW
• reduced cpu usage when updating thread info (more data are now loaded only on demand)
• reduced cpu usage of window enumeration by using NtUserBuildHwndList (on windows 10) instead of FindWindowEx and by caching more data
• reduced cpu usage by using SystemFullProcessInformation to enum processes when possible (elevation required), instead of using additional calls to get the same data
• reorganized task menus for better usability

Fixed

• fixed issue when attaching a debugger
• fixed resize issue when collapsing the side panel
• fixed crash issue with text copy in service and driver views
• fixed issue in socket listing

 

I use Process Hacker and Process Explorer daily but I'm always on the lookout for alternatives. This looks really cool. I will take it for a spin. Thanks for sharing.

 

New release: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v0.8.0

This build focuses on optimizations and reduced CPU usage the gained performance is used to enable the tool to merge information from multiple processes, when more than one are selected. When all processes are selected this results some views showing and updating ~200 000 entries what is handled with good performance.

[0.8.0] - 2019-08-26
Added

• added listing of unloaded DLLs (shown in gray in modules tab)
• added "Services referencing" feature to modules tab -> column
• added optional CPU cycle based CPU usage calculation
• show merged informations when more than one process is sellected
• added search (highlight) feature to the stack trace list
• added Dangerous Flags from process hacker to the token tab
• added job limits informations tab to the job tab
• added search functionality to all remaining list/tree views

Changed

• optimized cpu uage all models are now aware of hidden columns and dont query them
• improved tree and list model performance by mor than an order of magnitude
• some values, like per process gpu sats, are not longer queried when thair columns are hidden
• reworked the token handling to optimize performance and properly handle situations when a Token gets replaced
• moved Sid Resolving to a dedicated worker thread

Fixes

• issue with .NET tab not getting cleared when an other process was selected
• fixed issue not all open file references being shopwed when a handle value was reused
• fixed error in global memory search
• fixed issue in token panel with the integrity combo box