Task Explorer - a new powerfull task manager

Discussion in 'other software & services' started by DavidXanatos, Jun 17, 2019.

  1. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    344
    Security Task Manager
    Code:
    https://www.neuber.com/taskmanager/
     
  2. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    344
  3. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
  4. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    hmm interesting, that tool does not use a driver.... I wonder how they detect that process...
     
  5. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    After some investigation I'm not impressed.
    The key-logger installs itself in a unusual AutRun Location "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load"

    and Security Task Manager lists it because it finds it there.
    if you remove that registry entry Security Task Manager does not see it anymore.

    Also it never complains about the hijacked svchost.exe :/

    I will add some functionality to detect hidden processes and also monitor process start start into the next build anyways though...
     
  6. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    344
    Thank you. Another file
    Code:
    http://www.filedropper.com/userclient
    Code:
    http://www.filedropper.com/apuq8f2ebgaa6rocafnhgqasaacfvsoa
    And please change gui, very complex and boring. Need clear view, like Security Task Manager. And please add, right click / delete process and file
     
    Last edited: Dec 29, 2019
  7. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    I don't see that 2 files hiding a process, at least I cant detect anything.
    Also Security Task Manager in my VM does not show anything hidden.

    I'm absolutely not going to change the UI, as its exactly as I like it.
    If you want more space for the process tree, you can snap the side panel to the right side than it goes away, you can access the same data as shown there by double clicking a process.
     
  8. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    344
    userclient.exe
    https://img.techpowerup.org/191229/u.jpg
     
  9. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Playing with Task Explorer, nice work.

    A very personal request, a tool I used to use, System Explorer, abandoned for years now (unfortunately), used to have a little pop-up window when hovering over to task bar icon, which was very useful to see the most pertinent data e.g. top 3 processes in terms of CPU usage (see attached)..

    David, how difficult would it be to implement something similar? Would really appreciate that. ;)

    And - plans for a dark theme perhaps?
     

    Attached Files:

  10. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    Yea its malware so what?
    Task Explorer is a process/task manager not a anti virus. It is not supposed to think for the user and identify known malware. What it is supposed to do it to provide verbose process data to the user to allow the user to determine on his own if a process behaves in his opinion suspiciously/maliciusly or not.

    What I could add would be a mechanism to send every loaded binary to virus total and report back the result, but that would be IMHO still outside the scope of the project.
     
  11. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    hmm... I think the popUp would need to me eider much bigger, or customizable, as different users would want to see different data, some would care for the GPU a lot, others for the disk IO, etc....
    I see how that could be useful to people which do not dedicate one side monitor to task explorer exclusively ;)
    I will look into adding such a feature.

    "dark theme", why do so many people like "dark theme"?
    EDIT: it looks very simple to add that, it will be included in the next build. :D

    David X.
     
    Last edited: Dec 30, 2019
  12. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Personally, I just looked at top 3 process in terms of CPU usage, memory usage (already in tooltip), and strangely, system uptime (for a reboot!). But I agree everyone would want different items.o_O :rolleyes::isay:
    I know it's just a GUI thing - but for me not just eye candy, useful for a quick view of resource hogs.

    Re dark theme, thanks :thumb: ... just one of those things, once you switch to Windows dark, it kind of grows on you, increasingly switch everything to dark - and 'light' starts to look ... harsh. :eek:;):cautious:
     
    Last edited: Dec 30, 2019
  14. boldrake

    boldrake Registered Member

    Joined:
    Apr 18, 2016
    Posts:
    17
  15. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    344
    Yes but its a process. You can improve detect hidden process module. And you can add right click/delete
     
  16. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    MiTec Task Manager Deluxe shows the attached info top right - but not as a pop-up, as requested.
    But still, similar kind of info as old Mister Group System Explorer.
     

    Attached Files:

  17. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    This build focuses on greatly improving the tracking of process starts and display of meaningful process trees. This is accomplished by monitoring the appropriate ETW events and using this information to list short lived processes that otherwise would fall between the refresh intervals of the regular enumeration method.
    A new setting "Retain parent Processes" makes task explorer keep terminated processes listed as long as there are still child or (grand,...)grandchild processes running. A new toolbar button allows to quickly switch between a list view and a tree view while retaining the list sort order.
    The new build also features other UI improvements most notably a Dark Mode for those who likes it.

    Download: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v1.1

    [1.1.0] - 2020-23-01

    Added

    • added Dark Theme Support
    • added ETW monitoring of the processProvider
    • -- allows to capture all process cration events henc elisting of very short lived processes
    • -- using ETW data to set image path and command line when the process closed before we could inspect it
    • added option to keep processes listed indefinetly as long as thay have still running children.
    • added functionality to find some types of hidden processes, also usefull to find some already terminated processes
    • added tool bar button to switch between the tree view and a list view more convinient as the last choose list sort column is remembered

    Changed
    • the handle tab is now present twice once as it was and once providing only an open file list

    Fixed
    • handle types are now sorted properly i.e. "[All]" is first
    • fixed bug where in the unifyed list view switching to tree view was not possible
    • fixed issue with some values not being initialized in CWinMainModule
    • fixed High DPI scaling issues
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    @DavidXanatos - Very Nice release there. I'm running 8.1 and of course got that old timey red stripe warning with old IE I often use. Always ignore it with analysis tools as this.

    You really outdone yourself in making those adjustments and many thanks for the "handle types" sorting correction among other improvements. Really useful program and thoughtfully scaled.

    I always been a close examiner when it comes to CPU cycles-nicely arrayed stats all down the list.

    Also if it's any use to you TaskExplorer.exe after clicking X to close in the Portable Version retains it's running process. No problem I use ProcessHacker and Terminate to fully close.
     
    Last edited: Jan 23, 2020
  19. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    344
    Very complex gui, boring :/

    Cant detect this malware process
    Code:
    https://download.gg/file-10191377_0f15a3d4814ebc75
    And please add: right click - remove/delete process
     
  20. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    Well that is a pity because I did all this work to create exactly this type of GUI as I like it and use it everyday, I couldn't stand using anything less complex. I'm loving it!

    About malware detection, when I have more spare time I will look into extending that aspect but its not a priority right now.
     
  21. boldrake

    boldrake Registered Member

    Joined:
    Apr 18, 2016
    Posts:
    17
    great job, thank you
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Developer has a sense of humor too :D
     
  23. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    Don't listen to the hater, boring? definitely not, maybe a bit "busy", but information galore at a glance. I do feel bad for people on small monitors though...

    Can I request an option that disables this are you sure? "close box" https://i.imgur.com/vizjTU8.png

    Like, if I hit the "X" to close the program, I wanna close it not be asked again. Anyways, thanks if you can, thanks still if not, keep improving!
     
  24. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    Yea I will add an option to disable the exit confirmation, even though once the 15 sec timeout reaches0 it will close without any further interactions anyways.
     
  25. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    I have a small inquiry for you guys...

    What features would you like to see in the next builds?


    I was thinking about the ability to set priorities and CPU affinities persistently, i.e. the tool would remember it on an file name basis and whenever a process is seen with one of the preset paths (or only exe name, in the end probably a wildcard path really) its priorities and stuff will get adjusted accordingly.

    I was also thinking about adding an option to perpetually kill processes on the same basis, when one gets seen it will get killed.
    thinking here about typical telemetry processes like vctip.exe (VS2017/2019), software_reporter_tool.exe (Chrome), NvTelemetryContainer (NVidia) etc....


    With regard to not allowing processes to start I could enforce that using the driver so that the process never goes past created suspended. But is that overkill?
    Is that the right thing for a task manager or should that go into some separate HIPS tool? I don't want to cram thematically unrelated features together, but well not allowing processes to start is still in the scope of a process manager.

    What do you think?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.