Process Hacker: NEW & BEST!

Discussion in 'other software & services' started by PROROOTECT, Apr 13, 2009.

Thread Status:
Not open for further replies.
  1. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
  2. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    NEW version of Process Hacker v1.3.7.1.30 built on 24.04.2009 (Today!) by wj32.

    Here: http://processhacker.sourceforge.net/

    # Setup with optimizing performance.
    # Better hidden processes scanner ( similar to Blacklight's and IceSword's) which can now detect both Hacker Defender and FU.
    # Basic support for Windows 7.
    # Many changes: New/Improved/Fixed.

    Tools: # Instantaneous scan for hidden Processes! # Verify files signature!

    # Colors of the GUI are very cool & fun!

    ... and I have NO Error window! Look to Post #253 on Your NEW BEST Free Softwares Anti-Malware - here: https://www.wilderssecurity.com/showthread.php?t=217453&page=11
     
  3. wj32

    wj32 Developer

    Joined:
    Apr 23, 2009
    Posts:
    48
    I'm glad you like the software. Do you have a "+" in Process Hacker's title bar (next to your username)?
     
  4. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    You are Welcome, wj32!


    I am very glad thaty you answered.
    'Process Hacker' GUI is very relaxing and soothing with its pastel colors.
    Yes, thank you also for the little + to the right of my nom - it's very nice for you, I am charmed by this.:D

    Jokes aside, I recognize the professionalism of your work, frequent new versions.:thumb:

    The latest version v1.3.7.1.30 works well. I have no error window, which I described in Post #253 in the thread 'Your NEW BEST Free Softwares Anti-Malware and Windows cleaners ...' here: https://www.wilderssecurity.com/showthread.php?t=217453&page=11
    This is the problem of my Windows - without triggering a IE instance, I have nothing in the 'Network' tab.
    But if I make IE start Page after start of 'Process Hacker', 'Network' tab shows well my TCP/UDP connections.
    I repeat - this is the problem of my Windows XP SP2 and I do not know the solution for now ...

    Once I had a window 'Process Hacker' - latest version - (when I clicked on the Properties of a process):
    'The Microsoft Symbol Server is not supported by your version of dbghelp.dll or could not be loaded. To ensure you have the latest version of dbghelp.dll, download Debugging Tools for Windows and configure Process Hacker to use its version of dbghelp.dll. If you have the latest version of dbghelp.dll, ensure that symsrv.dll resides in the same directory as dbghelp.dll.'
    But when I clicked OK, I had the Properties window of the process.
    My dbghelp.dll is on C:\WINDOWS\system32. But I have NO symsrv.dll!

    On my all processes, on Properties/Token, I have SeBackupPrivilege and SeRestorePrivilege on Disabled, rose color.

    On Properties/Services - I have nothing, except 8 points Password. (?)

    My DEP is in ON for all programs, except my Dimio's DTaskManager - but in Properties/General, DEP is marked Disabled (!!?) on my all processes.

    I'm not a developer, but I would still understand a little more ...:argh:

    The possibility of 'Reduce Working Set' of the process - is marvellous! Perhaps - also make this for all processes in one time?

    And Toolbar (View/Toolbar) is very good - perhaps would be nice to put it forever?

    Lastly, I would like to have in 'Processes' tab more informations (like Dimio's DTaskManager): CPU Time, Mem Usage, VM, Handles, Threads - for each process, if possible ...:argh:


    Hope to read you, PROROOTECT
     
  5. Aaron Here

    Aaron Here Registered Member

    Joined:
    Jun 4, 2006
    Posts:
    1,205
    Location:
    USA
    Seems functionally similar to Sysinternals' Process Explorer. Does this bring anything new/better to the table? :doubt:
     
    Last edited: Apr 25, 2009
  6. wj32

    wj32 Developer

    Joined:
    Apr 23, 2009
    Posts:
    48
    That's the whole point :) - I based PH on PE. Here are some more interesting features, though:

    * It's free/open source. Well, this isn't really a feature, but it's one of the main reasons I decided to make PH.
    * The ability to find hidden processes.
    * The ability to terminate any process (yes, even ones protected by rootkits, or IceSword).
    * The ability to inject and unload DLLs.
    * Memory searching (even with regular expressions) and memory editing.
     
  7. wj32

    wj32 Developer

    Joined:
    Apr 23, 2009
    Posts:
    48
    What it actually means is that the kernel-mode driver is loaded. I've been having some problems with it recently... :mad:

    Process Explorer gives exactly the same warning. You need to install Debugging Tools for Windows, open Options in PH and configure it.

    Does Process Explorer show the same thing?

    Yes, it's like that if the process isn't hosting any services. It is a bit confusing, I admit.

    Are you using XP?

    Ctrl+A, right-click, Reduce Working Set.

    I've always hated the toolbar; I didn't get the point. I only added it because a fellow project member asked me to. Anyway, Process Hacker does keep the toolbar visible across sessions...

    Those are in the Statistics tab. It doesn't have a thread count, though.
     
  8. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    The first wish I would like to put in your list, if you asked me, is to have a version that does not request the dotNET FrameUp!

    Other than that you seem to have a potentialy good program ;)
     
  9. wj32

    wj32 Developer

    Joined:
    Apr 23, 2009
    Posts:
    48
    Without the dotNET FrameUp :))) Process Hacker would have taken me several years to make instead of 6 months. I guess you guys are worried about performance and memory usage of .NET apps. I assure you that unless your computer is 10 years old, it will not slow to a crawl when a .NET app is running. Sure, .NET apps are slower and require more memory, but that's just a tradeoff between development time and performance.

    Another issue is that there are simply no good OO programming languages with (RAD) Windows GUI support that do not use .NET. C is not OO, C++ is a pile of crap, and Java is slow (yes, even slower than .NET).
     
  10. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    Well, I understand your coder point of view on this but, for me, it is not that much "about performance and memory usage of .NET apps", it is for the user starting point to have to install that pile of loom in my XP registry to begin with...
     
  11. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hello all,

    # wj32: Thank you for your professional and detailed response.

    * I have Windows XP SP2. On Process Explorer/process/Properties/Image: DEP Status: DEP.

    * Yes, in Process Explorer/process/Properties/Security: Group SID: n/a, I have also on Disabled: SeBackupPrivilege and SeRestorePrivilege.
    This problem may be occurred due to the use of 'Partition Magic' from Symantec. It seems that this is the incompatibility between 'Partition Magic' and my PC built by Packard Bell.
    After using 'Partition Magic' my Backup E Drive is not hidden, and after restoring of my Windows I have NOT Backup E Drive, it is gone.
    Do you think that I could set Enabled both SeBackupPrivilege and SeRestorePrivilege? ( it's possible only in Process Hacker, with options: Enable, Disable, Remove - bravo wj32!).
    In this way perhaps I could bring back my Backup partition?

    * My 'Network' tab problem - was caused by me. Yes, because I did check in 'Seconfg XP': 'Disable RPC over TCP/IP'.
    This option closed Port 135 ( Local ...) = to not have troubles aside worms, hacker attacks and listening of our Steve:D Microsoft Corporation.
    Well, now I unchecks this - and I do not problems with 'Network' tab!
    But I have curious Steve M$ again epmap Port Local 135, which begins listening! What to choose? Could you advise me?
    The worms and hackers are requested to refrain here!:shifty: *puppy*

    * Only once I had the window 'The Microsoft Symbol Server ... dbghelp.dll ... '. Do you think that I should always install the 'Debugging Tools'?

    * 'Select All' possibility ( or CTRL + A) - 'Reduce Working Set' becomes grayed ( as almost all possibilities ) ...

    * I do not the Statistics tab.

    * If I click on Help/Free Memory - it does not tick and nothing happens.

    * PH has much more possibilities than PE, and is extremely easy to use.
    Given its ability to find hidden processes and to kill, could you consider doing work in Real Time?
    And in case of new unfriendly process or service - to block it and see the warning with the options?

    * I click on Processes/right click on Name of Columns/Choose Columns: everything is there!
    Now I have: Name+PID+PvtMemory+Working Set+CPU+Virtual Size+Handles+Threads & Company!
    Then I click Options/Advanced: here I notch: 'Replace Task Manager with Process Hacker'! Enchanté! Welcome to the world of adults Task Managers!

    The BEST.


    PROROOTECT:thumb:
     
  12. Birdman

    Birdman Registered Member

    Joined:
    Nov 24, 2003
    Posts:
    571
    Is this similar to Process Lasso.....and if so, is it a better software?
     
  13. wj32

    wj32 Developer

    Joined:
    Apr 23, 2009
    Posts:
    48
    Process Hacker is not similar to Process Lasso at all. Process Lasso is designed to monitor and control the priorities of various processes to increase system stability, while Process Hacker is like Process Explorer but with more control over processes.
     
  14. wj32

    wj32 Developer

    Joined:
    Apr 23, 2009
    Posts:
    48
    Do process viewers (PE, PH and other tools) show you details for system processes? I find it very strange that your account only has two privileges. Does explorer.exe have SeShutdownPrivilege? Surely you would want to be able to shut down your computer!

    I try not to mess around with system settings. The best thing to do is to install a good firewall + HIPS software (e.g. COMODO D+ which is free). Note that HIPS software may give you a lot of prompts at first...

    Process Explorer showed you that warning as well. You don't have to install Debugging Tools for Windows, but it would give you correct symbols for threads. You probably don't need this, so don't worry about it.

    Yes, I just realized that I had disabled it for multiple processes! Thanks for telling me - I've enabled it for the next release.

    You must have the Statistics tab in process properties...

    If you select Free Memory it will perform garbage collection on Process Hacker.

    It would be too slow - it brute-forces PIDs from 4 to 8192 (I've changed it now to 4-65536!).

    PH is not security software and does not attempt to distinguish between good and harmful programs/services. Think of it as a HijackThis process manager.
     
  15. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    To fellow with this, could you dare to tell me how Process Hacker would stand beside AnVir Task Manager Pro (regularly offered as free giveaway)?
     
  16. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hi ruinebabine,

    I think AnVir Task Manager Pro - too many things, one can easily get lost in this catch-all application. For this it is useless for me because I have a too impatient character (you ask the Police!). And double-speak - add more to that mess ...
    ... more and more ... and life passes.:rolleyes:

    PROROOTECT
     
  17. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hello wj32,

    * Yes NOW I have Statistics tab! You had added this in my sleep at night, you play with me! (OK, I joke :argh: ).

    * Me - I have positive thoughts ... I want to encourage you to forward for the good of all. I wish you the advantage of brute-force PIDs!:argh::thumb:
    I believe in your ability - from version to version PH improves the corner! I subscribed to all future versions, if you would.

    *Could you try to reduce benefits of already small CPU (0,78-1.56 %) of ProcessHacker.exe, please?

    * I think that would be a way very attractive and desirable to make the step towards the development of security features ... but do not put some words in Cyrillic, please.
    Maybe you want a dog for your software?... *puppy* (Yes, I joke.)

    * Here I want finally to be comprehensible on my explanations in my English from outskirts: I am very privileged! I have all the privileges Enabled in all processes - except these two privileges in Disabled, in all processes.
    For example, in Token/Privileges for explorer.exe, are Enabled: SeChangeNotifyPrivilege, SeCreateGlobalPrivilege, SeCreatePagefilePrivilege, SeDebugPrivilege etc, 18 Enabled and 2 Disabled.
    In each process, I have many privileges Enabled and this two Disabled.

    * If Process Hacker started: Root Repeal found 3 stealth objects:
    Hidden Module: Name: system.Resources.dll
    Hidden Module: Name: System.Windows.Forms.Resources.dll
    Hidden Module: Name: mscorlib.Resources.dll
    Why - hidden?
    Could you make these modules 'not hidden', please?:argh:


    Yours hidden PROROOTECT:thumb:
     
  18. wj32

    wj32 Developer

    Joined:
    Apr 23, 2009
    Posts:
    48
    (You seem very skeptical, but that's a good thing.) IMHO AnVir Task Manager is very, very bloated. I try to focus on one thing only, and that is process management. For example, why include a system tweaker in a task manager?
     
  19. wj32

    wj32 Developer

    Joined:
    Apr 23, 2009
    Posts:
    48
    The next release will have decreased CPU and memory usage. It's one of the main things I focused on.

    Again, instead of putting security features into Process Hacker I would rather create a separate product.

    They aren't hidden. It may be related to the fact that I merge various DLLs and the main EXE into one ProcessHacker.exe file, but I don't see anything wrong with doing that. Just because Root Repeal says they are hidden does not mean anything. Have you tried running other .NET software? Does Root Repeal report hidden modules in those?
     
  20. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    The almost only thing that I am skeptical here is to try to convince myself of the obligation to first have to bloade my xp registry with that microsoft .NET stink just to have a chance to experiment with what seems to be otherwise a very neat program ;(.

    And you are right about the ATM's O/S tweaking module, as I don't have any need to use this part of it. But all the rest makes of AnVir a very unique magnific tool when you give it a real fair try of more than 10 minutes :) I got very used to it after some days and by reading their manual.

    Do you have a portable version of your software, I mean like the one offered there?
     
    Last edited: Apr 29, 2009
  21. wj32

    wj32 Developer

    Joined:
    Apr 23, 2009
    Posts:
    48
    .NET is NOT bloated - it is only ever loaded when a program using the .NET Framework is started. And even then, it is only loaded as part of the program (for the JIT compiler and support libraries), not as a separate process.

    I have tried AnVir Task Manager, and while it is very powerful, I intensely dislike colourful user interfaces - not highlighting or anything like in PE or PH, but non-standard menus (especially office-style ones) and gradients.

    I don't know how you define portable, because .NET programs can't really be portable (unless on Vista, where the .NET Framework is installed by default). But if you mean a .zip, then sure. It's on the website, below the main download link. Process Hacker was originally distributed as a .zip, until a person came up with a setup program for it and I started including it with every release. Now it's the default download. People seem to like setup programs for some reason.
     
  22. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    Might be (but not sure, I'm no coder, I am user only), it'd depend how you define "bloated", but by any ways it would be bloading my xp registry of a big pile of non-necessairy loom, that's for sure!
    You precisely made my point here! :D
     
    Last edited: Apr 29, 2009
  23. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hi wj32,

    * It is true that my nick ProRootEct is antinomy with the name of RootRepeal - but it means nothing either. I love this software from A_D_13, and I think, that it is ESSENTIAL for everyone. Yes, I understand now thanks to your explanation, why RootRepeal rail against your ProcessHacker.exe, in which there are some very close connections between various DLLs. NOW this is understandable and not reprehensible, then all is well! Links are not dangerous, approved by our coder wj32! Now they are not hidden - it suits me perfectly, your explanation. 'Anything wrong with doing that'.

    * I'm pleased that the charges in CPU and Memory will be reduced, I do not dare make another point. It's perfect: your main thought is mine! :argh:
    For now, my Windows is like this:

    ProcessHacker.exe: Pvt. Memory 25.9 MB; CPU 0.78/1.56 %; Working Set 25.9 MB; Virtual Size 141.8 MB; Handles 291; Threads 12; Company wj32 already good!; GDI Handles 140/146; USER handles 59.

    * Surely you know the little Great Software called softly 'Bear' (See GDI/User Object usage for all processes) here: http://www.geocities.com/the_real_sz/misc/bear_.htm
    The number of SUM for ProcessHacker.exe: around 641/649.

    * In PE: I have few innocent softwares, appearing as Packed Images (eg HiJackThis, SysProt AntiRootkit, IATHooksAnalyzer, WISE Registry Cleaner and some other Great Software) - but in PH, it does NOT appear Packed ... Why?

    *PH is much more reactive than PE, it reacts extremely fast: bravo wj32!:argh:

    * I found the general lack (for me) in PH: in very nice 'System Information' there is NO figure of Physical Memory Available! It's indispensable for me, please!

    * There are sometimes differences between the values of PE and PH.
    For example Kernel Memory/Nonpaged in PE: 9192 KB; Kernel Pools/Non-Paged Usage in PH: 8.98 MB - in this same time.

    * USEC Radix/IAT: on RED: ProcessHacker.exe; but why? Radix FP?
    IATHooksAnalyzer/ProcessHacker.exe: 0 Hooked Functions. OK.
    RootRepeal/Hidden Services: Found 0 hidden services. Is OK.
    Kernel Detective: nothing wrong,OK.
    KX-Ray: nothing wrong, cool.
    GMER: nothing, cool. On GMER/Modules: NO processes from PH, but I see PROCEXP113.SYS from Process Explorer ... .NET- is better, my ruinebabine!:argh: :thumb:


    ProRootEct
     
  24. wj32

    wj32 Developer

    Joined:
    Apr 23, 2009
    Posts:
    48
    A "trend" I see with computer enthusiasts (or whatever Wilders Security Forums people call themselves) is cleaning/maintaining the registry. The registry is a very robust configuration manager (in the kernel it is called the configuration manager). It can be filled up with bloated software, but the thing is, just don't install lots of software (which ironically is what people like to do along with cleaning the registry). The .NET Framework stores most of its configuration in HKLM\Software\Microsoft\.NETFramework. I don't know the math, but I'm guessing the size of the .NET key is less than 0.1% of the registry.
     
  25. wj32

    wj32 Developer

    Joined:
    Apr 23, 2009
    Posts:
    48
    Focus on the software's functionality, not what resources it consumes.

    Options > Advanced > Verify signatures and perform additional checks. It's off by default because some idiots were complaining about how their favorite software was highlighted in pink (which is the most attention-grabbing color I could use).

    I display the the Current and Total physical memory, not the available memory. The main reason for this is consistency; I display current commit charge, not available commit charge (as if there were such a thing).

    9,192 kiB = 8.98 MiB (with some rounding errors of course). Remember that 1 MiB = 1,024 kiB, not 1,000 kiB.
     
Loading...
Thread Status:
Not open for further replies.