Introduction Process Hacker is a feature-packed tool for manipulating processes and services on your computer. It can show you the threads (with symbols), modules, memory regions, handles and token of processes. It has detailed graphs that show CPU usage, memory usage and I/O activity. It can even change the DEP status of some processes and protect/unprotect them!
It can read/write memory using a built-in hex editor and search through memory. It has a powerful run-as tool that can run programs as almost any user, including SYSTEM, LOCAL SERVICE and NETWORK SERVICE. Finally, its kernel-mode driver enables Process Hacker to show information for any process, even if it is protected by a rootkit.
System Requirements - .NET Framework 2.0 - Microsoft Windows XP or above - 1GB or more of total RAM if you want to read/write or search memory - 2 CPUs (physical or multi-core) if you want to read/write or search memory
NEW/IMPROVED: * #2780260 - "add <Enter> key to open Proc Properties" * #2780277 - "add <ENTER> to shortcut list for default action" * #2781625 - "System Idle Process should not have network connections" * #2784954 - "Ctrl+F find DLLs and not just Handles" * Customizable tray icons - CPU History, CPU Usage, I/O History, Commit History and Physical Memory History * Base Priority, Start Time, and CPU Time columns * "Terminate Process Tree" * Can close TCP connections * Process tree loads instantly * Process properties (appears to) loads faster * Decreased CPU usage * Significantly less memory usage, especially when opening process properties * Thread termination now prompts * Implemented Esc to close windows * Cycles, Page Priority and I/O Priority in process statistics * Integrity, I/O priority and page priority columns * Windows are protected from being offscreen when they load * Process property window locations are now saved * The main window dimensions are saved when exiting minimized * Enabled Reduce Working Set for multiple processes at a time * Hides Process Hacker network connections by default
FIXED: * #2782808 - "Exception generated when CPU History is set to first column." * #2784922 - "Hidden processes window: window location not remembered" * #2784924 - "Network connections: process's icon not shown" * Unhandled exception when process properties is closed within 100ms of being opened * Handle filter took a while to start up * Forgot to add sorting for Private WS, Shared WS and Shareable WS * dbghelp warnings were not being shown the first time process properties opened * Random file-object-related BSODs * Increased PID limit in Hidden Processes to 65536 * Inaccurate I/O Total rates when using a refresh interval other than 1000ms * Incorrect thread start addresses
1.3.8.0
* NEW/IMPROVED:
* KProcessHacker can now perform process memory reading/writing
by itself and does not require MmCopyVirtualMemory
* KProcessHacker can now bypass all handle-opening protections
* Experimental process protection feature
* Ability to set handle flags such as protect-from-close and inherit
* Better highlighting
* Terminator test: TD1 (debugs a process and closes the debug object)
* Terminator test: TT3 (TT1 is now completely user-mode)
* Shows function file and line numbers where available
* Icon updating is now done on the shared thread to avoid the GUI
blocking when explorer.exe is suspended or is hanging
* FIXED:
* #2785648 - "cursor down crashes PH"
* #2790404 - "System.InvalidOperationException"
* Incomplete or inaccurate thread call stacks
* Windows 7 BSOD
* Crash upon executing terminator test M1
* Unexpected actions being performed when a key was pressed in
the memory and handle lists
* Changed I/O tray icon tooltip from ROW to RWO
* Corrupted usernames
* .NET processes getting recognized as packed
* Start times like "20 centuries ago"
* Unable to change service configurations
* "Access denied" when changing DEP status or unloading a module
on Windows XP
Download:
1.3.8.5
* NEW/IMPROVED:
* Full support for Windows Vista SP2
* Users/sessions list
* Window process finder
* Thread wait analysis - right-click a thread and choose
Analyze > Wait to see what a thread is hanging on
* Added ability to create dump files for processes
* Added ability to detach processes from debuggers
* Added "scroll down process tree on startup" option
* Notification icon process list is now sorted
* Lists are dramatically faster (especially the handle list)
* Detailed handle properties
* Event objects can now be modified - set, clear, pulse, reset
* Event pair objects can now be modified - set high, set low
* Semaphore objects can now be modified - acquire, release
* Statistics for token objects
* Token object names now include their session LUIDs
* Added Shift+Del for Terminate Process Tree
* FIXED:
* #2795871 - "Hidden Processes window resizing problem"
* #2800710 - "System.ObjectDisposedException"
* Windows 7 RC BSOD (Windows 7 Beta is no longer supported) at
startup; support is STILL EXPERIMENTAL
* Memory search addresses being in decimal
* Disabling "Warn about dangerous actions" now disables all
process-related prompts
* Terminator window would be hidden if the main window was top-most
* Using the keyboard (Up/Down/Left/Right) in the process list was fixed
* Potential BSOD with KphReadVirtualMemory and KphWriteVirtualMemory
due to incorrect address probing
* Get Function Address window would return incorrect hex addresses
Download:
NEW/IMPROVED: * #2812814 - "Auto-scroll option should be remembered" * Kernel-mode stack traces * POSIX process support, including command lines and highlighting * Hidden processes scanner can now detect FUTo * Highlighting for .NET and relocated DLLs * Ability to terminate system threads * Ability to force terminate threads * Ability to create services * Ability to set DEP status of processes in other sessions * Ability to unload modules of processes in other sessions * Ability to dump memory to a file * Process window manipulation * Process heap information * Paged and non-paged pool limit display * Terminator test: TP1a (TP1, alternative method) * Terminator test: TT1a (TT1, alternative method) * Terminator test: TT4 (dangerous thread termination) * Better file object names without KProcessHacker * Better IP address resolving * CPU, I/O and memory indicators * Child windows float by default * dbghelp is now set up automatically when Process Hacker is run the first time * Thread wait analysis now detects NtQueryObject hangs and named pipe connections * Automatic tree text coloring, allowing for dark highlighting colors * Small performance improvements
FIXED: * #2811733 - "System.NullReferenceException" * Broken system thread start addresses due to sign-extending instead of zero-extending pointers * Broken Ctrl+A for memory, results, and PE lists * Removed several annoying thread-related warnings * Network connections now display process IDs * Ctrl+C in the log window * Window location problem when hiding and restoring the window * ObjectDisposedExceptions when closing search options windows * "Inject DLL" menu item enabling problem * InvalidCastException when attempting to close handles in the handle filter window
NEW/IMPROVED: * Full support for Windows 7 SP0 * Basic support for Windows 64-bit * Ability to unload drivers * Handle names for Kernel Transaction Manager (KTM) objects * Ability to save details for processes * Improved handle granted access display * Improved process window exit status display * Improved user prompts * Ability to open key handles in regedit * Thread list is more responsive * Process exit notification (in the process window) is now instant * Improved control tab indicies * Small performance improvements
FIXED: * #2821437 - "Windows 7 PsTerminateProcess crash" * #2834578 - "Unable to replace Task Manager with Process Hacker error" * Properties menu item for handles was disabled most of the time * Handle names could not be viewed properly without KPH and on systems without the VC++ 9 runtime * Minor KPH pool leak * Annoying popup when Process Hacker replaces Task Manager on Windows 7 * No symbols for protected processes
NEW/IMPROVED: * #2831605 - "Add handle count by type to process properties handle tab" * #2836706 - "Signature Column in Processes" * Improved kernel modules list * Detects custom kernels * Performance improvements * KTM resource manager information FIXED: * Windows XP BSODs * Incorrect drive letter resolving for file handles * Linked token display on x64
Process Hacker v1.7 (r2298) Experimental
2009-10-24
NEW/IMPROVED:
* #2873973 - "Columns window improvements"
* New settings system - settings can now be saved anywhere
* Decreased memory and CPU usage
* Process Hacker probably runs on Windows 2000 now
FIXED:
* #2880368 - "Highlight Option dialog does not show current colors"
* #2881084 - "System.ArgumentOutOfRangeException"
* #2881951 - "Invalid cursor handle."
* Fixed some crashes on 64-bit when viewing thread stacks
* Remaining network list bug
Process Hacker v1.8 (r2364) Experimental
2009-11-26
Changelog
NEW/IMPROVED:
* Ability to set I/O priority for processes and threads
* No more separate Assistant.exe executable required
* Added proper x64 support to structs reader
* Added basic preprocessor to structs reader
* Small performance improvements
FIXED:
* #2902988 - "Toolbar not shown after saving options"
* NEW/IMPROVED:
* Ability to set I/O priority for processes and threads
* No more separate Assistant.exe executable required
* Signature verification now works on x64
* Now shows signer names (plus a Verified Signer column)
* Added proper x64 support to structs reader
* Added basic preprocessor to structs reader
* WOW64 modules now appear in Handle/DLL searches
* Small performance improvements
* Editing object SACLs is now possible with KProcessHacker
* FIXED:
* #2902988 - "Toolbar not shown after saving options"
* Find window and select thread sometimes not working
* 32bit Resource Files (*.res) can now also be viewed and edited.
* Added support for the following Dialog extended style flags: WS_EX_LAYERED, WS_EX_NOINHERITLAYOUT, WS_EX_LAYOUTRTL and WS_EX_NOACTIVATE.
* All resource language ids (except those for cursors and icons) can now be easily changed.
* Bug Fix: LBS_NOINTEGRALHEIGHT and LBS_MULTICOLUMN listbox style flags in dialogs previously could not be combined.
Process Hacker v1.9 (r2459) Experimental
2009-12-19
Changelog
NEW/IMPROVED:
* Dump/view process information
* Added useful tooltips to the module list
* The "-elevate" command line option propagates other arguments
FIXED:
* #2911938 - "The given key was not present in the dictionary."
* #2911957 - "The given key was not present in the dictionary."
* #2912500 - "Failed to compare two elements in the array."
* Buggy save as text file behaviour on Windows XP
NEW/IMPROVED:
* Dump/view process information
* Added useful tooltips to the module list
* The "-elevate" command line option propagates other arguments
FIXED:
* #2911938 - "The given key was not present in the dictionary."
* #2911957 - "The given key was not present in the dictionary."
* #2912500 - "Failed to compare two elements in the array."
* #2917952 - "Index was outside the bounds of the array."
* Buggy save as text file behaviour on Windows XP
进程管理 用不到它
