Process Hacker v1.3.6.1 released

Process Hacker is a feature-packed tool for manipulating processes and services on your computer. It can show you the threads (with symbols), modules, memory regions, handles and token of processes. It has detailed graphs that show CPU usage, memory usage and I/O activity. It can even change the DEP status of some processes and protect/unprotect them!

Process Hacker can read/write memory using a built-in hex editor and search through memory. It has a powerful run-as tool that can run programs as almost any user, including SYSTEM, LOCAL SERVICE and NETWORK SERVICE. Finally, its kernel-mode driver enables Process Hacker to show information for any process, even if it is protected by a rootkit.

This release supports:

  • Running a program as almost any user, including SYSTEM, LOCAL
    SERVICE and NETWORK SERVICE.
  • Viewing, terminating, suspending and resuming processes
  • Viewing, controlling and deleting services
  • Viewing/enabling/disabling/removing process privileges
  • Viewing process groups
  • Inspecting PE files (exe/dll/ocx/sys files)
  • Viewing, terminating, suspending and resuming threads
  • Viewing and closing process handles
  • Viewing modules, finding the address of an exported function, changing page protection, reading memory and viewing file properties
  • Viewing memory regions, changing page protection and reading and writing
  • Searching through process memory, either using literal data or regular expressions
  • Scanning for strings inside process memory
  • Getting heap information
  • Viewing DEP status and other additional information.

Process Hacker comes with an "Assistant" application which is used
when launching programs as other users.

v1.3.6.1 changelog :

  • New CPU and I/O history columns
  • New System Cache value in System Information
  • #2625167 - "Commit charge limit should not be 16EB"
  • #2642385 - "Maximum File Cache size should not be 16EB"
  • Minimize size of the System Information window
  • Settings were lost between versions
  • Handle and memory leaks
  • Integer overflows in System Information

Security-Database.com Opinion

Here is a kind of powerful utility i’d like to use in my binary security assessments. very useful to see the process "behind of scenes".
Dissecting binaries is made easier with Process Hacker.

Post scriptum

Compliance Mandates

  • Forensics :

    PCI DSS 10.2, 12.9, A.1.4*, SOX DS7, HIPAA 164.308(a)(1) and (a)(6), FISMA IR-7, ISO 27001/27002 13.2.1, 13.2.3
    *Shared Hosting Providers Only


Comments

Related Articles

Enumeration
Forensics
Monitoring
Process Hacker