Process Hacker v1.3.6.5 available

by

In: Enumeration , Forensics , Monitoring , Process Hacker

14 April 2009

Process Hacker is a feature-packed tool for manipulating processes and services on your computer. It can show you the threads (with symbols), modules, memory regions, handles and token of processes. It has detailed graphs that show CPU usage, memory usage and I/O activity. It can even change the DEP status of some processes and protect/unprotect them!

Process Hacker can read/write memory using a built-in hex editor and search through memory. It has a powerful run-as tool that can run programs as almost any user, including SYSTEM, LOCAL SERVICE and NETWORK SERVICE. Finally, its kernel-mode driver enables Process Hacker to show information for any process, even if it is protected by a rootkit.

Changelog for this release :

  • NEW/IMPROVED:
  • #2702907 - "CSR Processes: Enable termination of multiple processes"
  • #2702909 - "CSR Processes: Show process name when confirming termination"
  • #2702911 - "Show process name when terminating process in properties"
  • #2702929 - "Add a Cancel button in Options"
  • #2713088 - "Network: Ctrl+A and Ctrl+C should copy the processes’ names"
  • #2714130 - "Option to disable/enable all highlighting colors"
  • Job information
  • "Inject DLL" function
  • Statistics times in System Information and process properties
  • Highlighting system
  • Configurable max. samples and plotter step size
  • Network list with icons
  • Can close multiple handles at once
  • Less memory usage
  • Confirmation dialogs are now consistent and use new Vista interfaces where possible
  • KProcessHacker now retrieves thread start addresses
  • KProcessHacker now performs memory manipulation (allowing the command lines of more processes to be displayed)
  • KProcessHacker now performs process suspending/resuming on Windows Vista
  • Custom module information querying; can now display the modules for protected processes
  • Displays service DLL paths
  • Thread list displays cycles instead of context switches on Windows Vista
  • GUI threads are highlighted (with KProcessHacker)
  • Suspended and GUI thread highlighting can be configured
  • Special tooltip information for dllhost.exe (shows COM target)
  • FIXED:
  • #2642442 - "System Information label text gets clipped"
  • #2694437 - "Crash when sorting the process list"
  • #2713087 - "Processes: Copy should copy only the columns currently used"
  • #2716815 - "PH crashes during EnumProcesses"
  • Network connections would be readded if their state changed
  • Integer overflows in the process provider and system statistics
  • Memory leaks with various windows
  • Crash when saving with the I/O or CPU History column visible
  • Inconsistent Copy menu after columns are modified
  • Crash when F5 (Refresh) is held down
  • Resizable statusbar
  • Module unloading now works properly
  • REMOVED:
  • Disassembler - not used very often

Post scriptum

Compliance Mandates

  • Forensics :

    PCI DSS 10.2, 12.9, A.1.4*, SOX DS7, HIPAA 164.308(a)(1) and (a)(6), FISMA IR-7, ISO 27001/27002 13.2.1, 13.2.3
    *Shared Hosting Providers Only


Related Articles

Enumeration
Forensics
Monitoring
Process Hacker