Process Hacker v1.3.7.1 released

Process Hacker is a feature-packed tool for manipulating processes and services on your computer. It can show you the threads (with symbols), modules, memory regions, handles and token of processes. It has detailed graphs that show CPU usage, memory usage and I/O activity. It can even change the DEP status of some processes and protect/unprotect them!

Process Hacker can read/write memory using a built-in hex editor and search through memory. It has a powerful run-as tool that can run programs as almost any user, including SYSTEM, LOCAL SERVICE and NETWORK SERVICE. Finally, its kernel-mode driver enables Process Hacker to show information for any process, even if it is protected by a rootkit.

1.3.7.1

  • NEW:
  • "-nokph" command line switch to disable KProcessHacker
  • FIXED:
  • #2779558 - "TreeViewAdv font cannot be initialized"
  • KProcessHacker BSOD on some Vista systems
  • Minor issue where new handle providers in the process window would not be added to the shared thread provider

1.3.7.0

  • NEW/IMPROVED:
  • Terminating processes and threads now bypasses all but the most advanced anti-termination methods
  • Better hidden processes scanner (similar to Blacklight’s and IceSword’s) which can now detect both Hacker Defender and FU.
  • Basic support for Windows 7 in Process Hacker and KProcessHacker
  • Proper symbol support with dbghelp.dll
  • Private, Shared and Shareable Working Set columns
  • Improved handle viewing with KProcessHacker - more object types are visible, including ALPC Ports and protected process handles
  • Stack viewing uses KProcessHacker on Windows Vista
  • Handle highlighting
  • Lists now have column sorting priority
  • Memory list is much faster
  • Better thread start addresses, especially on Windows XP
  • Job termination
  • Elevation button in Options now spawns a child options window instead of restarting Process Hacker elevated
  • Can open process properties from the handle list
  • Better "could not initialize configuration" message for Windows Vista
  • New Terminator method: assigns a job object to the process and terminates it
  • Process Properties menu item in the handle filter window
  • Can now close multiple handles at once from the handle filter window
  • FIXED:
  • Service properties Key handle leak
  • Handle deletion detection
  • Unhandled exceptions when viewing performance/statistics for a non-existent process
  • Network connections for processes without icons would not be displayed
  • Virtualization menu item visible on Windows XP
  • When processes are terminated they are deselected (to provide feedback to the user)
  • When Native API calls failed they would pass through the exception handling code unchecked, causing random crashes (rarely)
  • REMOVED:
  • Useless Window menu items (PITA + causes memory leaks due to Microsoft’s poor implementation of MenuItem)
  • Registers from the thread window

Post scriptum

Compliance Mandates

  • Forensics :

    PCI DSS 10.2, 12.9, A.1.4*, SOX DS7, HIPAA 164.308(a)(1) and (a)(6), FISMA IR-7, ISO 27001/27002 13.2.1, 13.2.3
    *Shared Hosting Providers Only


Comments

Related Articles

Enumeration
Forensics
Monitoring
Process Hacker