Process Hacker v1.3.8.0 released

Process Hacker is a feature-packed tool for manipulating processes and services on your computer. It can show you the threads (with symbols), modules, memory regions, handles and token of processes. It has detailed graphs that show CPU usage, memory usage and I/O activity. It can even change the DEP status of some processes and protect/unprotect them!

Process Hacker can read/write memory using a built-in hex editor and search through memory. It has a powerful run-as tool that can run programs as almost any user, including SYSTEM, LOCAL SERVICE and NETWORK SERVICE. Finally, its kernel-mode driver enables Process Hacker to show information for any process, even if it is protected by a rootkit.

Changes for this release :


  • KProcessHacker can now perform process memory reading/writing
    by itself and does not require MmCopyVirtualMemory
  • KProcessHacker can now bypass all handle-opening protections
  • Experimental process protection feature
  • Ability to set handle flags such as protect-from-close and inherit
  • Better highlighting
  • Terminator test: TD1 (debugs a process and closes the debug object)
  • Terminator test: TT3 (TT1 is now completely user-mode)
  • Shows function file and line numbers where available
  • Icon updating is now done on the shared thread to avoid the GUI
    blocking when explorer.exe is suspended or is hanging


  • #2785648 - "cursor down crashes PH"
  • #2790404 - "System.InvalidOperationException"
  • Incomplete or inaccurate thread call stacks
  • Windows 7 BSOD
  • Crash upon executing terminator test M1
  • Unexpected actions being performed when a key was pressed in
    the memory and handle lists
  • Changed I/O tray icon tooltip from ROW to RWO
  • Corrupted usernames
  • .NET processes getting recognized as packed
  • Start times like "20 centuries ago"
  • Unable to change service configurations
  • "Access denied" when changing DEP status or unloading a module
    on Windows XP

Post scriptum

Compliance Mandates

  • Forensics :

    PCI DSS 10.2, 12.9, A.1.4*, SOX DS7, HIPAA 164.308(a)(1) and (a)(6), FISMA IR-7, ISO 27001/27002 13.2.1, 13.2.3
    *Shared Hosting Providers Only


Related Articles

Process Hacker