Process Hacker can read/write memory using a built-in hex editor and search through memory. It has a powerful run-as tool that can run programs as almost any user, including SYSTEM, LOCAL SERVICE and NETWORK SERVICE. Finally, its kernel-mode driver enables Process Hacker to show information for any process, even if it is protected by a rootkit.

Changes for this release :

NEW/IMPROVED:
 KProcessHacker can now perform process memory reading/writing by itself and does not require MmCopyVirtualMemory
 KProcessHacker can now bypass all handle-opening protections
 Experimental process protection feature
 Ability to set handle flags such as protect-from-close and inherit
 Better highlighting
 Terminator test: TD1 (debugs a process and closes the debug object)
 Terminator test: TT3 (TT1 is now completely user-mode)
 Shows function file and line numbers where available
 Icon updating is now done on the shared thread to avoid the GUI blocking when explorer.exe is suspended or is hanging

FIXED:
 #2785648 - "cursor down crashes PH"
 #2790404 - "System.InvalidOperationException"
 Incomplete or inaccurate thread call stacks
 Windows 7 BSOD
 Crash upon executing terminator test M1
 Unexpected actions being performed when a key was pressed in the memory and handle lists
 Changed I/O tray icon tooltip from ROW to RWO
 Corrupted usernames
 .NET processes getting recognized as packed
 Start times like "20 centuries ago"
 Unable to change service configurations
 "Access denied" when changing DEP status or unloading a module on Windows XP