Skip to content

TETYYS/processhacker2

 
 

Repository files navigation

Process Hacker is a powerful free and open source process viewer.

Getting started

Simply run ProcessHacker.exe to start Process Hacker. There are two versions, 32-bit (x86) and 64-bit (x64). If you are not sure which version to use, open Control Panel > System and check the "System type". You cannot run the 32-bit version of Process Hacker on a 64-bit system and expect it to work correctly, unlike other programs.

System requirements

Windows XP SP2 or higher, 32-bit or 64-bit.

Settings

If you are running Process Hacker from a USB drive, you may want to save Process Hacker's settings there as well. To do this, create a blank file named "ProcessHacker.exe.settings.xml" in the same directory as ProcessHacker.exe. You can do this using Windows Explorer:

  1. Make sure "Hide extensions for known file types" is unticked in Tools > Folder options > View.
  2. Right-click in the folder and choose New > Text Document.
  3. Rename the file to ProcessHacker.exe.settings.xml (delete the ".txt" extension).

Plugins

Plugins can be configured from Hacker > Plugins.

If you experience any crashes involving plugins, make sure they are up to date.

The ExtendedTools plugin is only available for Windows Vista and above. Disk and Network information provided by this plugin is only available when running Process Hacker with administrative rights.

KProcessHacker

Process Hacker uses a kernel-mode driver, KProcessHacker, to assist with certain functionality. This includes:

  • Bypassing security software and rootkits in limited ways
  • More powerful process and thread termination (*)
  • Setting DEP status of processes
  • Capturing kernel-mode stack traces
  • More efficiently enumerating process handles
  • Retrieving names for file handles
  • Retrieving names for EtwRegistration objects
  • Setting handle attributes

The feature(s) marked with an asterisk (*) are NOT available on 64-bit versions of Windows.

Note that by default, KProcessHacker only allows connections from processes with SeDebugPrivilege. To allow Process Hacker to show details for all processes when it is not running as administrator:

  1. In Registry Editor, navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KProcessHacker2
  2. Under this key, create a key named Parameters if it does not exist.
  3. Create a DWORD value named SecurityLevel and set it to 0.
  4. Restart the KProcessHacker2 service (sc stop KProcessHacker2, sc start KProcessHacker2).

About

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C 99.4%
  • Inno Setup 0.4%
  • C++ 0.1%
  • Batchfile 0.1%
  • Visual Basic .NET 0.0%
  • Assembly 0.0%