Process Hacker and Windows discussion

Search found 112 matches

by Zorkov Igor
21 Feb 2017, 05:28
Forum: Completed
Topic: Process Protection Information
Replies: 2
Views: 1551

Re: Process Protection Information

:o :o :o

OK, Thanks
by Zorkov Igor
20 Feb 2017, 16:55
Forum: Completed
Topic: Process Protection Information
Replies: 2
Views: 1551

Process Protection Information

Are you going to add process protection information in next version? It may be obtained with NtQueryInformationProcess. With Delphi i use this code and it works fine. const PS_PROTECTION_NONE = 0; PS_PROTECTION_AUDITED = 8; PS_PROTECTION_AUTHENTICODE_PROTECTED = $12; PS_PROTECTION_CODEGEN_LIGHT = $2...
by Zorkov Igor
02 Oct 2016, 18:31
Forum: Plugins
Topic: TrustedInstaller
Replies: 11
Views: 23419

Re: TrustedInstaller

Thanks
by Zorkov Igor
02 Oct 2016, 14:07
Forum: Plugins
Topic: TrustedInstaller
Replies: 11
Views: 23419

Re: TrustedInstaller

Is there source code for TrustedInstallerPlugin?
by Zorkov Igor
05 Sep 2016, 13:47
Forum: Closed reports
Topic: Bug in the signature verification
Replies: 2
Views: 1255

Re: Bug in the signature verification

Loaded as maped file.., PH not verify mapped files?
by Zorkov Igor
05 Sep 2016, 13:41
Forum: Closed reports
Topic: Bug in the signature verification
Replies: 2
Views: 1255

Bug in the signature verification

PH 3.0.105, W7 X64 SP1

Bug in the signature verification?
05-09-2016 16-33-26.jpg
by Zorkov Igor
27 Aug 2016, 15:06
Forum: Feature Requests
Topic: Separate column to highlight the type of process
Replies: 1
Views: 981

Separate column to highlight the type of process

Make a separate column to highlight the type of process, perhaps like this
27-08-2016 18-02-43.jpg
by Zorkov Igor
04 Feb 2016, 01:05
Forum: General Discussion
Topic: PsTerminateProcess/PspTerminateProcess
Replies: 1
Views: 1422

PsTerminateProcess/PspTerminateProcess

Process Hacker 2.37 don't support PsTerminateProcess/PspTerminateProcess on Windows 10?
else if (majorVersion == 6 && minorVersion > 3 || majorVersion > 6)
{
    KphDynNtVersion = 0xffffffff;
    return STATUS_NOT_SUPPORTED;
}
by Zorkov Igor
26 Aug 2015, 22:29
Forum: General Discussion
Topic: etwmon.c I see
Replies: 2
Views: 1307

Re: etwmon.c I see

...\phlib\basesup.c
by Zorkov Igor
26 May 2015, 07:20
Forum: General Discussion
Topic: Windows 10 browser_broker.exe
Replies: 5
Views: 46810

Re: Windows 10 browser_broker.exe

Ok
by Zorkov Igor
25 May 2015, 18:37
Forum: General Discussion
Topic: Windows 10 browser_broker.exe
Replies: 5
Views: 46810

Re: Windows 10 browser_broker.exe

Maybe should do this verifyResult = PhpVerifyFile(Information, fileHandle, WTD_CHOICE_FILE, &fileInfo, &WinTrustActionGenericVerifyV2, NULL, &signatures, &numberOfSignatures); if (verifyResult != VrTrusted) //if (verifyResult == VrNoSignature) { if (CryptCATAdminAcquireContext2 && CryptCATAdminCalcH...
by Zorkov Igor
25 May 2015, 18:30
Forum: General Discussion
Topic: Windows 10 browser_broker.exe
Replies: 5
Views: 46810

Windows 10 browser_broker.exe

On Windows 10 there is a process named browser_broker.exe that contains embedded certificate which is not trusted, 5-25-2015 6-52-32 PM.jpg 5-25-2015 6-53-12 PM.jpg but the same time there is Windows catalog exists with the file hash which is trusted, 5-25-2015 6-50-55 PM.jpg 5-25-2015 6-51-06 PM.jp...
by Zorkov Igor
10 May 2015, 07:23
Forum: General Discussion
Topic: DPC and Interrupts cycle based CPU
Replies: 5
Views: 1596

Re: DPC and Interrupts cycle based CPU

PH can show cycle based DPC and Interrupts CPU separately?
by Zorkov Igor
10 May 2015, 07:06
Forum: General Discussion
Topic: DPC and Interrupts cycle based CPU
Replies: 5
Views: 1596

Re: DPC and Interrupts cycle based CPU

You can disable cycle based CPU usage via Settings to show the separate DPC process:
But then it shows time based CPU usage, I'm talking about to show cycle based DPC and Interrupts separately
by Zorkov Igor
10 May 2015, 06:21
Forum: General Discussion
Topic: DPC and Interrupts cycle based CPU
Replies: 5
Views: 1596

Re: DPC and Interrupts cycle based CPU

type NTSTATUS = System.LongInt; const STATUS_SUCCESS = NTSTATUS($00000000); STATUS_INFO_LENGTH_MISMATCH = NTSTATUS($C0000004); type _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION = record IdleTime, KernelTime, UserTime, DpcTime, InterruptTime: Int64; InterruptCount: ULONG; end; SYSTEM_PROCESSOR_PERFORMA...
by Zorkov Igor
07 May 2015, 12:18
Forum: General Discussion
Topic: DPC and Interrupts cycle based CPU
Replies: 5
Views: 1596

DPC and Interrupts cycle based CPU

Let's say you have DPC and Interrupts time based CPU // Calculate total DPC and Interrupts time based CPU Int64 TotalInterruptTime = InterruptsTime + DPCTime; // Get 1% TotalInterruptTime Int64 PercentInterrupt = TotalInterruptTime / 100; // 1% TotalInterrupt // Get % DPC time based CPU Int64 Percen...
by Zorkov Igor
26 Apr 2015, 07:40
Forum: Completed
Topic: Detect if process is compiled with "Control Flow Guard"
Replies: 5
Views: 1489

Re: Detect if process is compiled with "Control Flow Guard"

#define IMAGE_DLLCHARACTERISTICS_GUARD_CF = 0x4000

ImageNtHeaders->ImageOptionalHeader->DllCharacteristics

if DllCharacteristics = DllCharacteristics or IMAGE_DLLCHARACTERISTICS_GUARD_CF then
   GuardCF := True
1.jpg
by Zorkov Igor
26 Apr 2015, 06:59
Forum: Completed
Topic: Set process base priority from kernel
Replies: 8
Views: 1443

Re: Set process base priority from kernel

TETYYS wrote:
...the less operations are done in kernel - the better.
:thumbup: YES :thumbup:
by Zorkov Igor
26 Apr 2015, 06:58
Forum: Completed
Topic: Set process base priority from kernel
Replies: 8
Views: 1443

Re: Set process base priority from kernel

Driver loading requires elevation only once when you install it service, write?
by Zorkov Igor
26 Apr 2015, 05:38
Forum: Completed
Topic: Set process base priority from kernel
Replies: 8
Views: 1443

Re: Set process base priority from kernel

I'm just saying that PH can't set "Real Time(24)" base priority to a process without administrative privileges, with driver you don't need to elevate PH to do this