Process Hacker Discussion Forum

Search found 49 matches

by diversenok
22 Oct 2019 17:50
Forum: General Discussion
Topic: [OFFTOPIC] Finding object "type" IDs
Replies: 5
Views: 4686

Re: [OFFTOPIC] Finding object "type" IDs

Try calling with INVALID_HANDLE_VALUE instad of NULL handle No, don't do that. INVALID_HANDLE_VALUE is completely unrelated to this question: it is a Win32 constant, and Native API has nothing to do with it. If you're ever going to pass it directly to a kernel call, you will be surprised, as it int...
by diversenok
23 Aug 2019 11:13
Forum: General Discussion
Topic: Changing a process's tocken after it started
Replies: 1
Views: 4038

Re: Changing a process's tocken after it started

When we consider a token object itself, most of the information it stores is static, so we are free to cache it. On Windows 7 the changeable part includes the following information classes: Groups, Privileges, Owner, PrimaryGroup, DefaultDacl, Statistics, SessionId, GroupsAndPrivileges, AuditPolicy,...
by diversenok
30 Jan 2019 15:37
Forum: Completed
Topic: Specify path to GeoIP DB for portable installations
Replies: 8
Views: 6824

Re: Specify path to GeoIP DB for portable installations

You might want to add the location of GeoIP DB to PATH using App Paths , so it will appear only for Process Hacker. Here is an example: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ProcessHacker.exe] "Path"="C:\\Program F...
by diversenok
13 Nov 2018 19:05
Forum: Closed reports
Topic: Not truly constant columns
Replies: 5
Views: 6517

Re: Not truly constant columns

It would have been nice to give us a heads up first before posting it on a public forum Sorry, I didn't think about it. The main point about hiding a highly privileged process is that you already need to have one under your control. SeAssignPrimaryTokenPrivilege is required to assign something diff...
by diversenok
09 Nov 2018 17:15
Forum: Closed reports
Topic: Not truly constant columns
Replies: 5
Views: 6517

Re: Not truly constant columns

Oh, I've just found a reliable and easy way to alter the user of a process and to make PH show outdated information in the main process list. Actually, someone could've used it to partially hide highly privileged processes from PH or Process Explorer by making them seem as running with lower privile...
by diversenok
25 Apr 2018 17:33
Forum: General Discussion
Topic: Text string comparisons
Replies: 6
Views: 3470

Re: Text string comparisons

Microsoft Windows SDK also contains WinDiff comparison tool with graphical interface:
WinDiff.zip
(86.43 KiB) Downloaded 468 times
by diversenok
25 Apr 2018 09:30
Forum: General Discussion
Topic: Kaspersky Labs Antivirus Detects Serious Viruses Upon Download of "Process Hacker" Software.
Replies: 3
Views: 5626

Re: Kaspersky Labs Antivirus Detects Serious Viruses Upon Download of "Process Hacker" Software.

Detected File: not-a-virus:HEUR:RiskTool.Win32.ProcHack.gen Read it slowly. It says that: This program is not a virus The analysis is based on heuristics It is a RiskTool (since it provides advanced system management capabilities) It works on Windows and it is called Process Hacker. Which part of t...
by diversenok
19 Apr 2018 19:59
Forum: General Discussion
Topic: Find Handles or DLLs discussion
Replies: 3
Views: 3398

Re: Find Handles or DLLs discussion

Thanks for the response. Maybe I'll create a pull request to add these extra categories. :thinking:
by diversenok
14 Apr 2018 16:56
Forum: General Discussion
Topic: Find Handles or DLLs discussion
Replies: 3
Views: 3398

Find Handles or DLLs discussion

Hi, everyone. I want to discuss the feature that allows you to search for opened handles across all processes. First of all, there is a hard-coded limitation that prevents the search from being performed without any specified text. What is the point for that? I mean, sometimes I need to search for a...
by diversenok
06 Mar 2018 19:19
Forum: Completed
Topic: Changing default DACL
Replies: 2
Views: 5045

Changing default DACL

Hi there. I think it would be very cool to have an ability to change token's default DACL via Process Hacker. All functions that create securable objects use this DACL when the calling procedure doesn't specify PSECURITY_ATTRIBUTES, so changing the default DACL is very useful to control the security...
by diversenok
13 Feb 2018 17:05
Forum: Completed
Topic: Numbers instead of graphs in Systray
Replies: 17
Views: 12485

Re: Numbers instead of graphs in Systray

I use these text-based graphs. :) However, I have some more suggestion for this feature. Let's take a look at the current situation: • Tray Icons menu now looks too overloaded. It should be simplified and structured. • It is barely believable that someone has enabled more than 4-5 icons. Furthermore...
by diversenok
08 Feb 2018 12:13
Forum: General Discussion
Topic: Process patching
Replies: 4
Views: 4161

Re: Process patching

application creates another process and do something in this new process. This protection does not allow me to use debugger to find out algorithm. By the way, if you want to automatically attach a debugger to a new process before it can perform any actions you can use Image File Execution Options m...
by diversenok
12 Jan 2018 09:46
Forum: General Discussion
Topic: Dll injection feature
Replies: 8
Views: 7939

Re: Dll injection feature

For me this idea doesn't look like a full solution: I've already copied all deleted code into an extra plugin but it doesn't involve KProcessHacker. So it makes the feature much less powerful.
by diversenok
07 Jan 2018 18:12
Forum: General Discussion
Topic: Dll injection feature
Replies: 8
Views: 7939

Dll injection feature

Hi, dmex. Today you removed dll injection feature from PH. I think it was a very useful feature, and I used it a lot. So what's the matter? Is it a permanent deletion or you just want to move this code to some extra plugin? :?
by diversenok
02 Jan 2018 20:32
Forum: General Discussion
Topic: Suspend/Resume Specific Application
Replies: 2
Views: 5559

Re: Suspend/Resume Specific Application

I wrote such a program (for hotkeys) for myself some time ago: Suspend-Resume Hotkeys However, it seems to me like an interesting idea to write a plugin for PH where you can set your own global hotkeys for any action you want (or, rather, any action that the plugin would support). Will it be in dema...
by diversenok
19 Dec 2017 19:19
Forum: General Discussion
Topic: How does processhacker kill/terminate processes that I can't as the SYSTEM account???
Replies: 3
Views: 3327

Re: How does processhacker kill/terminate processes that I can't as the SYSTEM account???

Process Hacker has it's own driver that works in kernel mode and has more privileges than the SYSTEM account.
by diversenok
14 Dec 2017 19:57
Forum: Closed reports
Topic: Deletion of environmental variables
Replies: 2
Views: 2513

Re: Deletion of environmental variables

Now everything works fine. Thanks :thumbup:
by diversenok
11 Dec 2017 21:46
Forum: Completed
Topic: Numbers instead of graphs in Systray
Replies: 17
Views: 12485

Re: Numbers instead of graphs in Systray

Actually, numbers can show more accurate information then graphs (where you can hardly distinguish 10 percents from 20). However, numbers don't show history. I think this feature can be useful. But then you should have a possibility to change font/background color. tray-icons.png Here is an example ...
by diversenok
06 Dec 2017 09:01
Forum: Plugins
Topic: Plugins-Extra
Replies: 142
Views: 112590

Re: Plugins-Extra

What you protect so much that you need three firewalls at the same time?? Windows built in Firewall is very good and enough to block all inbound and control the all outbound connection. There's a little help for creating a quick Windows Firewall rule. Windows Registry Editor Version 5.00 ;Copyright...
by diversenok
03 Dec 2017 14:15
Forum: Closed reports
Topic: No error message for setting affinity
Replies: 1
Views: 6214

No error message for setting affinity

:arrow:   Windows 7 x64 :arrow:   Process Hacker 3.0.1118 Just a little note: If you try to set an affinity to a thread when you don't have permission for that you will get "access violation" message. But if you try to set an affinity for the whole process (in process list's context menu) ...