Process Hacker Forums

OK

NewVersionTester wrote:

1. Does also the newest version of PH only use a SHA-1 hash to verify the update?!

No

2. How is this hash downloaded? Does it at least use HTTPS?

No

What about signing the files it downloads and verifying them in the updater?

It already does this

I can't reproduce this. Does this problem occur with the dev build? Are you using antivirus or security software?

Have you tried WinDbg? You can use !peb or dt _PEB @$peb -r.

Very interesting! Thanks for sharing

Why?

It looks like Windows 10 allows you to scroll without focusing the window.

1. Always on Top issue When Always on Top is set, some windows across Process Hacker don't follow this flag and pop up behind main window. Some examples: - Memory editor and Strings window in the Memory tab. - Peview in process properties (General tab, Modules tab) or in Tools menu. - WindowExplore...

Added label for max data point in v2.38.

cprocs2 wrote:

Does this work for every new process created or does it only work for initial process (at startup) only.

Ex: Initially only one process with children is present, after some time more processes with same name arise... So these new processes are also collapsed ?

Yes

What does that have to do with the app ID?

It's been in the column list since v2.29.

UserNotes now has the ability to save this state, but you need to select Miscellaneous > Collapse by Default.

There's no need to double post. Either post on GitHub or on the forums.

OK, so it does get mapped in as an image rather than a Ldr DLL.

Yeah but it has mscorlib.ni.dll, which means we can detect it. I'm asking whether mscorlib.dll will show up as a Mapped Image if COR_PRF_DISABLE_ALL_NGEN_IMAGES is set.

Ah ok I just realized that the bug in that topic was related to the new DLL based detection method that I introduced, which replaced the old section-based method. It would be really nice if we could get a minimal-exe-to-reproduce so we can see what's actually going on. I'm not going to install dotTr...

The DotNetTools plugin should be using PhGetProcessIsDotNetEx with PH_CLR_USE_SECTION_CHECK (since it requires the section objects present to function) but it currently doesn't and relies upon PH doing the initial detection using the loaded module names. Remember this? https://wj32.org/processhacke...

This feature has always been 32-bit only, and since only a small fraction of our users are on 32-bit systems, support for PsTerminateProcess will no longer be updated for newer versions of Windows.

What's an example of such a process?