at first i was wondering why i wasnt able to view kernel memory and handle stuff after upgrading to the latest PH 2.39.124 on my 32bit vista system, even by using an elevated PH. After some investigation i found out that the KPH driver (ver. 3.0.0) wasnt loaded. Not a big deal i thought...at first. I checked the PH settings and the settings xml file and both state "<setting name="EnableKph">1</setting>". First thing i was looking at was my COMODO CIS. Security software could be the reason why some drivers wont get loaded as we know. But CIS wont show any warnings on its logs, nor does it block anything related to PH. I also disabled it and rety it. I found out that the driver wasnt registered in the SCM with the installer as it seems and wasnt loaded on demand by PH either. So i tried to install it by hand and set it to system start and normal error control, restarted the system and it still wont be loaded. Checking the windows event logs show me simply the error message that it could not start the boot or system start driver "KProcessHacker3". Manually trying to start/load it fails with code 127 "The specified procedure could not be found.". Ntbootlog shows simply "Did not load driver \SystemRoot\System32\Drivers\kprocesshacker.sys". I moved the driver to the system directories drivers folder from its original "Program FIles" location. Just for the case. You newer know. Looking at the binary show me that it has all its runtime dependencies (hal,ksecdd,ntoskrnl) satisfied so there is nothing missing. I am pretty sure that its not a missing DriverEntry procedure that fails here. Other drivers will be loaded without any complain, including non-signed, non-microsoft. Luckily vista 32 has no signature enforcement, but this doesnt help here
Now i am stuck on this. Maybe someone has an idea how to pin down this issue?