Hi Process Hacker development team!
KProcessHacker is an extremely powerful "plugin" which in my opinion to a great extent gives Process Hacker its usefulness. Personally I would like see the option for KProcessHacker persist.
However, as already discussed way earlier is KProcessHacker installing kind of a backdoor into your system.
That's why in more recent installers we are recommended to not install the driver which is fine for the majority of users. As for me I would like to have the choice of keeping the driver installed on my machine always but only allow administrator's access to it. In the newly downloaded Process Hacker 2.39 I disabled KProcessHacker in the standard Process Hacker options but left it enabled in an elevated Process Hacker.
After a reboot the driver does not load until I run Process Hacker with administrative access which is as expected.
However, I noticed that it is possible to takeover KProcessHacker with a standard Process Hacker once it has been loaded by the admin Process Hacker.
My expectation was such that KProcessHacker would deny non-elevated access to its device. I'm able to open the device using a standard WinObj.exe instance as well.
Question: Is it possible for KProcessHacker to be exclusively opened only and automatically unload immediately after closing its device? Then Windows itself would take care no std user uses the driver or loads it again - since loading a driver always requires administrative privileges unless tampered with group policies for the std user group. Only an admin could load and use it again.
Maybe it is also possible to always load the driver (employing SERVICE_SYSTEM_START installation as usual) yet have it perform desired actions only if the calling process is elevated.
Fairly nice would be also to have the (elevated) user set the driver behavior (KProcessHacker usable by everyone, or only by admin) in the Settings --> Advanced panel.
Keep up the good work!