Process Hacker Discussion Forum

 
User avatar
dmex
Admin
Posts: 1695
Joined: 17 Jan 2011 05:43

Search commands reference

04 Aug 2013 12:26

Process Hacker supports a limited number of searchbox commands in addition to the default wildcard search.

By default you can search by any entered syntax and filter all Process, Service and Network activity. Examples:
Explorer.exe
Svchost
TDI
High
Low

You can enter multiple queries using the | character. Examples:
svchost|BadSignature
svchost|IsImmersive
svchost|chrome|firefox|IsBeingDebugged

You can also filter the current view based on specific search queries:

Limited
The Process token elevation type is limited.

Full
The Process token elevation type is elevated.

IsBeingDebugged
The Process is being natively debugged.

IsDotNet
The Process is a native .NET executable.

IsElevated
The Process is elevated.

IsInJob
The Process is part of a job.

IsInSignificantJob
The Process is part of a significant job.

IsPacked
The Process is a packed executable.

IsPosix
The Process is a native POSIX executable.

IsSuspended
The Process is suspended.

IsWow64
The Process is a 32bit executable.

IsImmersive
The Process is a Metro (Immersive) executable.

NoSignature
The Process executable signature unavailable.

Trusted
The Process executable signature is trusted.

Expired
The Process executable signature has expired.

Revoked
The Process executable signature is revoked.

Distrust
The Process executable signature is not trusted.

SecuritySettings
The Process executable signature encountered a policy error.

BadSignature
The Process executable signature has a bad signature, not trusted.

Unknown
The Process executable signature is unknown.
 
frank
Member
Posts: 6
Joined: 14 May 2014 22:36
OS: windows 7

Re: Search commands reference

18 May 2014 00:44

Thanks for the references. It will come in handy.
 
Eran
Member
Posts: 24
Joined: 15 Mar 2015 16:30
OS: Windows 8.1 64bit

Re: Search commands reference

16 Mar 2015 16:56

Thanks :thumbup:
 
NewVersionTester
Member
Posts: 33
Joined: 16 Feb 2014 15:25
OS: Windows 7, SP1, 64-bit

Re: Search commands reference

30 Apr 2015 18:21

At first this queries are very useful. :thumbup:
However in the first post is said you could filter processes with the search queries you mentioned. But in my test it like this.
The "|" rather behaves like an "OR" so "svchost|BadSignature" does not show all svchost.exe processes which have an invalid signature, but it shows all svchost.exe processes and all processes which have an invalid signature.

Here you can see a screenshot: https://i.imgur.com/XKgGoJ7.png

PH 2.34
 
User avatar
dmex
Admin
Posts: 1695
Joined: 17 Jan 2011 05:43

Re: Search commands reference

01 May 2015 13:37

NewVersionTester wrote:
The "|" rather behaves like an "OR" so "svchost|BadSignature" does not show all svchost.exe processes which have an invalid signature, but it shows all svchost.exe processes and all processes which have an invalid signature.
This is how it's designed as the alternative is very limiting. If you want to filter more specifically then you need to be more specific with your search terms ;)
 
NewVersionTester
Member
Posts: 33
Joined: 16 Feb 2014 15:25
OS: Windows 7, SP1, 64-bit

Re: Search commands reference

01 May 2015 13:41

Okay and how can I for example show all svchost.exe process which have a bad signature? "svchost.exe BadSignature" doesn't work.
 
User avatar
dmex
Admin
Posts: 1695
Joined: 17 Jan 2011 05:43

Re: Search commands reference

08 Aug 2015 05:05

NewVersionTester wrote:
Okay and how can I for example show all svchost.exe process which have a bad signature? "svchost.exe BadSignature" doesn't work.
You can try svchost|BadSignature but the filter routine only handles OR style filtering (e.g. You'll see both svchost OR BadSignature processes).
 
phco22
Member
Posts: 7
Joined: 20 Jun 2013 12:39
OS: Windows 8.1 32bit

Re: Search commands reference

29 Jul 2016 14:13

hello
can you please add this info as tool tip to show when click in search bar?
if you do that also add | Alt 124 so user know how to type that
thank you best regards