Hello, dmex! Thanks for ProcessHacker!
I use it sometimes and want to suggest several features.
First, "system statistics" - it shows data from NtQuerySystemInformation with classes SystemProcessorPerformanceInformation, SystemPerformanceInformation, SystemFileCacheInformationEx, SystemLowPriorityIoInformation, SystemMemoryListInformation, SystemPagedPoolInformationEx, SystemSystemPtesInformationEx in a table view with a lot of columns, there are: actual value, delta between updates, average delta, minimum and maximum. Also, it colorize rows when values increasing or decreasing:
Similar way is used for a process statistics:
Next, let's show a little bit "internals" of \REGISTRY\A\* keys in process handles properties via NtEnumerateKey and NtEnumerateValueKey
More, maybe it's useful to show some object properties in a handle properties dialog (for example, describing gerenal-read, general-write, general-execute access rights, etc):
Next, list of used VM allocations of process contains ActivationContext records with detailed dump of this section (I show it later in text) and colorizing of allocation types and attributes (like VMMap does):
Also, process modules properties can display LDR_DATA_TABLE_ENTRY.Flags with Windows version specific or show if module was load with activation context:
Now about Activation Context: there are data from roster, general assembly info, redirections of DLL, Classes, COM Servers, COM Type Libraries, Application settings, Compability info:
I think, this knowledge may be useful to search "alien" modules in a process.
Another one is dumping of ApiSetMap section.
Finally, last suggestion. It's about PE structure. It not very useful, but interesting. Maybe you know about "Rich header" in a PE-files, that compiled and linked with MS VS?
It can be analysed, it has an information about every instrument (and version) which used to create the PE-file:
Hope, you will find any of suggestions useful. As you can see, all of this features are implemented in my program (i write it "just for fun"), so I can share parts of my code to help you.
PS: I tried to write a letter to you, but seems it was lost.