The NT "reserve object"
Windows 7 introduced two new object types: UserApcReserve and IoCompletionReserve. What do these object types have in common? They’re both created using N...
Windows 7 introduced two new object types: UserApcReserve and IoCompletionReserve. What do these object types have in common? They’re both created using N...
Note: An updated version for Windows 7 SP1 is available. This patch allows you to use more than 3/4GB of RAM on an x86 Windows system. Works on Vista and 7, has...
Process Explorer 12 includes a new feature whereby you can view service names associated with threads. To find out how this works, read this article by Alex Ion...
On Vista and above there is an information class for NtQuerySystemInformation which I call SystemProcessImageNameInformation (88). (Note that I reverse-engineer...
I ported my fast reader-writer lock from C# to C for Process Hacker 2. Here it is. #include <windows.h> #include <intrin.h> // Put this in a header ...
TerminateProcess or NtTerminateProcess Everyone knows about TerminateProcess. You simply open a handle to the target process and call TerminateProcess. In case ...
You’ve probably seen code like this: NTSTATUS MyRootkitNtQuerySystemInformation( ULONG SystemInformationClass, PVOID SystemInformation, ULONG SystemInform...
Writing a system utility but annoyed by the fact that you can’t open the processes of security software and rootkits, instead receiving “Access Deni...
How would you get the command line of a process? Some people have suggested that you use remote thread injection, call GetCommandLine(), then IPC the result bac...
<advertisment> I’ve been working a C# program for the past 2 weeks… Process Hacker is a process viewer/manager with special features, includin...