Process Hacker is a free and open source process viewer and memory editor with unique features such as powerful process termination. It can show services, processes and their threads, modules, handles and memory regions.
Must have tool for knowing the processes of System consumption.
Very important to know the processes when there is doubt of system infected with Virus
Process Hacker is a feature-packed tool for managing processes and services on your computer.
Key features of Process Hacker:
• A simple, customizable tree view with highlighting showing you the processes running on your computer.
• Detailed system statistics with graphs.
• Advanced features not found in other programs, such as detaching from debuggers, viewing GDI handles, viewing heaps, injecting and unloading DLLs, and more.
• Powerful process termination that bypasses security software and rootkits.
• View, edit and control services, including those not shown by the Services console.
• View and close network connections.
• Starts up almost instantly, unlike other programs.
• Many more features...
Compared with Process Explorer, Process Hacker:
• Implements all of the functionality offered by Process Explorer, plus more advanced features.
• Performs stack traces for .NET programs, with managed symbol resolution.
• Allows you to see what a thread is waiting on.
• Has advanced string scanning capabilities, as well as regular expression filtering.
• Highlights both relocated and .NET DLLs.
• Shows symbolic access masks (e.g. Read, Write), rather than just numbers (e.g. 0x12019f).
• Shows names for transaction manager objects and ETW registration objects.
• Shows detailed token information, as well as allowing privileges to be enabled and disabled.
Download Process Hacker2.27
A very incomplete feature list for Process Hacker 2:
Processes
• View processes in a tree view with highlighting
• View detailed process statistics and performance graphs
• Process tooltips are detailed and show context-specific information
• Select multiple processes and terminate, suspend or resume them
• (32-bit only) Bypass almost all forms of process protection
• Restart processes
• Empty the working set of processes
• Set affinity, priority and virtualization
• Create process dumps
• Use over a dozen methods to terminate processes
• Detach processes from debuggers
• View process heaps
• View GDI handles
• Inject DLLs
• View DEP status, and even enable/disable DEP
• View environment variables
• View and edit process security descriptors
• View image properties such as imports and exports
• View processes in a tree view with highlighting
• View detailed process statistics and performance graphs
• Process tooltips are detailed and show context-specific information
• Select multiple processes and terminate, suspend or resume them
• (32-bit only) Bypass almost all forms of process protection
• Restart processes
• Empty the working set of processes
• Set affinity, priority and virtualization
• Create process dumps
• Use over a dozen methods to terminate processes
• Detach processes from debuggers
• View process heaps
• View GDI handles
• Inject DLLs
• View DEP status, and even enable/disable DEP
• View environment variables
• View and edit process security descriptors
• View image properties such as imports and exports
Threads
• View thread start addresses and stacks with symbols
• Threads are highlighted if suspended, or are GUI threads
• Select multiple threads and terminate, suspend or resume them
• Force terminate threads
• View TEB addresses and view TEB contents
• (32-bit only) Find out what a thread is doing, and what objects it is waiting on
• View and edit thread security descriptors
Tokens
• View full token details, including user, owner, primary group, session ID, elevation status, and more
• View token groups
• View privileges and even enable, disable or remove them
• View and edit token security descriptors
Modules
• View modules and mapped files in one list
• Unload DLLs
• View file properties and open them in Windows Explorer
Memory
• View a virtual memory list
• Read and modify memory using a hex editor
• Dump memory to a file
• Free or decommit memory
• Scan for strings
Handles
• View process handles, complete with highlighting for attributes
• Search for handles (and DLLs and mapped files)
• Close handles
• (32-bit only) Set handle attributes - Protected and Inherit
• Granted access of handles can be viewed symbolically instead of plain hex numbers
• View detailed object properties when supported
• View and edit object security descriptors
Services
• View a list of all services
• Create services
• Start, stop, pause, continue or delete services
• Edit service properties
• View service dependencies and dependents
• View and edit service security descriptors
Network
• View a list of network connections
• Close network connections
• Use tools such as whois, traceroute and ping
For More information visit -
http://processhacker.sourceforge.net/
http://sourceforge.net/projects/processhacker/?source=directory
http://processhacker.sourceforge.net/
http://sourceforge.net/projects/processhacker/?source=directory
0 comments:
Post a Comment