Process_Hacker Until my recent discovery of Process Hacker, I assumed that Process Explorer was the best Task Manager alternative. However, in some areas, the Open Source tool Process Hacker is more than a match for Microsoft’s Sysinternals tool. The user interfaces of both tools look quite similar. As in Process Explorer, you can add additional columns to view more details of running processes on a Windows machine. Unfortunately, Process Hacker doesn’t allow you to view DLL and handle information in the lower pane like Process Explorer.

Process_Hacker_Process_Explorer_Properties To access such data, you have to open the process’s properties. Process Explorer (left hand) and Process Hacker (right hand) differ here (see screenshot). I am missing the open TCP/IP connections in Process Hacker’s process properties. However, the main user interface has an extra tab that lists all processes with their open network connections.

Process Hacker’s capabilities are far superior to Process Explorer’s when it comes to searching of data in the memory the process occupies. The tool gives a good overview of the process’s memory usage, and it supports literal search (hex code), string search, regular expressions and more. Another nice feature is Process Hacker’s ability to find hidden processes. This feature enables you to track down some simple rootkits. For this, Process Hacker attempts to open PIDs sequentially from 8 to 65536. This will show not only hidden processes but also terminated processes that are still referenced by other processes.

Process-Explorer-Context-Menu Process_Hacker_Context-Menu But Process Hacker’s real strength comes to light when you have to manipulate, that is “hack” processes. The process’ context menu lists all the available functions. If you compare it to Process Explorer’s context menu (right hand), you have to admit that Process Hacker (left hand) has quite a few additional features to offer here (see screenshot). Most noteworthy are Reduce Working Set (empties the selected process working set), virtualization (virtualizes registry and system folder), Create Dump File (dumps the process’s memory contents), Inject DLLs, and Terminator.

Process_Hacker_Terminator2 The last feature deserves a more detailed explanation. You can terminate processes with Process Hacker the soft way (as in Process Explorer and Task Manager) by letting Windows send a terminate signal to the process. However, sometimes this doesn’t work, especially when the process hangs. The Terminator feature does something different, though. It uses a couple of uncommon techniques to get rid of a rebellious process. For example, it can terminate all the process’s threads, close the process’s handles, and terminate the process in kernel mode (see screenshot for a complete list).

The authors claim that the Terminator feature gives you full control over processes that are protected by rootkits and security software. They named a few applications that can’t be killed with Task Manager but can with Process Hacker. One of them is AVG, the antivirus software. I tried the Terminator with AVG, but Process Hacker failed to terminate the process under Vista. Perhaps AVG has modified their antivirus software in the meantime. By the way, to use the Terminator feature, you have to enable the kernel mode driver in the advanced options. And, of course, you must run Process Hacker as an administrator (elevated).

I haven’t covered all of Process Hacker’s features. If you try the tool, I recommend having a look at the (sparse) manual. The only real downside of Process Hacker is that it is relatively unstable. It crashed several times on my Vista box. It is interesting to note that I wasn’t able to kill the hanging Process Hacker process from a second instance of the tool. However, I am sure there are cases where Process Hacker succeeds in killing protected or hanging processes where Process Explorer fails. This is the main reason why I will keep Process Hacker in my toolbox. I would just be very careful if you run a it a server environment.

Subscribe to 4sysops newsletter!

Process Hacker ^

5 Comments
  1. Adam Ruth 13 years ago

    Thanks very much for this. I’m always looking for tools to get me more process info, and I haven’t heard of Process Hacker before.

    It really is comprehensive.

  2. Michael Pietroforte 13 years ago

    Yeah, I was surprised myself that I never heard before about Process Hacker. I guess there are still many other useful Windows admin tools out there to discover.

  3. RoninV 13 years ago

    I got a blurb, about the recent v1.5 release. It appears to be a very nice tool, and rivals PE in some respects. For what it does, I would prefer a portable app, and it’s my understanding that this cannot be made portable.

  4. Richard 11 years ago

    year plus later….

    process hacker is portable with a commandline option (to define where to store the settings).

    vesion 2 (using 2.09 as i write this) has been rock-solid on Win7x64 for me…

  5. RoninV 11 years ago

    Has been added to my toolkit, thx for the info.

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account